db95dfe38d
security: fix CVE 2022 46145 ( #4140 )
...
* add flow authentication requirement
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add website for cve
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* flows: handle FlowNonApplicableException without policy result
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-02 16:14:25 +01:00
1f7d52c5ce
blueprints: Support nested custom tags in `!Find` and `!Format` tags ( #4127 )
...
* Added support for nested tags to !Find and !Format
* Added tests
* Fix variable names
* Added docs
* Fixed small mistake in tests
* Fixed variable names
* Broke example into multiple lines
2022-12-01 16:10:26 +01:00
3251bdc220
events: improve handling creation of events with non-pickleable objects
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-01 15:56:28 +02:00
2a4daa5360
release: 2022.11.2
2022-12-01 10:41:29 +02:00
e1a6dede54
*: backport CVE-2022-46145 fix
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-01 10:41:26 +02:00
cf40e5047e
policies: don't log context when policy returns None
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-30 14:43:47 +02:00
d5329432fe
lib: fix uploaded files not being saved correctly, add tests
...
closes #4110 #4109 #4107
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-30 12:48:33 +02:00
5156aeee0f
policies/password: Always add generic message to failing zxcvbn check ( #4100 )
...
* Always add generic message to failing zxcvbn password policy
Depending on the settings, sometimes a password policy that checks a password with the zxcvbn tool can fail without any message.
For example:
```
$ echo 'Awdccdw1234' | zxcvbn | jq | grep "feedback" -A 5 -B 1
Password:
"score": 3,
"feedback": {
"warning": "",
"suggestions": []
}
}
```
As seen above the tool does not produce any warnings or suggestions for the given password, but if the password policy is set to have a zxcvbn threshold of 3, the policy will silently fail without communicating the reason to the user.
There are two ways to handle this:
1. Always add a generic "password is too weak" message when the policy fails.
2. Check if there are any suggestions or warnings from the zxcvbn tool and only add the generic message if not.
I personally prefer 1. This way the generic message will be shown whenever the policy fails, and will get combined with extra "tips" whenever zxcvbn has some.
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
* Update authentik/policies/password/models.py
Co-authored-by: Jens L. <jens@beryju.org>
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
* Added test case
* fix black formatting
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: Jens L. <jens@beryju.org>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-30 07:58:16 +00:00
e22fce02f8
stages/authenticator_validate: improve validation for not_configured_action
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-28 10:52:51 +01:00
e2bd96c5de
stages/authenticator_validate: fix validation to ensure configuration stage is set
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-25 21:37:52 +01:00
f8ef2b666f
events: fix incorrect EventAction being used
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-25 11:53:05 +01:00
a9909fcf6d
providers/oauth2: set amr values based on login event
...
closes #4070
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-25 11:21:59 +01:00
1fa9b3a996
providers/saml: set AuthnContextClassRef based on login event
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#4070
2022-11-25 11:21:45 +01:00
5019346ab6
events: save login event in session after login
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#4070
2022-11-25 11:21:00 +01:00
f22f1ebcde
stages/authenticator_validate: save used mfa devices in login event
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-25 10:47:49 +01:00
1c2cdfe06a
web/flows: improve error messages for failed duo push
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-24 13:42:13 +01:00
d0308a8239
stages/authenticator_validate: log duo error
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-24 11:36:43 +01:00
6843c8389b
stages/authenticator_duo: fix imported duo devices not being confirmed
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-24 11:36:34 +01:00
3a13d19695
release: 2022.11.1
2022-11-22 21:42:10 +01:00
ed7bef9dbf
blueprints: open fixtures in read only mode
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-22 21:39:30 +01:00
b9fdb63a57
core: fix lint
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-22 21:02:18 +01:00
5262d89505
core: fix tab-complete in shell
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-22 20:30:00 +01:00
ab3d47c437
blueprints: add desired state attribute to objects ( #4061 )
...
* add state attribute to delete objects
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tests, move yaml from block to files
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add state to docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* only try to format
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-22 14:27:20 +01:00
14cd52686d
stages/email: add test for email translation
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#3885
2022-11-22 14:14:42 +01:00
1a39754fe9
*: don't return values in test suites
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-22 11:38:34 +01:00
5b8223808e
Merge branch 'version-2022.11'
2022-11-21 22:14:33 +01:00
14f341f504
web/admin: fix error when importing duo devices
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-21 21:36:10 +01:00
20c1770ec4
release: 2022.11.0
2022-11-21 20:12:02 +01:00
a2e512c36c
stages/authenticator_validate: add flag to configure user_verification for webauthn devices
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-21 17:52:37 +01:00
3c2da8138d
stages/invitation: directly delete invitation now that flow plan is saved in email token
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-21 14:55:49 +01:00
426f0bc9dd
events: deepcopy event kwargs to prevent objects being removed, remove workaround
...
closes #4041
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-21 12:31:17 +01:00
cc3ab141e5
policies: only cache policies for authenticated users
...
closes #4033
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-18 21:06:53 +01:00
c158ef80db
*: fix remaining old cache keys
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-18 16:18:32 +01:00
9f5fb692ba
sources: add custom icon support ( #4022 )
...
* add source icon
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add to oauth form
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add to other browser sources
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add migration, return icon in UI challenges
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* deduplicate file upload
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-16 14:10:10 +01:00
d67ec1b62f
lib: fix complex objects being included in event context for ak_create_event
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-15 16:51:02 +01:00
e5241ac574
core: fix error when propertymappings return complex value
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-15 16:28:15 +01:00
276af8457d
root: make sentry DSN configurable ( #4016 )
...
* make sentry DSN configurable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* make proxy smarter
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix typo in config struct
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-15 16:05:29 +01:00
55aa1897af
root: use single redis db ( #4009 )
...
* use single redis db
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup prefixes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* ensure __str__ always returns string
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix remaining old prefixes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-15 14:31:29 +01:00
9f269faf53
stages/authenticator_*: cleanup
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-15 13:46:00 +01:00
9bde7ef59e
Revert "stages/authenticator_*: directly save devices into db instead of session to prevent race conditions"
...
closes #4008
This reverts commit 538c2ca4d3
2022-11-15 11:35:53 +01:00
88594075b2
policies/password: merge hibp add zxcvbn ( #4001 )
...
* initial zxcvbn
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add api and port tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* more tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add ui
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add api diff
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-14 14:42:43 +01:00
ffe6f65af5
outposts/kubernetes: ingress class ( #4002 )
...
* add support for ingressClassName
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add option to disable ssl verification for k8s controller
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update website
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-14 14:24:11 +01:00
4095c422df
core: bump python from 3.10.7-slim-bullseye to 3.11.0-slim-bullseye ( #3864 )
...
* core: bump python from 3.10.7-slim-bullseye to 3.11.0-slim-bullseye
Bumps python from 3.10.7-slim-bullseye to 3.11.0-slim-bullseye.
---
updated-dependencies:
- dependency-name: python
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* bump project
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* bump deps
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* bump ci to 3.11
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix formatting
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-13 14:20:55 +01:00
5d8dd9cf3f
blueprints: Fixed bug causing blueprint instance context be discarded ( #3990 )
...
