trustchain-oc1-orchestral/authentik
Archived
10
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
7400 commits 95 branches 330 tags 336 MiB
Commit graph

304 commits

Author SHA1 Message Date
Jens L c4e4e17f93
providers/oauth2: add access_code_validity (#795) 
closes #794

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-28 21:03:43 +02:00
Jens Langhammer 4d858c64e0 Merge branch 'master' into outpost-ldap 2021-04-27 17:08:26 +02:00
Jens Langhammer 48c0c0baca */api: simplify lookups for per-user 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-27 14:53:01 +02:00
Jens Langhammer fe28d216fe providers/oauth2: always test JWT keys in tests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-27 14:07:04 +02:00
Jens Langhammer 3ce8b836dc outposts: allow outposts to have non-object specific permissions 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-26 23:28:26 +02:00
Jens Langhammer 1d5958a78f providers/ldap: add search_group to limit who can do search requests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-26 23:25:03 +02:00
Jens Langhammer fae4d34131 Merge branch 'master' into outpost-ldap 2021-04-26 17:11:50 +02:00
Jens Langhammer 7ff7bfeb58 core: fix incorrect styling for bse_full template 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-26 16:44:13 +02:00
Jens Langhammer 29da7dd8d6 providers/ldap: fix lint error 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-26 15:49:19 +02:00
Jens Langhammer b3c8ffb96c outposts/ldap: use authorization_flow instead of separate field 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-26 15:09:41 +02:00
Jens Langhammer 302b047f1a outposts/ldap: add controllers 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-26 14:26:31 +02:00
Jens Langhammer d741ed430a web/admin: add UI for LDAP Provider 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-26 12:12:02 +02:00
Jens Langhammer f89479caf3 providers/ldap: add LDAP provider 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-26 11:52:42 +02:00
Jens Langhammer 9341787fe7 providers/oauth2: replace deprecated jwkest with pyjwt 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-26 00:02:13 +02:00
Jens Langhammer d616bdd5d6 providers/oauth2: add proper support for non-http schemes as redirect URIs 
closes #772

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-23 16:34:52 +02:00
Jens Langhammer 3282b34431 providers/oauth2: fix TokenView not having CORS headers set even with proper Origin 
and added tests. closes #771

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-22 23:48:28 +02:00
Jens Langhammer 392d9bb10b providers/oauth2: fix misleading name of cors_allow_any 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#771
 2021-04-22 23:29:49 +02:00
Jens Langhammer d75284a587 flows: fix errors which occur during flow execution being sent to sentry malformed 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-22 20:14:37 +02:00
Jens Langhammer ce082ead5e providers/oauth2: add unittests for authorize and token views 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-18 21:05:49 +02:00
Jens Langhammer f328b21e89 providers/oauth2: Set CORS Headers for token endpoint, check Origin header against redirect URLs 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-18 14:20:50 +02:00
Jens Langhammer 32c5bf04b8 *: fix linting errors 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-17 20:08:49 +02:00
Jens Langhammer ab4569e5d6 web/admin: fix application form's provider selection not working 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-11 13:49:35 +02:00
Jens Langhammer cb048764f4 providers/proxy: make outpost API readonly 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-11 13:31:15 +02:00
Jens Langhammer d76db3caba *: add missing error codes as swagger annotations 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-10 23:55:43 +02:00
Jens Langhammer eeb9449c11 lib: remove templatetags 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-03 12:37:32 +02:00
Jens Langhammer c17eb00e3b providers/oauth2: fix component for Scope 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-03 12:08:21 +02:00
Jens Langhammer 70fc4c0d88 sources/ldap: migrate to web 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-02 12:12:14 +02:00
Jens Langhammer ed2e9b88e7 Merge branch 'master' into new-forms-part-3 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-01 23:02:22 +02:00
Jens Langhammer 509f21a9b4 providers/oauth2: add validation and tests to API 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-01 20:43:18 +02:00
Jens Langhammer b299451cab providers/saml: fix metadata download not being unauthenticated 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-01 20:16:07 +02:00
Jens Langhammer 7e63a18d37 providers/saml: fix unittests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-01 20:05:50 +02:00
Jens Langhammer b4a6f8350b admin: remove provider views 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-01 19:28:30 +02:00
Jens Langhammer 5eb9b95ab5 providers/saml: migrate import to API, add API tests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-01 19:28:12 +02:00
Jens Langhammer d3f2f987e0 providers/saml: migrate saml property mappings to web 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-03-31 23:38:40 +02:00
Jens Langhammer 221e6190c8 sources/ldap: migrate property mappings to web 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-03-31 23:08:40 +02:00
Jens Langhammer 6a69425688 providers/oauth2: migrate scope mapping to web 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-03-31 23:07:57 +02:00
Jens Langhammer 69ee18e13d Merge branch 'master' into new-forms 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	Pipfile.lock
#	authentik/api/decorators.py
#	authentik/core/api/applications.py
#	authentik/core/api/users.py
#	authentik/events/api/event.py
#	authentik/events/api/notification_transport.py
#	authentik/flows/api/flows.py
#	swagger.yaml
 2021-03-30 10:26:18 +02:00
dependabot[bot] c180a521ec
build(deps-dev): bump pylint from 2.7.2 to 2.7.3 (#674) 
* build(deps-dev): bump pylint from 2.7.2 to 2.7.3

