80de3ee853
release: 2023.2.1
2023-02-14 18:52:36 +01:00
deb91bd12b
sources/ldap: add LDAP Debug endpoint
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-14 16:06:54 +01:00
81d70e5d41
release: 2023.2.0
2023-02-14 13:15:47 +01:00
ec42b597ab
providers/proxy: send token request internally, with overwritten host header ( #4675 )
...
* send token request internally, with overwritten host header
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-13 16:34:47 +01:00
925477b3a2
policies: raise sentry-ignored error for invalid PolicyEngine parameters
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-13 13:23:07 +01:00
cefc1a57ee
core: handle error when cleaning up sessions and cached session can't be loaded
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-13 13:22:34 +01:00
53b25d61f7
events: use colon as separator for task name and task UID
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-13 12:06:29 +01:00
1240ed6c6d
providers/oauth2: fix inconsistency in event client_credentials created events
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-13 11:17:03 +01:00
4f868c2ef2
events: dont log oauth temporary model creation
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-12 16:55:45 +01:00
b69e55eae9
core: Add support for auto generating unique avatars based on the user's initials ( #4663 )
2023-02-12 16:35:17 +01:00
c5870fcab2
core: fix missing uniqueness validator on user api
...
closes #4665
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-11 21:08:51 +01:00
8850446bc2
admin: fix schema generation warning
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-11 21:08:48 +01:00
10b9878f03
providers/saml: fix mismatched SAML SLO Urls ( #4655 )
...
* Fix SLO URL
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
* Fixed SAML SLO URLs
* Revert "Fix SLO URL"
This reverts commit 664051934b
2023-02-10 20:30:38 +01:00
8de92943ab
providers/saml: fix invalid SAML provider metadata, add schema tests
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-10 12:32:18 +01:00
af43330fd6
providers/oauth2: rework OAuth2 Provider ( #4652 )
...
* always treat flow as openid flow
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* improve issuer URL generation
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more refactoring
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update introspection
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more refinement
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* migrate more
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix more things, update api
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* regen migrations
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix a bunch of things
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start updating tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix implicit flow, auto set exp
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix timeozone not used correctly
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix revoke
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more timezone shenanigans
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix userinfo tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update web
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix proxy outpost
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix api tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix missing at_hash for implicit flows
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* re-include at_hash in implicit auth flow
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use folder context for outpost build
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-09 20:19:48 +01:00
1be792fbd8
policies/event_matcher: fix empty app label not being allowed, require at least 1 criteria
...
closes #4643
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-08 23:29:59 +01:00
ec9085ff06
providers/oauth2: don't use policy cache for token requests
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-07 23:53:50 +01:00
00a16bee76
web/elements: add dropdown css to DOM directly instead of including
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-05 23:32:54 +01:00
66aabcc371
providers/oauth2: fix token login event args not set correctly
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-05 00:45:54 +01:00
388367785d
*/saml: disable pretty_print, add signature tests
...
closes #4536
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-03 15:42:09 +01:00
798245b8db
providers/oauth2: optimise client credentials JWT database lookup ( #4606 )
2023-02-02 19:15:19 +01:00
f98b5b651b
admin: remove import
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-02 14:19:25 +01:00
2113029a14
admin: allow post to system info api endpoint for debugging
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-02 11:09:03 +01:00
c590cb86cf
core: bump pylint from 2.15.10 to 2.16.0 ( #4600 )
...
* core: bump pylint from 2.15.10 to 2.16.0
Bumps [pylint](https://github.com/PyCQA/pylint ) from 2.15.10 to 2.16.0.
- [Release notes](https://github.com/PyCQA/pylint/releases )
- [Commits](https://github.com/PyCQA/pylint/compare/v2.15.10...v2.16.0 )
---
updated-dependencies:
- dependency-name: pylint
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* fix lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-02-02 11:05:46 +01:00
dbf2bd5aba
blueprints: handle error when blueprint entry identifier field does not exist
...
closes #4588
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-01 19:45:36 +01:00
f2386f126e
core: fix inconsistent branding in end_session view
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
#4586
2023-02-01 19:40:59 +01:00
ffc97905f3
events: prevent error when request fails without response
...
closes #4589
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-01 19:40:02 +01:00
18cfe67719
core: bump black from 22.12.0 to 23.1.0 ( #4584 )
...
* core: bump black from 22.12.0 to 23.1.0
Bumps [black](https://github.com/psf/black ) from 22.12.0 to 23.1.0.