Fixed bug causing blueprint instance context be discarded when applying a blueprint.
2022-11-12 13:23:33 +01:00
3306003f0e
providers/oauth2: fix inconsistent expiry encoded in JWT
...
- access token validity is used for JWTs issues in implicit flows
- general cleanup of how times are set
closes #2581
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-10 20:23:24 +01:00
85c790728f
core: simplify group serializer for user API endpoint ( #3899 )
...
* core/api: Adding simple group serializer to improve user retrieval performance
Due to the exhaustive use of the user_obj the performance suffers
greatly if the users are assigned to large groups. This simple fix adds
a new serializer that does not expose the user_obj within a group.
* core/api: Update schema
Update to the schema based on the new SimpleGroupSerializer
* core/api: Fix black and pylint
* make naming consistent, remove unnecessary fields
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-09 11:19:40 +01:00
47132faffb
root: relicense and launch blog post
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-03 16:00:00 +01:00
cd0d898a4b
events: sanitize generator for json safety
...
closes #3903
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-31 20:30:11 +01:00
400751ed3c
api: fix missing scheme in securitySchemes
...
closes #3883
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-29 18:50:34 +02:00
f3a72761c0
release: 2022.10.1
2022-10-29 17:24:55 +02:00
841c13ed77
core: set prehydrated locale based on active backend locale
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-28 19:43:24 +02:00
30d708dd1f
core: explicitly enable locales ( #3889 )
...
* activate locales
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* set locale for email templates
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-28 19:42:49 +02:00
9d0a7578ec
flows: fix error due to not validating error challenge
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-27 20:04:00 +02:00
f8fab14e1e
core: refactor MessageStage to not use dynamic class
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-26 20:01:42 +02:00
6b35d0c70b
core: check if session is authenticated before showing linked message
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-26 00:30:42 +02:00
dd65862bf2
core: show success message when authenticating/enrolling after flow is finished
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-25 22:46:15 +02:00
6ea57921f2
sources/saml: set username field to name_id attribute
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-24 21:53:37 +02:00
b0d4f035f1
blueprints: fix error when cleaning up unset attribute
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-21 22:12:59 +02:00
661d2ec701
Merge branch 'version-2022.10'
2022-10-21 22:11:04 +02:00
3f570bb96d
blueprints: improve error handling
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-21 20:18:02 +02:00
89dc46a7ff
release: 2022.10.0
2022-10-21 19:42:38 +02:00
a1ce8100e9
stages/identification: log invalid_login similar to event for easier log parsing
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#3715
2022-10-20 19:31:22 +02:00
13d975a258
flows: fix error when opening inspector with no history
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-20 19:30:56 +02:00
782fec0eb9
flows: use stripped down flow serializer for flow_set to optimise loading time
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-20 09:56:08 +02:00
cfad472e1b
flows: optimise queries ( #3818 )
...
* flows: optimise flow queries
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* index source on slug and name
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* binding index
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add policy parent index
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix migrations
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup old migrations
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add release note to upgrade
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-19 22:53:07 +02:00
6882445937
*: handle PermissionError when saving files, ensure permission bits are set correctly
...
closes #3817
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-19 20:24:28 +02:00
9e3bf94547
flows: optimise flow API loading speed
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-19 10:29:06 +02:00
b06a3a8f9f
admin: add authorisations metric ( #3811 )
...
add authorizations metric
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-19 00:06:45 +02:00
167695d4b1
core: bump channels from 3.0.5 to 4.0.0 ( #3799 )
...
* core: bump channels from 3.0.5 to 4.0.0
Bumps [channels](https://github.com/django/channels ) from 3.0.5 to 4.0.0.
- [Release notes](https://github.com/django/channels/releases )
- [Changelog](https://github.com/django/channels/blob/main/CHANGELOG.txt )
- [Commits](https://github.com/django/channels/compare/3.0.5...4.0.0 )
---
updated-dependencies:
- dependency-name: channels
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* add daphne
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-18 22:34:27 +02:00
3e1490dcac
providers/saml: don't attempt verification of SAML request when no verification certificate is configured
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-18 22:26:04 +02:00
6bff6a2a1a
core: fallback to empty user object for PropertyMappingEvaluator
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-18 22:03:26 +02:00
0efee2a660
flows: improved import ( #3807 )
...
* return logs when importing flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* improve error handling, show logs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-18 22:01:42 +02:00
b85be12567
providers/oauth2: fix issues with es256 and add tests ( #3808 )
...
fix issues with es256 and add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-18 22:01:29 +02:00
96a30af0eb
sources/oauth: allow overriding of all scopes
...
closes #3747
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-16 21:21:43 +02:00
76531589dd
core: fix title in generic error template
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-16 13:55:22 +02:00
2112b5b26b
root: add global fallback throttle
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-15 23:51:36 +02:00
a3cc844e25
crypto: fix cert_expiry not having the correct format
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-15 23:32:02 +02:00
53aef73f58
flows: optimise queries for flow and stage API endpoints
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-15 11:54:31 +02:00
363872715d
sources/saml: revamp SAML Source ( #3785 )
...
* update saml source to use user connections, add all attributes to flow context
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* check for SAML Status in response, add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* package apple icon
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add webui for connections
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-14 17:04:47 +02:00
79e8b72569
flows: always show flow inspector in debug mode, don't require admin in debug ( #3786 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-14 15:44:59 +02:00
74a0e27a8c
blueprints: fix error when exporting objects with lazily translated strings
...
closes #3482
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-14 14:31:44 +02:00
0ca1368dcc
sources/saml: improve error handling for missing assertion and missing subject
...
closes #3784
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-14 13:56:39 +02:00
2980c5884f
root: Add setting to adjust database config for pgbouncer ( #3769 )
...
* Add setting to adjust database config for pgbouncer
* docker-compose.yml cleanup
Delete pgbouncer setting as false is the default value
* Cleanup docker-compose.yml
Also remove use_pgbouncer option in server section
2022-10-14 11:53:24 +02:00
217e145d23
stages/authenticator_sms: make sms stage payload customisable ( #3780 )
...
* make sms stage payload customisable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update phrasing for webhook mapping
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-14 11:53:01 +02:00
e5e6c33b2d
providers/oauth2: fix expires_in not being an int
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-11 14:25:30 +03:00
8ed2f7fe9e
providers/oauth2: add device flow ( #3334 )
...
* start device flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web: fix inconsistent app filtering
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tenant device code flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add throttling to device code view
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* somewhat unrelated changes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add initial device code entry flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add finish stage
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* it works
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add support for verification_uri_complete
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add some tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add more tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-11 12:42:10 +02:00
00a6c2a40b
sources/oauth: improve error messages
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-10 13:28:25 +03:00
239092b872
core: fix messages not being shown when no client is connected
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-10 13:27:41 +03:00
34d520a3fb
core: bump channels-redis from 3.4.1 to 4.0.0 ( #3752 )
2022-10-10 11:26:49 +02:00
3ecc715e91
sources/oauth: add Twitch OAuth source ( #3746 )
...