Bumps [pylint](https://github.com/PyCQA/pylint) from 2.7.2 to 2.7.3.
- [Release notes](https://github.com/PyCQA/pylint/releases)
- [Changelog](https://github.com/PyCQA/pylint/blob/master/ChangeLog)
- [Commits](https://github.com/PyCQA/pylint/compare/pylint-2.7.2...pylint-2.7.3)

Signed-off-by: dependabot[bot] <support@github.com>

* sources/saml: fix linting for SAMLBindingTypes.Redirect

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* sources/oauth: Fix linting for RequestKind

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: fix linting for ChallengeTypes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-03-30 10:05:14 +02:00
Jens Langhammer 7d74e1d2c4 *: revert to drf-yasg upstream 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-03-29 21:04:54 +02:00
Jens Langhammer 4612cea970 sources/saml: replace server-side pre-auth views for pre_auth flow 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-03-24 09:22:15 +01:00
Jens Langhammer 33787d0685 web: remove pf-c-card-aggregate 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-03-23 16:05:37 +01:00
Jens Langhammer 3157bf63a6 root: upgrade to pylint 2.7 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-03-22 20:03:33 +01:00
Jens L fe7f23238c
Static SPA (#648) 
* core: initial migration to /if

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: move jsi18n to api

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* tests: fix static URLs in tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: add new html files to rollup

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: fix rollup config and nginx config

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: add Impersonation support to user API

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: add banner for impersonation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* tests: fix test_user function for new User API

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: add background to API

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: set background from flow API

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: make root view login_required for redirect

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: redirect to root-redirect instead of if-admin direct

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* api: add header to prevent Authorization Basic prompt in browser

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: redirect to root when user/me request fails

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-03-22 13:44:17 +01:00
Jens Langhammer 43f19f78bb providers/oauth2: fix error when redirecting from an authorization error 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-03-20 22:06:45 +01:00
Jens Langhammer 3d45956f15 web: fix display of scopes 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-03-20 19:05:10 +01:00
Jens Langhammer 9ad10863de providers/oauth2: add API for auth codes and refresh tokens 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-03-18 15:59:38 +01:00
Jens L 2852fa3c5e
web: use generated API Client (#616) 
* api: fix types for config API