- [Release notes](https://github.com/psf/black/releases )
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md )
- [Commits](https://github.com/psf/black/compare/22.12.0...23.1.0 )
---
updated-dependencies:
- dependency-name: black
dependency-type: direct:development
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* re-format
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-02-01 11:31:32 +01:00
e5ba5d51fe
events: improve sanitising for tuples and sets
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-31 19:19:22 +01:00
eb60bba0d5
providers/oauth2: cast user.pk to string when using it for token 'sub' value ( #4570 )
2023-01-30 15:38:10 +00:00
c05d6b96a2
stages/prompt: set UUID to be a string ( #4563 )
2023-01-30 00:02:12 +01:00
72168fae29
providers/oauth2: add user id as "sub" mode
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-29 16:15:03 +01:00
96eeb91493
providers/oauth2: only set auth_time in ID token when a login event is stored in the session
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-29 16:00:19 +01:00
627e8a250e
tests: run e2e tests in random order ( #4550 )
...
* run e2e tests randomly
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix test_ldap_bind_search
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-27 23:57:53 +01:00
ecb1ce8135
core: fix token's set_key accessing data incorrectly
...
also add tests
closes #4551
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-27 23:57:35 +01:00
5631a99f00
stages/prompt: fallback to uuid for unique names
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-25 23:29:26 +01:00
36f8f8bae5
stages/prompt: fix mismatched name field in migration
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-25 14:46:40 +01:00
68058fb2ae
stages/authenticator_validate: fix error with passwordless webauthn login, improve tests
...
closes #4527
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-25 14:45:00 +01:00
53b65a9d1a
stages/prompt: field name ( #4497 )
...
* add prompt field name
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove numerical prefix
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix missing name
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use text field
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add description label
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add migrate blueprint to remove old stages
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add task to remove unretrievable blueprints
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix blueprint test paths
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* actually fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests even more
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix fixtures
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-24 12:23:22 +01:00
16076cc46f
outposts: fallback to ghcr
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-24 10:47:30 +01:00
b2d272bf6f
api: fix lint
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-23 20:19:03 +01:00
31ef6fb6a6
core: delete session when user is set to inactive
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-23 16:24:30 +01:00
c9c059a008
api: ensure user is active when authenticating
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-23 16:24:30 +01:00
9397598376
release: 2023.1.2
2023-01-23 14:25:55 +01:00
91ffe4e7f9
stages/user_write: fix migration setting wrong value, fix form
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-23 14:05:41 +01:00
430a207865
release: 2023.1.1
2023-01-23 11:34:58 +01:00
1ce2a1b846
stages/email: update tests
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-23 10:43:49 +01:00
4731ccfafe
stages/email: fix a typo in email template ( #4485 )
...
fix a typo in main content
Signed-off-by: Loan J <joliveau.loan@gmail.com>
Signed-off-by: Loan J <joliveau.loan@gmail.com>
2023-01-23 10:22:49 +01:00
c1b9b5c5e2
stages/authenticator_totp: url quote TOTP issuer instead of slugifying ( #4482 )
...
* Fix TOTP issuer mangling
* Fix OTP issuer mangling
* sort imports
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-01-22 16:37:47 +00:00
b288393cd4
stages/invitation: handle incorrectly formatted token
...
closes #4481
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-22 00:03:39 +01:00
5736a1542c
stages/authenticator_sms: fix code not being sent when phone_number is in context
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-19 20:19:23 +01:00
fc8fe5317a
stages: always use get_pending_user instead of getting context user
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-19 17:57:21 +01:00
c61529e4d4
sources/ldap: add e2e LDAP source tests ( #4462 )
...
* start adding more LDAP source tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* improve healthcheck
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* try local webdriver
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add full samba tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix locale types
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-19 15:03:56 +01:00
a302a72379
crypto: fallback when no SAN values are given
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-18 19:40:24 +01:00
e390f5b2d1
providers/oauth2: more x5c and ecdsa x/y tests ( #4463 )
...
* add option to exclude x5*
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
#4082
* cleanup jwks, add flaky test
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add workaround based on https://github.com/jpadilla/pyjwt/issues/709
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* don't rstrip hashes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* keycloak seems to strip equals
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-18 18:11:36 +00:00
60189ce9ca
add tests to prevent empty SAN
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-18 18:59:10 +01:00
fdc445e6a1
ensure we don't generate an empty SAN certificate
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-18 18:44:41 +01:00
49b6c71079
release: 2023.1.0
2023-01-18 15:49:45 +01:00
6e0c9acb34
events: exclude base models from model audit log
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-18 15:11:33 +01:00
23c69c456a
providers/proxy: add setting to intercept authorization header ( #4457 )
...
* add setting to intercept authorization header
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* rename to intercept_header_auth
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-17 18:56:48 +01:00
c73fce4f58
sources/ldap: manual import ( #4456 )
...