* sources/oauth: add Twitch OAuth source
Signed-off-by: Lukas Vögl <lukas@voegl.org>
* website/integrations: add Twitch OAuth source documentation
Signed-off-by: Lukas Vögl <lukas@voegl.org>
Signed-off-by: Lukas Vögl <lukas@voegl.org>
2022-10-10 10:59:07 +02:00
9bbe8e6c57
providers/oauth2: save full IDToken to database, only use to_dict for encoding final token
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-08 15:06:17 +03:00
b2a658d091
providers/oauth2: remove c_hash and nonce claim if they're not set
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-07 17:07:33 +03:00
ce085a029d
providers/oauth2: exclude at_hash claim if not set instead of being null
...
closes #3739
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-07 10:10:53 +03:00
93e90f8f50
crypto: fix import_certificate checking private key as certificate
...
closes #3713
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-02 00:31:14 +02:00
44e4f2e561
crypto: make certificate parsing optional for crypto api ( #3711 )
2022-10-01 00:06:00 +02:00
cca0f60bda
root: decrease default token size to 60 chars for compatibility ( #3710 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2614
2022-09-30 23:12:51 +02:00
d8a98e71bd
outposts: fix indentation in generated SSH Config
2022-09-29 09:23:27 +00:00
7c0754000c
providers/oauth2: add all hardcoded claims to claims_supported list
...
closes #3702
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-29 10:27:46 +02:00
43a5aaa9df
stages/email: don't check that email templates exist on startup
...
#3692
this runs on both server and worker where only the worker needs to have the email templates
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-28 18:52:54 +02:00
cd1a36fec4
root: save email template directory in config
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-28 18:51:34 +02:00
df4200992c
outposts: remote docker ssh fixes ( #3691 )
...
* improve error logging for SSH connections
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* "fix" host key checking
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-28 12:10:40 +02:00
50819ae0f0
*: improve error handling in ldap outpost, ignore additional errors
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-23 22:11:47 +02:00
2cfba36cb7
release: 2022.9.0
2022-09-23 12:33:01 +02:00
81e820b6e6
flows: fix invalid graph generation
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-21 10:53:29 +02:00
b16a3d5697
internal: use config system for workers/threads, document the settings ( #3626 )
...
use config system for workers/threads, document the settings
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-21 09:59:03 +02:00
1583d53e54
web: use mermaidjs ( #3623 )
...
* flows: move flow diagram logic to separate file
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* idk
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* make web component work
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* remove subgraph for now
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add denied connection
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* wrong list
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use custom styles
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* i18n
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix typing issues, make diagram centered
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix lint
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-21 09:58:23 +02:00
2bd10dbdee
tests: use create_test_flow where possible ( #3606 )
...
* use create_test_flow where possible
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix and add more tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* remove unused websocket stuff
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* Revert "remove unused websocket stuff"
This reverts commit fc05f80951
2022-09-17 13:16:53 +02:00
be64296494
stages/authenticator_duo: improved import ( #3601 )
...
* prepare for duo admin integration
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* make duo import params required
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add UI to import devices
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* rework form, automatic import
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* limit amount of concurrent tasks on worker
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* load tasks
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix API codes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix tests and such
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* sigh
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* make stage better
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* basic stage test
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-17 12:10:47 +02:00
4a91a7d2e2
web: re-organise frontend and cleanup common code ( #3572 )
...
* fix repo in api client
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web: re-organise files to match their interface
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* core: include version in script tags
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup maybe broken
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* revert rename
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web: get rid of Client.ts
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* move more to common
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* more moving
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* format
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* unfuck files that vscode fucked, thanks
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* move more
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* finish moving (maybe)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* ok more moving
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix more stuff that vs code destroyed
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* get rid "web" prefix for virtual package
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix locales
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use custom base element
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix css file
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* don't run autoDetectLanguage when importing locale
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix circular dependencies
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web: fix build
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-15 00:05:21 +02:00
9f5c019daa
core: add helper function to create events from expressions, move ak_user_has_authenticator to base evaluator
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-14 21:52:41 +02:00
84c08dca41
stages/user_write: log discarded keys as warning
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-14 20:21:37 +02:00
6b8b596c92
stages/identification: set primary_action based on flow designation
...
closes #3589
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-14 10:30:49 +02:00
359da6db81
Revert "flows: always mark component field as required in Challenge and ChallengeResponses"
...
This reverts commit b35b225453
2022-09-11 23:13:51 +02:00
7f8afad528
*: fix API Schema generation warnings
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-11 23:08:31 +02:00
b35b225453
flows: always mark component field as required in Challenge and ChallengeResponses
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-11 23:01:59 +02:00
0ff2ac7dc2
api: fix schema not referencing errors correctly
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-11 23:01:26 +02:00
8b4a7666f0
stages/authenticator_duo: fix 404 when current user does not have permissions to view stage
...
closes #3288
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-11 21:43:29 +02:00
ae9dbf3014
blueprints: fix error caused by overriding rest_framework's instance attribute
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-10 14:34:43 +02:00
4c4d87d3bd
blueprints: validate instance before creating in metaapplyblueprint
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-10 13:58:54 +02:00
a407334d3b
providers/oauth2: use @method_decorator instead of decorating in urls
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-10 13:26:17 +02:00
5026cebf02
stages/consent: default to expiring consent instead of always_require
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-10 13:25:28 +02:00
2e2ab55f9e
*: cleanup stray print calls
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-10 13:24:53 +02:00
28835fbca7
root: re-use custom log helper from config and cleanup duplicate functions
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-10 13:24:31 +02:00
aabb8af486
tenants: handle all errors in default_locale
...
closes #3457
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-10 00:56:12 +02:00
7517d612d0
providers/oauth2: add x5c ( #3556 )
...
* add x5c, x5t and x5t#S256
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* strip trailing = to fix encoding issues
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-08 23:30:05 +02:00
62f93c83d4
ci: update pyright ( #3546 )
2022-09-07 00:23:25 +02:00
03a3f1bd6f
crypto: add command to import certificates
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#3544
2022-09-06 19:39:10 +02:00
60266b3345
flows: migrate FlowExecutor error handler to native challenge instead of shell
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-06 18:48:15 +02:00
2a4679e390
flows: fix incorrect diagram for policies bound to flows
...
closes #3534
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-06 10:24:13 +02:00
eed958b132
stages/authenticator_duo: fix schema not declaring request body correctly
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-05 22:00:02 +02:00
12c318f0b1
sources/ldap: start_tls before binding but without reading server info
...
with read_server_info=True (default), this errors out on active directory
closes #3509 #1049
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-04 14:04:08 +02:00
f68ed3562e
core: fix custom favicon not being set correctly on load
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-04 00:24:51 +02:00
f2f22719f8
core: improve error template ( #3521 )
2022-09-03 19:46:37 +02:00
242423cf3c
internal: remove sentryhttp from main server mux to prevent double traces
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-03 16:41:47 +02:00
d9775f2822
blueprints: don't export events by default and exclude anonymous user
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-31 23:32:02 +02:00
398eb23d31
blueprint: fix EntryInvalidError not being handled in tasks
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-31 23:08:38 +02:00
abca435337
blueprints: OCI registry support ( #3500 )
...