* api: remove broken swagger UI

* admin: re-fix system task enum

* events: make event optional

* events: fix Schema for notification transport test

* flows: use APIView for Flow Executor

* core: fix schema for Metrics APIs

* web: rewrite to use generated API client

* web: generate API Client in CI

* admin: use x_cord and y_cord to prevent yaml issues

* events: fix linting errors

* web: don't lint generated code

* core: fix fields not being required in TypeSerializer

* flows: fix missing permission_classes

* web: cleanup

* web: fix rendering of graph on Overview page

* web: cleanup imports

* core: fix missing background image filter

* flows: fix flows not advancing properly

* stages/*: fix warnings during get_challenge

* web: send Flow response as JSON instead of FormData

* web: fix styles for horizontal tabs

* web: add base chart class and custom chart for application view

* root: generate ts client for e2e tests

* web: don't attempt to connect to websocket in selenium tests

* web: fix UserTokenList not being included in the build

* web: fix styling for static token list

* web: fix CSRF Token missing

* stages/authenticator_static: fix error when disable static tokens

* core: fix display issue when updating user info

* web: fix Flow executor not showing spinner when redirecting
 2021-03-08 11:14:00 +01:00
Jens Langhammer c6de4e47d7 providers/oauth2: allow protected_resource_view when method is OPTIONS 2021-03-05 16:57:37 +01:00
Jens Langhammer de4b3d6290 providers/oauth2: always set CORS headers on provider info view 2021-03-05 14:27:16 +01:00
Jens Langhammer 792fa45dca providers/oauth2: add logout URL to Setup URLs API 2021-03-02 15:11:18 +01:00
Jens Langhammer a81f981471 lib: fix being unable to set authentik. options 2021-03-01 11:11:00 +01:00
Jens Langhammer d6fd2b0afa sources/saml: add Metadata API 2021-03-01 10:50:45 +01:00
Jens Langhammer 7f65ae3f92 Merge branch 'master' into stage-challenge 
# Conflicts:
#	web/package-lock.json
 2021-02-28 00:47:18 +01:00
Jens Langhammer 0958740b51 providers/saml: fix Autosubmit Challenge 2021-02-28 00:09:08 +01:00
Jens Langhammer d2dfc6d63b Merge branch 'master' into stage-challenge 2021-02-27 16:04:57 +01:00
Jens Langhammer a18240fcd7 providers/oauth2: fix error when no login event could be found 2021-02-27 16:02:07 +01:00
Jens Langhammer 890e0e9054 *: remove unused templates and code, move avatar to User model 2021-02-25 19:58:23 +01:00
Jens Langhammer ca223fa4df providers/saml: migrate to challenge for submit 2021-02-21 14:36:22 +01:00
Jens Langhammer b9f409d6d9 stages/consent: migrate to SPA 2021-02-21 13:15:45 +01:00
Jens Langhammer bdb86d7119 *: replace shortcuts.reverse with urls.reverse 2021-02-20 19:13:50 +01:00
Jens Langhammer e4f0613fab *: replace tuple and set from typing with normal 2021-02-18 13:53:57 +01:00
Jens Langhammer ecff810021 *: replace List from typing with normal list 2021-02-18 13:45:46 +01:00
Jens Langhammer fdde97cbbf *: replace Dict from typing with normal dict 2021-02-18 13:41:03 +01:00