* events: fix task UID
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add ldap sync command
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-17 12:21:33 +01:00
9568f4dbd6
root: improve code style ( #4436 )
...
* cleanup pylint comments
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove more
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix url name
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* *: use ExtractHour instead of ExtractDay
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-15 17:02:31 +01:00
143309448e
policies: ensure user is set
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-14 20:24:46 +01:00
1f038ecee2
providers/oauth2: fallback to anonymous user for policy engine
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-14 20:22:06 +01:00
1b1f2ea72c
providers/oauth2: actually fix import order
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-14 19:58:24 +01:00
6e1a54753e
providers/oauth2: fix import order
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-14 19:56:12 +01:00
67d1f06c91
providers/oauth2: use guardian anonymous user to get claims for provider info
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-14 19:53:43 +01:00
d37de6bc00
policies: log full stacktrace
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-14 19:53:21 +01:00
cd12e177ea
providers/proxy: add initial header token auth ( #4421 )
...
* initial implementation
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* check for openid/profile claims
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* include jwks sources in proxy provider
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add web ui for jwks
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* only show sources with JWKS data configured
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix introspection tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start basic
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add basic auth
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add docs, update admonitions
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add client_id to api, add tab for auth
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update locale
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-13 16:22:03 +01:00
31c6ea9fda
providers/oauth2: don't allow spaces in scope_name
...
closes #4094
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-13 16:20:37 +01:00
20931ccc1d
providers/oauth2: correctly fill claims_supported based on selected scopes ( #4429 )
...
* providers/oauth2: correctly fill claims_supported based on selected scopes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add nonce claim
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-13 14:14:25 +01:00
36822c128c
admin: include task duration in API ( #4428 )
...
include task duration in API
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-13 13:21:49 +01:00
81e9f2d608
web/admin: fix overflow in aggregate cards
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-11 14:12:02 +01:00
67a6fa6399
events: rework metrics ( #4407 )
...
* rework metrics
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* change graphs to be over last week
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix Apps with most usage card
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-11 12:21:07 +01:00
1ed24a5eef
blueprints: internal storage ( #4397 )
...
* rework oci client
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add blueprint content
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make path optional
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add validation
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-10 22:00:34 +01:00
b555ccd549
sources/ldap: don't run membership sync if group sync is disabled
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
#4392
2023-01-09 17:19:50 +01:00
9445354b31
sources/ldap: only warn about missing groups when source is configured to sync groups
...
closes #4392
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-09 17:17:48 +01:00
a1be924fa4
*: strip leading and trailing whitespace when reading config values from files
...
also add a debug endpoint that dumps the go parsed config
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-09 15:29:22 +01:00
47aba4a996
crypto: prevent creation of duplicate self-signed default certs
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-06 16:51:07 +01:00
001869641d
web: ensure img tags have alt attributes
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-06 12:44:51 +01:00
bec538c543
sources/ldap: make task timeout adjustable
...
closes #4375
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-06 12:37:59 +01:00
c63ba3f378
blueprints: Fix resolve model_name in `!Find` tag ( #4371 )
...
Resolve model_name in !Find tag
2023-01-06 09:49:28 +01:00
53cab07a48
blueprints: Add `!Enumerate`, `!Value` and `!Index` tags ( #4338 )
...
* Added For and Item tags
* Removed Sequence node support from ForItem tag
* Added ForItemIndex tag
* Added support for iterating over mappings
* Added support for mapping output body
* Renamed tags: For to Enumerate, ForItem to Value, ForItemIndex to Index
* Refactored tests
* Formatting
* Improved exception info
* Improved error handing
* Added docs
* lint
* Small doc improvements
* Replaced deepcopy() call with call to copy()
* Fix mistake in docs example
* Fix missed "!" in example
2023-01-05 21:36:19 +01:00
a960ce9454
stages/user_write: add more user creation options ( #4367 )
...
* add more user creation options
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update blueprints and docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-05 15:46:20 +01:00
e6b5810e03
polices/hibp: remove deprecated ( #4363 )
...
* remove hibp
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* don't save event matcher apps in migrations
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup migrations
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update docs, update some phrasing
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-05 13:19:26 +01:00
78b711ec9d
Merge branch 'version-2022.12'
2023-01-05 10:41:54 +01:00
ac07833688
release: 2022.12.2
2023-01-05 10:01:30 +01:00
730139e43c
*: improve general tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-04 22:40:09 +01:00
24e8915e0a
providers/proxy: add tests for proxy basic auth ( #4357 )
...