* blueprints: add ability to load blueprints via OCI
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix inheritance check for meta models
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add oci tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-30 14:08:26 +02:00
54ba3e9616
blueprints: add meta model to apply blueprint within blueprint for dependencies ( #3486 )
...
* add meta model to apply blueprint within blueprint for dependencies
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use custom registry
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix again
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* move ManagedAppConfig to apps.py
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* rename manager to registry
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* ci: use full tag in comment
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-29 21:20:58 +02:00
d3466ceef8
blueprints: use correct log level when re-logging import validation logs
...
closes #3483
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-28 16:07:48 +02:00
5886688fae
core: make request in context optional for Applications API
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#3482
2022-08-28 15:59:34 +02:00
c3c8cbf7ef
events: save event to test notification transport
...
closes #3485
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-28 15:39:42 +02:00
83eaac375d
sources/oauth: use GitHub's dedicated email API when no public email address is configured
...
closes #3472
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-26 21:21:41 +02:00
3eb3a9eab9
*: remove remaining default creation code in squashed migrations
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-24 23:02:34 +02:00
a099b21671
lib: reset settings when error is raised in patch
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-23 21:21:28 +02:00
b9294fd9ad
blueprints: fix unbound error
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-23 21:15:48 +02:00
13a302cdad
sources/oauth: use UPN for username with azure AD source
...
closes #3468
breaking
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-23 20:55:25 +02:00
e994a01e80
blueprints: handle blueprints without metadata
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-23 20:54:56 +02:00
d49431cfc7
events: reset task info when not saving on success
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-23 19:22:14 +02:00
ce2ce38b59
blueprints: improve error messages
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-23 19:21:57 +02:00
2af4f28239
stages/invitation: don't use uuid.hex
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-23 19:14:46 +02:00
1419910b29
blueprints: fix duplicate tasks
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-23 19:14:30 +02:00
649835cc61
events: fix MonitoredTasks' save_on_success not behaving as expected
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-23 19:13:41 +02:00
917c4ae835
ci: fix typos
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-23 18:49:23 +02:00
ca2fce8be2
blueprints: always set metadata when attempting to apply
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-23 18:48:01 +02:00
15c34c6f1f
release: 2022.8.2
2022-08-19 15:59:53 +01:00
0ab8f4eed7
blueprints: add required password stage backends
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-19 15:59:41 +01:00
810c04bacf
blueprints: don't suggest models not inheriting serializermodel in schema
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-19 11:26:15 +01:00
0cc83c23c4
providers/proxy: fix duplicate proxy set default
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-18 21:13:45 +01:00
fdb8fb4b4c
providers/oauth2: fix oauth2 requests being logged as unauthenticated
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-18 20:26:12 +02:00
9d58407e25
blueprints: remove _state from exporter blueprints
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-18 19:25:02 +02:00
f4441c9fcf
providers/proxy: trigger proxy set_defaults task on startup
...
closes #3445
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-18 17:42:27 +02:00
0e9762072a
blueprints: keep more modular state
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-18 17:42:27 +02:00
0cfffa28ad
blueprints: fix exporter not ignoring non-SerializerModel objects
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-18 17:42:27 +02:00
1ad4c8fc29
outposts: fix log level
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-18 17:42:27 +02:00
fb5eb7b868
sources/oauth: fix missing doseq param for updating URL query string
...
closes #3374
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-18 14:34:20 +02:00
198c940a80
core: fix pre-hydrated config not being escaped properly
...
closes #3442
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-18 13:53:22 +02:00
1adc6948b4
blueprints: allow for adding remote blueprints ( #3435 )
...
* allow blueprints to be fetched from HTTP URLs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* remove os.path
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add validation for blueprint path
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-17 23:00:47 +02:00
e87236b285
blueprints: add generic export next to flow exporter ( #3439 )
2022-08-17 17:57:59 +01:00
846b63a17b
*: remove some very verbose logging messages
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-17 13:36:56 +02:00
1281e842d1
events: fix false-y values being stripped
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-16 22:29:36 +02:00
f7601d9571
events: correctly handle lists for cleaning/sanitization
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-16 21:47:30 +02:00
4d9c9160e7
events: fix sanitize_dict not working on list items
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-16 21:37:24 +02:00
ad1f913e54
blueprints: add wrapper to get blueprints as dict
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-16 21:37:05 +02:00
3da0233c40
Revert "blueprints: fix issue in prod setups with encoding dataclasses via celery"
...
This reverts commit ff788edd9b
2022-08-16 21:21:47 +02:00
ff788edd9b
blueprints: fix issue in prod setups with encoding dataclasses via celery
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-16 20:59:36 +02:00
aea0958f3f
blueprints: add default status
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-16 17:51:22 +02:00
435d126a1c
release: 2022.8.1
2022-08-16 16:23:36 +02:00
e8b30b75d2
root: override blueprints_dir for testing
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-16 15:50:58 +02:00
e9c1276634
blueprints: use relative path in @apply_blueprint
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-16 14:20:45 +02:00
6000a33a8e
*: fix type annotations for serializer model
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-16 13:23:22 +02:00
4c9878313c
sources/oauth: correctly concatenate URLs to allow custom parameters to be included
...
closes #3374
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-08 21:17:32 +02:00
54c16129ea
stages/authenticator_duo: revamp duo enroll status API
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#3288
2022-08-08 20:38:06 +02:00
872c18dddc
blueprints: don't use example label, add more tags and tests for tags
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-07 19:27:03 +02:00
2fa6cf855d
stages/consent: simplify logic, correctly update existing consent
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-07 14:38:40 +02:00
3b86144ae5
stages/*: use stage-bound logger when possible
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-07 13:41:53 +02:00
f01f10c5e5
providers/oauth2: don't separate scopes by comma-space
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-07 13:15:12 +02:00
e1249d3760
providers/oauth2: fix scopes without descriptions not being saved in consent
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-07 13:02:47 +02:00
dcbf106daa
blueprints: add !Context to lookup things from instance context
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-06 20:54:00 +02:00
89fef0ae72
blueprints: docs ( #3376 )
...
* further blueprint cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* more
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* make group users and parent optional
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix api client usage
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-06 00:52:12 +02:00
85640d402f
internal: fix race conditions when accessing settings before bootstrap
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-06 00:24:55 +02:00
ec42d378ab
blueprints/cleanup ( #3369 )
2022-08-05 08:39:00 +02:00
2ce8e18bab
internal: centralise config for listeners to use same config system everywhere ( #3367 )
...
* centralise config for listeners to use same config system everywhere
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#3360
* add docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-03 21:33:27 +02:00
9a9c826c0b
core: bump django from 4.0.6 to 4.1 ( #3368 )
...
* core: bump django from 4.0.6 to 4.1
Bumps [django](https://github.com/django/django ) from 4.0.6 to 4.1.