Jens Langhammer 60c244c31d core: add User.uid for globally unique user ID 2021-02-16 23:04:48 +01:00
Jens Langhammer 68eefd083e web: fix linting errors 2021-02-16 22:35:55 +01:00
Jens Langhammer a647917074 providers/saml: use redirect binding first 2021-02-16 21:35:19 +01:00
Jens Langhammer 099197ba8c providers/saml: fix AuthnRequestsSigned and WantAssertionsSigned not loaded correctly 2021-02-16 21:30:15 +01:00
Jens Langhammer baa2ed5ecc web: fix download button for SAML Metadata download 2021-02-16 21:04:03 +01:00
Jens Langhammer 6bcdf36ca6 admin: add ?provider for ApplicationCreateView 2021-02-16 20:00:52 +01:00
Jens Langhammer 0b75a0028b providers/saml: fix error when getting metadata of provider with no application 2021-02-16 19:58:04 +01:00
Jens Langhammer 0901d7461e providers/saml: fix redirect error 2021-02-16 19:28:18 +01:00
Jens Langhammer 61772b75ff providers/saml: fix managed mappings not being set on import 2021-02-16 19:20:52 +01:00
Jens Langhammer 5ae030997a providers/saml: fix missing import 2021-02-15 09:25:22 +01:00
Jens Langhammer 35e8a0c374 admin: fix ?next for Flow list 2021-02-14 18:39:36 +01:00
Jens Langhammer bf754369d9 providers/proxy: fix certificates without key being selectable 2021-02-09 21:11:44 +01:00
Jens Langhammer efc46f52e6 outposts: move health to API 2021-02-08 19:01:10 +01:00
Jens Langhammer fe4b2d1a34 providers/oauth2: add authorized scopes to AUTHORIZE_APPLICATION event 2021-02-08 11:51:38 +01:00
Jens Langhammer f8abe3e210 providers/oauth2: add unofficial groups attribute to default profile claim 2021-02-08 11:50:26 +01:00
Jens Langhammer bfc8e9200f providers/saml: split views into separate files 2021-02-07 13:39:33 +01:00
Jens Langhammer 6aa13a8666 providers/saml: force-set friendly_name to empty string for managed mappings 2021-02-06 20:52:52 +01:00
Jens Langhammer 91282c7bd8 web: add page for Proxy Provider 2021-02-06 18:57:25 +01:00
Jens Langhammer 830b8bcd5b web: add page for OAuth2 Provider 2021-02-06 18:39:15 +01:00
Jens Langhammer 0f5e6d0d8c api: add dark theme for API Browser 2021-02-06 18:09:24 +01:00
Jens Langhammer 6aa6615608 web: add view page for SAML Provider 2021-02-06 18:07:13 +01:00
Jens Langhammer 91d6a3c8c7 providers/*: simplify provider API 2021-02-06 17:31:29 +01:00
Jens L a6ac82c492
*: rewrite managed objects, use nullable text flag instead of boolean as uid (#533) 2021-02-06 15:56:21 +00:00
Jens Langhammer ef70e93bbd Merge branch 'master' into ldap-groupOfNames 2021-02-05 14:52:39 +01:00
Jens Langhammer de2d8b2d85 providers/oauth2: pass application to configuration error event 2021-02-04 20:35:37 +01:00
Jens Langhammer 14dc420747 sources/ldap: rewrite group membership syncing 2021-02-04 20:06:42 +01:00
Jens Langhammer add20de8de providers/*: fix api linting issues 2021-02-04 10:27:55 +01:00
Jens Langhammer c7c387eb38 providers/*: add assigned application name and slug 2021-02-04 10:09:19 +01:00
Jens L e25d03d8f4
Managed objects (#519) 
* managed: add base manager and Ops