* add tests for proxy basic auth
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* stop bandit from complaining
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add API tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* more tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-04 22:40:06 +01:00
3e7320734c
*: improve general tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-04 22:26:55 +01:00
3131e557d9
providers/proxy: add tests for proxy basic auth ( #4357 )
...
* add tests for proxy basic auth
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* stop bandit from complaining
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add API tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* more tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-04 22:04:16 +01:00
dc1359a763
providers/saml: initial SLO implementation ( #2346 )
...
* providers/saml: initial SLO implementation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* providers/saml: add logout request tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* providers/saml: add tests for POST SLO
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* matrix e2e tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix import
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* set e2e matrix name
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix imports
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* separate oidc and oauth tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add basic saml slo e2e tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add better metadata download url
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* kinda prepare release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* sort releases into folders
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add slo urls to website
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix linking
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add api tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-04 19:45:31 +01:00
1e01e9813d
providers/saml: add prefix to entity descriptor ( #4355 )
...
add prefix to entity descriptor
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-04 16:44:52 +01:00
e887a315be
providers/oauth2: correctly advertise supported response_modes_supported
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-04 10:21:34 +01:00
4b93f40c5e
providers/oauth2: fix null amr value not being removed from id_token
...
closes #4339
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-03 00:41:18 +01:00
57400925a4
providers/saml: don't error if no request in API serializer context
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-03 00:14:16 +01:00
2dc0792d9e
stages/email: remove unused import
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-02 09:28:26 +01:00
fde848ee51
admin: remove unused import
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-02 00:12:14 +01:00
e9d52282b7
admin: use matching environment for system API
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-01 23:58:12 +01:00
c810628fe3
stages/email: use pending user correctly
...
closes #4318
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-01 23:50:57 +01:00
de0a5191f7
core: remove unused import
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-01 23:50:42 +01:00
93e20bce2e
core: don't use inline_serializer for user operations
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-01 23:16:44 +01:00
960a2aab74
crypto: fix type for has_key
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-01 23:14:19 +01:00
2cae6596eb
core: cleanup
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-01 23:01:08 +01:00
11b1eb4173
stages/email: make template tests less flaky
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-01 23:00:32 +01:00
3980eea7c6
web/flows: rework error display, always use ak-stage-flow-error instead of shell
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-01 21:43:44 +01:00
9fdfb8c99b
stages/dummy: add toggle to throw error for debugging
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-01 21:25:53 +01:00
5cab280759
stages/captcha: fix captcha not loading correctly, add tests
...
closes #4320
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-01 18:15:41 +01:00
9d422918b3
stages/prompt: use stage.get_pending_user() to fallback to the correct user
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-30 20:38:15 +01:00
2c42c87689
release: 2022.12.1
2022-12-30 13:43:42 +01:00
8262a47455
core: bump packaging from 21.3 to 22.0 ( #4181 )
...
* core: bump packaging from 21.3 to 22.0
Bumps [packaging](https://github.com/pypa/packaging ) from 21.3 to 22.0.
- [Release notes](https://github.com/pypa/packaging/releases )
- [Changelog](https://github.com/pypa/packaging/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pypa/packaging/compare/21.3...22.0 )
---
updated-dependencies:
- dependency-name: packaging
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* remove LegacyVersion
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-30 12:07:25 +01:00
bd56922a2f
blueprints: watch blueprints directory and trigger tasks ( #4309 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-30 11:30:18 +01:00
68b58fb73c
blueprints: fix error when entry with state absent doesn't exist
...
closes #4305
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-29 21:55:17 +01:00
97513467ad
blueprints: disallow flow token
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-29 21:54:56 +01:00
ce5d1fd80d
blueprints: Resolve yamltags in state and model attributes ( #4299 )
...
* Fixed state and model attributes not resolving yaml tags
* Linting
2022-12-29 10:05:32 +01:00
b1020fde64
web/elements: render ak-seach-select dropdown correctly in modals
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-28 20:38:57 +01:00
f0e121c064
api: add filter backend for secret key to allow access to tenants and certificates
...
closes #4182
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-28 18:59:25 +01:00
2b2323fae7
outposts: include hostname in outpost heartbeat
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-28 16:07:52 +01:00
24eb4ed963
release: 2022.12.0
2022-12-28 13:00:49 +01:00
b16d1134ea
core: add endpoints to add/remove users from group atomically
...
closes #4252
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-28 10:50:30 +01:00
20a4dfd13d
stages/invitation: fix incorrect pk check for invitation's flow
...
closes #4278
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-27 13:55:51 +01:00
8f3579ba45
blueprints: add `!If` tag ( #4264 )
...