- [Release notes](https://github.com/django/django/releases )
- [Commits](https://github.com/django/django/compare/4.0.6...4.1 )
---
updated-dependencies:
- dependency-name: django
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-03 15:33:58 +02:00
d1004e3798
blueprints: webui ( #3356 )
2022-08-03 00:05:49 +02:00
2bd29e2fdd
*: improve error handling for startup tasks
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-01 23:31:47 +02:00
3cd0a782af
blueprints: correctly load on fresh install
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-01 23:25:33 +02:00
a023eee9bf
blueprints: migrate from managed ( #3338 )
...
* test all bundled blueprints
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix empty title
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix default blueprints
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add script to generate dev config
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* migrate managed to blueprints
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add more to blueprint instance
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* migrated away from ObjectManager
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix lint errors
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* migrate things
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* migrate tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix some tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix a bit more
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix more tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* whops
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix missing name
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* *sigh*
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix more tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tasks
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* scheduled
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* run discovery on start
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* oops this test should stay
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-01 23:05:58 +02:00
7a05c6faef
stages/consent: fix error when requests with identical empty permissions
...
closes #3280
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-01 20:58:49 +02:00
553989d17f
flows/stages/consent: fix for post requests ( #3339 )
...
add unique token to consent stage to ensure it is shown
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-31 23:47:40 +02:00
89c84f10d0
blueprints: v1 ( #1573 )
...
* managed: move flowexporter to managed
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* *: implement SerializerModel in all models
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* managed: add initial api
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* managed: start blueprint
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* managed: spec
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* version blueprint
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* yep
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* remove v2, improve v1
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* start custom tag, more rebrand
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add default flows
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* move blueprints out of website
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* try new things
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add !lookup, fix web
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update and cleanup default
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix tags in lists
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* don't save field if its set to default value
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* more flow cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* format web
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix missing serializer for sms
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* ignore _set fields
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* remove custom file extension
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* migrate default flow to tenant
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* include blueprints
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-31 17:11:44 +02:00
882250a85e
flows: migrate flows to be yaml ( #3335 )
...
* flows: migrate flows to be yaml
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* migrate flows to yaml
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-30 23:55:58 +02:00
fcf4657833
providers/proxy: add is_superuser to ak_proxy object, only show full error when superuser
...
closes #3314
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-30 20:29:23 +02:00
393d7ec486
providers/proxy: no exposed urls ( #3151 )
...
* test any callback
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* dont detect callback in per-server handler
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use full redirect uri with both path and query param
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* correctly route to embedded outpost for callback signature
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix allowed redirects
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-30 17:51:01 +02:00
b7b5168910
sources/oauth: use mailcow full_name as username for mailcow source ( #3299 )
...
use mailcow full_name as username
2022-07-29 20:34:17 +00:00
1dcec17a58
sources/oauth: only send header authentication for OIDC source
...
closes #3327
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-29 18:20:44 +02:00
d6b1a22563
core: fix import order
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-29 00:18:42 +02:00
cada292e00
core: pre-hydrate config into templates to directly load correct assets
...
closes #3228
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-29 00:04:44 +02:00
83eba36f8d
core: add API Endpoint to get all MFA devices, add web ui to delete MFA devices of any user
...
closes #3237
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-28 23:50:25 +02:00
b82a142745
stages/authenticator_sms: use twilio SDK, improve docs
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#3237
2022-07-28 22:17:59 +02:00
2a42c203b2
stages/authenticator_totp: remove single device per user limit
...
closes #3281
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-28 21:39:46 +02:00
ade2d4879c
stages/authenticator_duo: fix imported Duo Device not having a name
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-28 21:20:32 +02:00
e14798dcdc
core: import all models into shell
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-28 21:19:04 +02:00
0248755cda
stages/authentiactor_validate: improve error handling for duo
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-28 21:11:58 +02:00
1f90359310
root: fix broken traceback logging
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-28 20:56:39 +02:00
008fc19f0d
root: fix log fields being overwritten in celery task logs
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-28 20:48:05 +02:00
277df4f04f
stages/prompt: fix tests for file field
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-27 09:48:11 +02:00
de26c65fa0
core: add attributes. avatar method to allow custom uploaded avatars
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2631
2022-07-26 21:42:41 +02:00
bd8794f646
core: bump structlog from 21.5.0 to 22.1.0 ( #3294 )
...
* core: bump structlog from 21.5.0 to 22.1.0
Bumps [structlog](https://github.com/hynek/structlog ) from 21.5.0 to 22.1.0.
- [Release notes](https://github.com/hynek/structlog/releases )
- [Changelog](https://github.com/hynek/structlog/blob/main/CHANGELOG.md )
- [Commits](https://github.com/hynek/structlog/compare/21.5.0...22.1.0 )
---
updated-dependencies:
- dependency-name: structlog
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* migrate threaedlocal to contextvars
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-23 22:40:56 +02:00
1880f98fa1
sources/oauth: fix typo
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-20 19:10:26 +02:00
dae6493a3e
release: 2022.7.3
2022-07-20 09:37:43 +02:00
f909b86338
stages/consent: fix permimssions for consent API (allow owner to delete)
2022-07-19 16:41:34 +00:00
327df6529b
sources/oauth: use oidc preferred_username if set, otherwise nickname
2022-07-19 16:41:10 +00:00
658dc63c4c
lifecycle: revert waiting for lock, launch managed reconcile on app import
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-19 12:06:57 +02:00
549f6f2077
providers/oauth2: correctly log authenticated user for OAuth views using protected_resource_view
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-18 22:20:09 +02:00
e9d9d658c4
lifecycle: make worker wait for migrations to be done ( #3254 )
...
* lifecycle: make worker wait for migrations to be done
* retry managed reconcile task
2022-07-15 19:44:45 +02:00
9a9ba2560b
core: delete expired models when filtering instead of excluding them
...
closes #3233
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-09 13:40:39 +02:00
47434cd62d
stages/prompt: try to base64 decode file, fallback to keeping value as-is
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-08 22:45:31 +02:00
ff500b44a6
stages/prompt: force required to false when using readonlyfield
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-08 22:38:37 +02:00
8e19fb3a8c
release: 2022.7.2
2022-07-06 20:31:48 +02:00
d497db3010
flows: fix OOB flow incorrectly setting pending user
...
closes #3224
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-06 09:51:20 +02:00
24f95fdeaa
tenants: fix tests for current tenant
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-05 23:47:49 +02:00
d1c4818724
policies: improve api test coverage
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-05 23:20:48 +02:00
49cce6a968
stages/prompt: add basic file field ( #3156 )
...
add basic file field
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-05 23:09:41 +02:00
0a73e7ac9f
tenants: add default_locale read only field, pre-hydrate in flows and read in autodetect as first choice
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-05 23:04:25 +02:00
3344af72c2
outposts: cleanup user handling
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-05 22:41:19 +02:00
f316a3000b
release: 2022.7.1
2022-07-04 21:10:20 +02:00
6a497b32f6
core: use Exception for fallback case in flow_manager
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-04 20:05:03 +02:00
4cd629b5fc
core: handle FlowNonApplicableException correctly in source flow_manager
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-03 22:03:03 +02:00
14a4047bdd
flows: show messages from ak_message when flow is denied
...