* core: use ManagedModel for Token and PropertyMapping

* providers/saml: implement managed objects for SAML Provider

* sources/ldap: migrate to managed

* providers/oauth2: migrate to managed

* providers/proxy: migrate to managed

* *: load .managed in apps

* managed: add reconcile task, run on startup

* providers/oauth2: fix import path for managed

* providers/saml: don't set FriendlyName when mapping is none

* *: use ObjectManager in tests to ensure objects exist

* ci: use vmImage ubuntu-latest

* providers/saml: add new mapping for username and user id

* tests: remove docker proxy

* tests/e2e: use updated attribute names

* docs: update SAML docs

* tests/e2e: fix remaining saml cases

* outposts: make tokens as managed

* *: make PropertyMapping SerializerModel

* web: add page for property-mappings

* web: add codemirror to common_styles because codemirror

* docs: fix member-of in nextcloud

* docs: nextcloud add admin

* web: fix refresh reloading data two times

* web: add loading lock to table to prevent double loads

* web: add ability to use null in QueryArgs (value will be skipped)

* web: add hide option to property mappings

* web: fix linting
 2021-02-03 21:18:31 +01:00
Jens Langhammer d8ae56ed19 providers/saml: fix imported provider not saving properties correctly 2021-01-30 12:33:27 +01:00
Jens Langhammer 2f3a086f29 docs: update veeam docs for group mapping 2021-01-28 23:34:51 +01:00
Jens Langhammer 239af7048a providers/saml: import SAML Provider with all autogenerated mappings 2021-01-28 23:32:36 +01:00
Jens Langhammer 5ef4354723 providers/saml: make NameID configurable using a Property Mapping 2021-01-28 22:50:13 +01:00
Jens Langhammer 66a8b52c7c providers/saml: update default OIDs for default property mappings 2021-01-28 22:44:44 +01:00
Jens Langhammer f4bb22138c providers/saml: add support for WindowsDomainQualifiedName, add docs for NameID 2021-01-28 22:00:40 +01:00
Jens Langhammer 2d2a404028 providers/oauth2: improve error handling and event creation 2021-01-16 18:27:10 +01:00
Jens Langhammer 6ed78830a0 providers/proxy: check ingress annotations we manage 2021-01-02 01:48:39 +01:00
Jens Langhammer 85c2db018e outposts: ensure field_manager is also used for updates 2021-01-02 00:52:42 +01:00
dependabot[bot] bc9e7e8b93
build(deps): bump structlog from 20.1.0 to 20.2.0 (#445) 
* build(deps): bump structlog from 20.1.0 to 20.2.0

Bumps [structlog](https://github.com/hynek/structlog) from 20.1.0 to 20.2.0.
- [Release notes](https://github.com/hynek/structlog/releases)
- [Changelog](https://github.com/hynek/structlog/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/hynek/structlog/compare/20.1.0...20.2.0)

Signed-off-by: dependabot[bot] <support@github.com>

* *: use structlog.stdlib instead of structlog for type-hints

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-01-01 15:39:43 +01:00
Jens Langhammer 2e69efe699 providers/saml: sign metadata when signing is enabled 2020-12-31 15:02:21 +01:00
Jens Langhammer 4fde1b7365 providers/saml: allow audience to be empty 2020-12-30 22:15:28 +01:00
Jens Langhammer 412f5b9210 providers/saml: fix signing and verification kp not being set correctly 2020-12-30 22:11:24 +01:00
Jens Langhammer a9e53cd52a providers/saml: fix string being passed to lxml 2020-12-30 22:03:01 +01:00
Jens Langhammer d0ee7908ab providers/saml: force user to select authz flow for import 2020-12-30 22:02:41 +01:00
Jens Langhammer e69834dec4 providers/saml: show error message why import failed 2020-12-30 22:02:28 +01:00
Jens Langhammer 765ae80698 providers/oauth2: fix error when creating RefreshToken 2020-12-29 21:22:49 +01:00
Jens Langhammer 22ce142cb8 outposts: include protocol in outpost deployment ports 2020-12-28 17:21:02 +01:00
Jens Langhammer 1a292feebb outposts: always check metadata on reconcile 2020-12-28 17:11:37 +01:00
Jens Langhammer 09f4d812b3 outposts: set field_manager 2020-12-28 17:11:33 +01:00
Jens Langhammer 0e1587bc1a providers/oauth2: don't write authorization code to event log 2020-12-28 01:07:18 +01:00
Jens Langhammer dc16a8a4c9 providers/proxy: set proxy-size for nginx for larger response 2020-12-28 00:45:58 +01:00
Jens L a6d0c8c26c
providers/saml: Metadata Import (#432) 
* providers/saml: add basic metadata parser

* providers/saml: add importer for Singing certificate, validate signature, add tests