fallback to same generic message
closes #3197
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-03 21:36:13 +02:00
17d33f4b19
flows: denied action ( #3194 )
2022-07-02 17:37:57 +02:00
c39a5933e1
core: create FlowToken instead of regular token for generated recovery links ( #3193 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2749
2022-07-02 14:17:41 +02:00
5e3f44dd87
flows: add shortcut to redirect current flow ( #3192 )
2022-07-01 23:19:41 +02:00
1c64616ebd
sources/ldap: add configuration for LDAP Source ciphers
...
closes #3110
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-01 19:53:49 +02:00
23273f53cc
providers/oauth2: if no scopes are sent in authorize request, select all configured scopes
...
closes #3112
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-01 19:45:26 +02:00
d11ce0a86e
providers/proxy: set default scopes based on managed attribute
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-01 18:26:49 +02:00
766ceda57a
core: re-create anonymous user when repairing permissions
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-01 17:20:06 +02:00
e758c434ea
web: ignore module load errors
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-01 16:49:37 +02:00
90e3ae9457
*: define prometheus metrics in apps to prevent re-import
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-01 16:49:24 +02:00
56fd436e5d
web: fix redirect when accessing authentik URLs authenticated
...
closes #3174
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-30 23:04:39 +02:00
ea60c389be
providers/saml: include SSO Binding URLs in Provider API
...
closes #3179
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-30 22:18:21 +02:00
983882f5a0
providers/oauth2: ensure refresh tokens are URL safe
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#3185
2022-06-30 12:43:08 +02:00
c5a2831665
api: add basic jwt support with required scope ( #2624 )
...
* api: add basic jwt support with required scope
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* api: only set auth_via when actually authenticating via token
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* save consented permissions in user consent, re-prompt when new permissions are required
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update locale
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* translate special scope map
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* more api auth tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* build web api in e2e tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* link generated client instead of copying
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-26 17:51:15 +02:00
504338ea66
web/admin: application wizard (part 1) ( #2745 )
...
* initial
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* remove log
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* start oauth
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use form for all type wizard pages
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* more oauth
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* basic wizard actions
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* make resets work
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add hint in provider wizard
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* render correct icon in empty state in table page
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* improve empty state
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* more
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add more pages
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add group PK to service account creation response
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use wizard-level isValid prop
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* re-add old buttons
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-26 00:46:40 +02:00
f28509608b
core: mark session as modified instead of saving it directly to bump expiry
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-22 08:48:14 +02:00
6c9dc7a15b
providers/oauth2: fix OAuth form_post response mode for code response_type
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#3113
2022-06-20 21:52:36 +02:00
b6267fdf28
*: add versioned user agent to sentry
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-20 11:54:10 +02:00
1f0fc0a6a2
Merge branch 'version-2022.6'
2022-06-20 10:19:25 +02:00
9201fc1834
release: 2022.6.3
2022-06-19 22:01:06 +02:00
1faba11a57
providers/oauth2: add test to ensure capitalised redirect_uri isn't changed
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#3114
2022-06-19 21:37:20 +02:00
f0c72e8536
providers/oauth2: dont lowercase URL for token requests ( #3114 )
...
this was a leftover from before the migration regex checking for redirect URIs
closes #3076 and #3083
2022-06-19 21:37:17 +02:00
91f91b08e5
core: fix migrations when creating bootstrap token
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-19 21:37:14 +02:00
caed306346
providers/oauth2: if a redirect_uri cannot be parsed as regex, compare strict ( #3070 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-19 21:36:19 +02:00
59b899ddff
internal: skip tracing for go healthcheck and metrics endpoints
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-19 21:35:48 +02:00
85784f796c
root: ignore healthcheck routes in sentry tracing
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-19 21:35:46 +02:00
b42eb9464f
lifecycle: run bootstrap tasks inline when using automated install
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-19 21:35:33 +02:00
6559fdee15
stages/authenticator_validate: add webauthn tests ( #3069 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-19 21:35:23 +02:00
3455bf3d27
policies: consolidate log user and application
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-19 21:35:04 +02:00
0d96e68c1e
core: add limit of 20 to group recursion
...
closes #3116
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-19 21:24:57 +02:00
7caac1d0c7
providers/oauth2: add test to ensure capitalised redirect_uri isn't changed
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#3114
2022-06-18 13:13:36 +02:00
45364d6553
providers/oauth2: dont lowercase URL for token requests ( #3114 )
...
this was a leftover from before the migration regex checking for redirect URIs
closes #3076 and #3083
2022-06-18 13:08:15 +02:00
2298eb124f
core: fix migrations when creating bootstrap token
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-17 10:10:04 +02:00
e892ed14da
providers/oauth2: include source's user path in M2M created users
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-15 14:07:28 +02:00
1c62a3db6e
core: user paths ( #3085 )
...
* init
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add user_path_template
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add to sources and flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add outposts & api
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* dark theme for treeview
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add search
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add docs and tests for validation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add to user write stage
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add web ui
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web: improve error handling
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-15 12:12:26 +02:00
6821402fef
providers/oauth2: remove deprecated verification_keys ( #3071 )
...
remove verification_keys
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-11 19:48:07 +02:00
8dbb0bd2c6
providers/oauth2: token revoke ( #3077 )
2022-06-11 18:49:16 +02:00
0cad56ec73
providers/oauth2: if a redirect_uri cannot be parsed as regex, compare strict ( #3070 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-10 23:32:57 +02:00
bdf76bb4b7
internal: skip tracing for go healthcheck and metrics endpoints
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-10 22:21:11 +02:00
74ce9cc6fd
root: ignore healthcheck routes in sentry tracing
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-10 20:10:27 +02:00
5e2d647a6c
core: trigger bootstrap tasks in server if we're debugging
...
closes #3040
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-09 20:21:31 +02:00
7beebe030d
lifecycle: run bootstrap tasks inline when using automated install
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-09 20:09:55 +02:00
66f4a31b4c
stages/authenticator_validate: add webauthn tests ( #3069 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-08 20:50:48 +02:00
039d896dee
policies: consolidate log user and application
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-07 22:26:01 +02:00
ff2baf502b
release: 2022.6.2
2022-06-07 21:36:18 +02:00
23023ec727
providers/oauth2: add JWKS URL to OAuth2ProviderSetupURLs
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-07 20:17:06 +02:00
7d84a71a01
stages/authenticator_validate: fix double-negation of password-less check
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-07 09:52:10 +02:00
9add8479ca
stages/authenticator_validate: fix error in passwordless webauthn
...
closes #3050
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-06 13:50:11 +02:00
ca40d31dac
*: make user logging more consistent
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-05 18:50:44 +02:00
2dfa6c2c82
core: add setting to open application launch URL in a new browser tab ( #3037 )
...
* core: add setting to open application launch URL in a new browser tab
* core: fix failing applications unit tests
* core: fix formatting
* core: include models only generated when debug mode is enabled
2022-06-05 14:32:22 +02:00
c11435780d
sources/oauth: fix twitter client missing basic auth
...
closes #3038
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-05 14:21:32 +02:00
817d538b8f
core: add additional filters to source viewset
...
https://github.com/goauthentik/terraform-provider-authentik/issues/184
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-05 00:56:46 +02:00
210775776f
core: add slug to built-in source
...
https://github.com/goauthentik/terraform-provider-authentik/issues/184
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-05 00:50:10 +02:00
b26111fb42
events: fix error when attempting to create event with GeoIP City in context
...
closes #2709
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-05 00:16:07 +02:00
67d54c5209
release: 2022.6.1
2022-06-04 21:23:33 +02:00
fa04883ac1
events: use custom login failed signal, also send for mfa errors, add stage and more to context ( #3039 )
...
* use custom login failed signal, also send for mfa errors, add stage and more to context
closes #3027
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* include device class in event
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-04 15:30:56 +02:00
36cbc44ed6
migrate to main ( #3035 )
...
closes #3032
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-03 19:40:09 +02:00
0c591a50e3
*: don't dispatch tasks on startup of server ( #3033 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-03 18:29:24 +02:00
7ee655a318
core: add bootstrap variables with authentik prefix for helm charts ( #3031 )
...
https://github.com/goauthentik/helm/pull/72
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-03 15:22:56 +02:00
eba339ba27
core: improve loading speed of flow background
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-02 14:20:23 +02:00
558c7bba2a
lib: add lxml wrapper
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-02 13:25:24 +02:00
8cd1a42fb9
*: fix linting
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-02 11:50:10 +02:00
c0cb891078
stages/authenticator_sms: verify-only ( #3011 )
2022-06-01 23:16:28 +02:00
fc1c1a849a
stages/*: use bound logger ( #3012 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-01 23:01:58 +02:00
2c6d82593e
root: cleanup session keys to use common format ( #3003 )
...
cleanup session keys to use common format
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-31 21:53:23 +02:00
34bcc2df1a
root: disable session_save_every_request as it overwrites the session with old data
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2991
2022-05-31 20:46:27 +02:00
b4d528a789
policies: fix incorrect bound_to count
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-31 10:16:09 +02:00
a0397fdcf4
events: set default transport mode
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-30 21:32:48 +02:00
8faa1bf865
events: add local transport mode ( #2992 )
...
* events: add local transport mode
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add default local transport
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-30 20:55:05 +02:00
fc75867218
events: ignore session model
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-30 20:23:07 +02:00
3eb466ff4b
lifecycle: cleanup prometheus ( #2972 )
...
* remove high cardinality labels
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* retry worker number for prometheus multiprocess id
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* revert to pid, use subdirectories
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup more
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use worker id based off of https://github.com/benoitc/gunicorn/issues/1352
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix missing app label
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* tests/e2e: remove static names
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-29 21:45:25 +02:00
9f2529c886
stages/authentiactor_validate: cookies ( #2978 )
...
* stages/authenticator_validate: rewrite to use signed jwt cookie + expiry as MFA threshold
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add more tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add more tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-29 19:47:34 +02:00
fb25b28976
core: db sessions ( #2979 )
...
* use db session backend
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* root: wrap session cookie in JWT and add useful claims
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix compatibility with tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use standard session key for writing in sessions too
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-29 18:58:54 +02:00
fb69f67f47
*: cleanup vendor
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-28 21:26:33 +02:00
18b48684eb
providers/oauth2: add configuration error event when wrong redirect uri is used in token request
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-28 21:15:58 +02:00
098b0aef6e
*: use create_test_admin_user for all unittests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-28 21:13:16 +02:00
082df0ec51
Merge branch 'version-2022.5'
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
# Conflicts:
# authentik/providers/oauth2/views/token.py
# web/src/locales/zh-Hans.po
2022-05-28 13:19:58 +02:00
1883402b3d
release: 2022.5.3
2022-05-28 12:04:26 +02:00
1b3aacfa1d
providers/oauth2: add migration from "*" to ".*"
...
closes #2970
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-27 21:43:51 +02:00
2b68363452
providers/oauth2: add migration from "*" to ".*"
...
closes #2970
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-27 10:23:13 +02:00
6105956847
providers/oauth2: regex-escape URLs when set to blank
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-26 22:17:34 +02:00
4ff32af343
flows: fix flakiness in tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-26 22:17:03 +02:00
972868c15c
providers/oauth2: only set expiry on user when it was freshly created
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-26 22:16:55 +02:00
0bc57f571b
api: update API browser to match admin UI and auto-switch theme
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-26 22:16:34 +02:00
a81d5a3d41
providers/oauth2: regex-escape URLs when set to blank
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-26 12:52:56 +02:00
34ef4af799
flows: fix flakiness in tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-26 09:53:40 +02:00
5da47b69dd
providers/oauth2: only set expiry on user when it was freshly created
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-25 23:02:33 +02:00
0e0dd2437b
providers/oauth2: handle attribute errors when validation JWK contains private key
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-25 22:23:05 +02:00
e42386b150
api: update API browser to match admin UI and auto-switch theme
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-25 20:09:29 +02:00
ef219198d4
flows: fix lint
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-25 00:05:04 +02:00
cc744dc581
flows: fix lint
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-25 00:04:58 +02:00
816b0c7d83
flows: fix re-imports of entries with identical PK re-creating objects
...
closes #2941
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-24 23:35:06 +02:00
56babb2649
flows: fix re-imports of entries with identical PK re-creating objects
...
closes #2941
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-24 23:32:08 +02:00
b8fdda50ec
ensure all viewsets have filter and search and add tests ( #2946 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-24 22:13:59 +02:00
4a9b788703
providers/oauth2: set related_name for many-to-many so used by detects the connection
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-24 22:12:35 +02:00
80c1dbdfbb
ensure all viewsets have filter and search and add tests ( #2946 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-24 22:01:18 +02:00
b4e75218f5
sources/oauth: OIDC well-known and JWKS ( #2936 )
...
* add initial
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add provider
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* include source and jwk key id in event
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add more docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tests for source
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix web formatting
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add provider tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix lint error
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-24 21:02:50 +02:00
482491e93c
core: fix username validator not allowing changes that can be done via flows
...
closes #2755
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-24 19:40:54 +02:00
61a876b582
providers/saml: handle parse error
...
AUTHENTIK-1K5
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-23 22:03:12 +02:00
8c9748e4a0
providers/oauth2: improve error handling for invalid regular expressions
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-23 20:47:36 +02:00
b7979ad48e
Revert "events: ignore silk SQLQuery object"
...
This reverts commit a26f25ccd6
2022-05-23 20:29:05 +02:00
4704de937a
stages/user_write: fix typo in request context variable
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-23 20:18:37 +02:00
394d8e99a4
policies: improve error logging
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-23 20:18:00 +02:00
a26f25ccd6
events: ignore silk SQLQuery object
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-23 20:17:52 +02:00
63dc8fe7dc
crypto: set SAN in default generated Certificate to semi-random domain
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2462
2022-05-22 23:22:06 +02:00
cfe2648b62
events: fix transport not allowing blank values
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-22 19:32:58 +02:00
3d4a45c93f
release: 2022.5.2
2022-05-21 17:17:21 +02:00
75d6cd1674
outposts: ensure the user and token are created on initial outpost save
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-21 15:55:19 +02:00
2dee8034d3
outposts: allow externally managed SSH Config for outposts ( #2917 )
2022-05-21 12:10:08 +02:00
220d21c3e0
release: 2022.5.1
2022-05-20 19:34:45 +02:00
b43df2ae27
stages/identification: redirect with QS to keep next parameters ( #2909 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-20 16:10:10 +02:00
d570feffac
flows: add types to diagrams ( #2902 )
...