* providers/saml: add provider name to form,

* web: don't use trailing slash for spa URLs

* providers/saml: formatting fixes

* sources/*: add verbose_name to source serializers

* admin: add button launch import modal
 2020-12-27 22:38:04 +01:00
Jens Langhammer e216efb6ec providers/oauth2: create access tokens as JWT 2020-12-27 19:36:17 +01:00
Jens Langhammer 378fe38b12 providers/oauth2: ensure response is URL fragment only when implicit or hybrid 2020-12-27 19:07:42 +01:00
Jens Langhammer ce9fb8801c providers/oauth2: ensure nonce is validated on all OIDC flows 2020-12-27 18:13:41 +01:00
Jens Langhammer 67ca83c228 providers/oauth2: add c_hash field 2020-12-27 18:13:13 +01:00
Jens Langhammer ee2e737782 providers/oauth2: remove response_type field as spec doesn't require validation 2020-12-27 18:12:47 +01:00
Jens Langhammer b04c9a2098 providers/oauth2: check redirect_uri before request object 2020-12-27 17:15:36 +01:00
Jens Langhammer e7c96eb70d providers/oauth2: Make AuthorizeError's state parameter requireed 2020-12-27 15:33:29 +01:00
Jens Langhammer e8debce9c8 providers/oauth2: fix infinite loops when prompt=login 2020-12-27 15:23:26 +01:00
Jens Langhammer bcd0686a33 providers/oauth2: redirect back correctly with state on AuthorizationError 2020-12-27 15:22:53 +01:00
Jens Langhammer 55322995a1 providers/oauth2: make iss field configurable 2020-12-27 15:02:12 +01:00
Jens Langhammer dff5eb69c8 providers/oauth2: fix token endpoint creating invalid token when no scopes are passed 2020-12-27 14:48:44 +01:00
Jens Langhammer b747022bc1 providers/oauth2: fix old id_token being sent when using token endpoint with grant_type=refresh_token 2020-12-27 14:33:51 +01:00
Jens Langhammer 885fcff495 providers/oauth2: add grant_types_supported to discovery endpoint 2020-12-27 14:17:40 +01:00
Jens Langhammer 5b18e28753 providers/oauth2: fix include_claims_in_id_token not being shown in form/API 2020-12-27 14:05:10 +01:00
Jens Langhammer 9848c5f3eb providers/oauth2: implement discovery's scopes_supported better 2020-12-27 13:36:14 +01:00
Jens Langhammer fc98c3934a providers/*: implement configuration_error 2020-12-27 13:15:31 +01:00
Jens Langhammer d17b2b0d1b providers/oauth2: add request_parameter_supported 2020-12-27 12:18:23 +01:00
Jens Langhammer f17d809219 providers/oauth2: add scopes_supported to discovery endpoint 2020-12-26 21:18:16 +01:00
Jens Langhammer 6c8e9fb553 providers/oauth2: add ACR support 2020-12-26 20:16:50 +01:00
Jens Langhammer 43bb29e16a providers/oauth2: implement max_age param 2020-12-26 20:05:31 +01:00
Jens Langhammer 29edbb0357 providers/oauth2: use auth_time from LOGIN event 2020-12-26 19:05:02 +01:00
Jens Langhammer 12ae867759 providers/oauth2: redirect back on prompt=none error instead of showing message 2020-12-26 18:58:18 +01:00
Jens Langhammer a20ca9136b providers/oauth2: use in for prompt check 2020-12-26 18:53:47 +01:00
Jens Langhammer 3759e96e7d providers/oauth2: ensure interaction_required is raised when prompt=none and user not logged in 2020-12-26 18:45:23 +01:00
Jens Langhammer e5e1e3737d providers/oauth2: fix query using user model not dict 2020-12-26 18:20:34 +01:00
Jens Langhammer 8dddcf891e providers/oauth2: fix "auth_time" being based on user.last_login 2020-12-26 18:11:29 +01:00
Jens Langhammer 319104c39b providers/oauth2: improve error handling, ensure correct message is shown to user 2020-12-26 17:50:16 +01:00
Jens L 79da2bf698
web: Table parity (#427) 
* core: fix application API always being sorted by name

* web: add sorting to tables

* web: add search to TablePage

* core: add search to applications API

* core: add MetaNameSerializer

* *: fix signature for non-modal serializers

* providers/*: implement MetaNameSerializer

* web: implement full app list page, use as default in sidebar

* web: fix linting errors

* admin: remove old application list

* web: fix default sorting for application list

* web: fix spacing for search element in toolbar
 2020-12-24 09:56:05 +01:00
Jens L a4dc6d13b5
events: rename audit to events and use for more metrics (#397) 
* events: rename audit to events