* add policy and stage types to diagram
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* show policies bound to the root flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix get_build_hash being empty
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-19 20:50:28 +02:00
3d52266773
flows: handle missing `initial_data` in challenge
...
AUTHENTIK-1HK
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-19 20:31:28 +02:00
7bdecd2ee6
stages/user_write: dynamic groups ( #2901 )
...
* stages/user_write: add dynamic groups
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* simplify functions
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-19 20:28:16 +02:00
11f7935155
providers/oauth2: use regex to check redirect URI
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2799
2022-05-18 21:22:27 +02:00
75b0fb3393
sources/oauth: migrate twitter to oauth2 ( #2893 )
2022-05-18 00:03:02 +02:00
538c2ca4d3
stages/authenticator_*: directly save devices into db instead of session to prevent race conditions
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-17 10:02:30 +02:00
5080840ed9
admin: ensure disable_update_check is set to false for tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-17 10:00:26 +02:00
333e58ce2f
flows/layouts ( #2867 )
2022-05-16 01:10:23 +02:00
4de2ac3248
events: add task to expire seen notifications
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 22:41:50 +02:00
eb4dce91c3
events: add user filter to notifications
...
as superuser all notifications are returned regardless of permission so we need to filter
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 22:31:13 +02:00
d4fd6153c8
api: fix OwnerFilter filtering out objects for superusers
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 21:36:00 +02:00
85b6bfbe5f
sources: fix parent serializer for user connections
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 21:26:02 +02:00
5644d5f3f7
stages/authenticator_totp: fix key error
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 19:57:00 +02:00
f391c33bdf
providers/oauth2: fix tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 12:41:40 +02:00
18f450bd49
root: enable sentry for tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 12:29:30 +02:00
ee36b7f3eb
flows: move autosubmit stage into flows package
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 12:06:19 +02:00
a9a62bbfc8
providers/oauth2: use correct title based on flow context and translated
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 00:08:29 +02:00
ddd785898b
providers/saml: add title attribute to autosubmit stage and render correctly
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 00:08:14 +02:00
8ba45a5f6a
providers/oauth2: don't create events before client_id can be verified to prevent spam
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 00:02:01 +02:00
7d41e6227b
providers/oauth2: add tests for form_post, fix attrs not being flattened
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-13 23:52:50 +02:00
1363226697
providers/saml: make SAML metadata generation consistent
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-13 17:40:18 +02:00
d4abf5621e
providers/oauth2: add support for form_post response mode ( #2818 )
...
* Added request verification and parameter generation
* response_mode added to OAuthAuthorizationParams return
* Added class OauthPostFulfillmentStage
Check response_mode in initialization
* Corrected typo
* Removed separate class
Added handling for FORM_POST in create_response_uri
Added handling for FORM_POST in return class
* Fixed pylint error (trailing-whitespace)
Removed comment
* Reformatted authorize.py with black
2022-05-12 21:36:31 +02:00
ec67b60219
policies/hibp: check in prompt data ( #2845 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-10 23:47:36 +02:00
fd1d38f844
stages/authenticator_validate: remember ( #2828 )
...
* initial
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web: cleanup timedelta help
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tooltip
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* assert response code in self.assertStageResponse
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add more tests, add duo
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-10 21:05:22 +02:00
3554406aa5
root: fix duplicate enum in api scheme
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-10 10:24:18 +02:00
ab2299ba1e
outposts/ldap: cached bind ( #2824 )
...
* initial cached ldap bind support
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add web
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* clean up api generation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use gh action for golangci-lint
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-08 16:48:53 +02:00
860269acf0
root: set SESSION_SAVE_EVERY_REQUEST to enable sliding sessions
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#1878
2022-05-07 22:32:56 +02:00
30c7e6c94c
providers/oauth2: fixed typo (PROMPT_CONSNET => PROMPT_CONSENT) ( #2819 )
2022-05-06 10:09:09 +02:00
59df02b3b8
root: disable stdout capturing for tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-05 23:08:36 +02:00
ddbe0aaf13
stages/user_delete: fix delete stage failing when pending user is not explicitly set
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-01 13:59:33 +02:00
84930b4924
Revert "internal: fix high cpu when backend isnt healthy"
...
This reverts commit eb6cfd22a71ede972222cd1d1b4402c0a883f76f
2022-04-29 18:13:26 +02:00
1ede972222
root: handle JSON error in metrics too
...
this can happen when the worker is killed while writing metrics
2022-04-29 11:01:04 +00:00
cd1d1b4402
root: don't force multiprocess prometheus registry
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-29 10:53:47 +02:00
c0a883f76f
root: add error handling for prometheus view
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-29 10:17:53 +02:00
ab8b37a899
events: fix ignored instances not being a tuple
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-25 11:19:58 +02:00
9077eff34d
root: add silk and debugging views
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-21 22:38:32 +02:00
2399fa456b
policies: fix current user not being set in server-side policy deny
...
closes #2039
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-21 22:30:27 +02:00
0b4ac54363
*: default to max 60 for fqdn_rand
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-20 20:07:25 +02:00
1a1434bfda
*: decrease frequency of background tasks, smear tasks based on name and fqdn
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2159
2022-04-20 18:43:40 +02:00
d283a5236c
core: add custom shell command which imports all models and creates events for model events
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-17 18:14:57 +02:00
e4486b98fc
web: Update Web API Client version ( #2733 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-17 17:05:43 +02:00
778065f468
core: add flag to globally disable impersonation
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-17 16:52:55 +02:00
70794d79dd
sources/oauth: Fix wording for OAuth source names ( #2732 )
2022-04-17 16:40:10 +02:00
a3bb5d89cc
events: fix created events only being logged as debug level
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-14 22:37:30 +02:00
f4f9f525d7
providers/oauth2: include application in login event
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-14 22:36:45 +02:00
4c14e88a25
flows: pin dependency in migration
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-14 22:28:26 +02:00
7561ea15de
providers/oauth2: add additional tracing to token view
2022-04-14 16:48:17 +00:00
8242b09394
flows: handle flow title formatting error better, add user to flow title context
2022-04-14 13:56:20 +00:00
9b9c0fe663
release: 2022.4.1
2022-04-12 22:07:34 +02:00
5a58f6ee64
providers/oauth2: remove test for non sa user
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-12 20:35:13 +02:00
e84b17d550
providers/oauth2: don't force service accounts for client_credentials flow
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-12 10:23:25 +02:00
Jens L
sdimovv
dependabot[bot]
Daniel
Philipp Kolberg
lvoegl
l-with
9p4
Frédérick Permantier
scheibling
github-actions[bot]
Behn