* policies/expression: log expression exceptions as event

* policies/expression: add ExpressionPolicy Model to event when possible

* lib/expressions: ensure syntax errors are logged too

* lib: fix lint error

* policies: add execution_logging field

* core: add property mapping tests

* policies/expression: add full test

* policies/expression: fix attribute name

* policies: add execution_logging

* web: fix imports

* root: update swagger

* policies: use dataclass instead of dict for types

* events: add support for dataclass as event param

* events: add special keys which are never cleaned

* policies: add tests for process, don't clean full cache

* admin: create event when new version is seen

* events: move utils to separate file

* admin: add tests for admin tasks

* events: add .set_user method to ensure users have correct attributes set

* core: add test for property_mapping errors with user and request
 2020-12-20 22:04:29 +01:00
Jens Langhammer 5f3ab22bea providers/oauth2: fix incorrect background set on end session screen 2020-12-19 14:24:28 +01:00
Jens Langhammer 3c12c8b3ff core: make Provider SerializerModel 2020-12-16 21:38:40 +01:00
Jens Langhammer e9bb583b32 providers/proxy: ensure pb_proxy is deleted and ak_proxy is created 2020-12-14 10:47:49 +01:00
Jens Langhammer f0f3245388 root: fix links to docs 2020-12-14 00:45:02 +01:00
Jens Langhammer ae1a8842db providers/oauth2: start adding tests for OAuthAuthorizationParams 2020-12-13 23:14:35 +01:00
Jens Langhammer d380194e13 */saml: test against SAML Schema 2020-12-13 19:53:16 +01:00
Jens Langhammer 32f5d5ba72 recovery: add test for invalid key 2020-12-13 18:46:36 +01:00
Jens Langhammer f056b026d6 lib: test edgecase for timedelta_from_string 2020-12-13 18:35:51 +01:00
dependabot[bot] 2caa1e7650
build(deps-dev): bump bandit from 1.6.2 to 1.6.3 (#371) 
* build(deps-dev): bump bandit from 1.6.2 to 1.6.3

Bumps [bandit](https://github.com/PyCQA/bandit) from 1.6.2 to 1.6.3.
- [Release notes](https://github.com/PyCQA/bandit/releases)
- [Commits](https://github.com/PyCQA/bandit/compare/1.6.2...1.6.3)

Signed-off-by: dependabot[bot] <support@github.com>

* root: update for new bandit version

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
 2020-12-07 11:21:07 +01:00
Jens L 1cfe1aff13
wip: rename to authentik (#361) 
* root: initial rename

* web: rename custom element prefix

* root: rename external functions with pb_ prefix

* root: fix formatting

* root: replace domain with goauthentik.io

* proxy: update path

* root: rename remaining prefixes

* flows: rename file extension

* root: pbadmin -> akadmin

* docs: fix image filenames

* lifecycle: ignore migration files

* ci: copy default config from current source before loading last tagged

* *: new sentry dsn

* tests: fix missing python3.9-dev package

* root: add additional migrations for service accounts created by outposts

* core: mark system-created service accounts with attribute

* policies/expression: fix pb_ replacement not working

* web: fix last linting errors, add lit-analyse

* policies/expressions: fix lint errors

* web: fix sidebar display on screens where not all items fit

* proxy: attempt to fix proxy pipeline

* proxy: use go env GOPATH to get gopath

* lib: fix user_default naming inconsistency

* docs: add upgrade docs

* docs: update screenshots to use authentik

* admin: fix create button on empty-state of outpost

* web: fix modal submit not refreshing SiteShell and Table

* web: fix height of app-card and height of generic icon

* web: fix rendering of subtext

* admin: fix version check error not being caught

* web: fix worker count not being shown

* docs: update screenshots

* root: new icon

* web: fix lint error

* admin: fix linting error

* root: migrate coverage config to pyproject
 2020-12-05 22:08:42 +01:00