* Added \!If tag
* Fix typo
* Removed trailing whitespace
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
* format blueprint fixtures
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-26 16:20:22 +01:00
ae13fc3b92
policies: make name required
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-25 14:46:48 +01:00
94b9ebb0bb
blueprints: add Env tag
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-24 20:41:51 +01:00
1b86a3d5d6
Merge branch 'version-2022.11'
2022-12-23 14:39:52 +01:00
8b710b57a5
root: don't send traces in testing
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 14:37:58 +01:00
9dc0bb2a77
release: 2022.11.4
2022-12-23 14:17:48 +01:00
2d827eaae1
security: fix CVE 2022 23555 ( #4274 )
...
* add flow to invitation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* show warning on invitation page
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add security advisory
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 14:16:30 +01:00
47d79ac28c
security: fix CVE 2022 46172 ( #4275 )
...
* fallback to current user in user_write, add flag to disable user creation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update api and web ui
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update default flows
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add cve post to website
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 14:16:26 +01:00
9f846d94be
security: fix CVE 2022 23555 ( #4274 )
...
* add flow to invitation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* show warning on invitation page
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add security advisory
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 14:13:49 +01:00
84fbeb5721
security: fix CVE 2022 46172 ( #4275 )
...
* fallback to current user in user_write, add flag to disable user creation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update api and web ui
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update default flows
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add cve post to website
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 14:12:58 +01:00
01da8e1792
providers/oauth2: optimise and cache signing key, prevent key being loaded multiple times
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 12:04:31 +01:00
42c278b4f8
root: migrate to hosted sentry with rate-limited DSN
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 11:18:26 +01:00
e52c964354
flows: fix redirect from plan context "redirect" not being wrapped in flow response
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-22 23:28:26 +01:00
c635487210
blueprints: better OCI support in UI ( #4263 )
...
use oci:// prefix to detect oci blueprint, add UI support
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-22 18:49:25 +01:00
fb09df26c9
core: fix lint
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-22 17:56:05 +01:00
e4e7a112e3
web: use version family subdomain for in-app doc links
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-22 17:03:08 +01:00
042865c606
blueprints: add conditions to blueprint schema
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-21 18:59:17 +01:00
7f662ac2f3
blueprints: Added conditional entry application ( #4167 )
...
* blueprints: Added !AsBool tag
* Renamed AsBool tag to Condition
* Added conditions attributed to BlueprintEntry
* Added docs for the conditions attribute of a blueprint entry
* Website linting fix
* add new tag to vscode settings
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-21 17:04:00 +00:00
609f95ac97
providers: add preview for mappings ( #4254 )
...
* preview
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/admin: show provider page on application page
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use oauth2 end session url instead of direct interface
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* dont show provider page on application page for now
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add UI for preview
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* translate and release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix lint
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* separate saml api files
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add api tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-21 12:13:11 +01:00
027ca88d83
lib: enable sentry profiles_sample_rate
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-19 12:51:22 +01:00
ec925491b2
stages/captcha: customisable URLs ( #3832 )
...
* make api and js url customisable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use recaptcha.net domains
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add form
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* regen locale
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-18 14:18:43 +01:00
3418943949
root: allow custom settings via python module
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-15 10:59:14 +01:00
8d169a8bd9
Merge branch 'version-2022.11'
2022-12-12 17:05:39 +00:00
f47ce9a360
stages/user_login: prevent double success message when logging in via source
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-12 16:34:16 +00:00
01a897dbc2
flows: set stage name and verbose_name for in_memory stages
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-12 16:22:48 +00:00
fddcb3a835
events: remove legacy logger declaration
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-12 15:32:06 +00:00
5d51621278
stages/user_write: always ignore `component` field and prevent warning
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-12 15:31:56 +00:00
9ffc720f48
policies: log correct cache state
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-12 15:31:41 +00:00
4d8978ea90
bleuprints: fix flaky test
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-09 11:04:44 +00:00
8d13235b74
blueprints: fixed bug causing filtering with an empty query ( #4106 )
...
* Fixed bug causing filtering with an empty query
Fixed bug allowing blueprint import to filter for existing models using an empty query.
The code only checks if the `identifiers` dict is empty, but `__query_from_identifier` skips identifier member values of type `dict` or keys == `pk`, so it is possible to produce an empty query if an `identifier` consists of just `dict` type members or "pk" key.
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
* Added test case
* Added support for using dict fields as blueprint entry identifiers
* Disabled pylint too-many-locals for _validate_single
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
2022-12-06 12:06:25 +01:00
44bf9a890e
release: 2022.11.3
2022-12-02 23:00:59 +02:00
58cd6007b2
Merge branch 'version-2022.11'
2022-12-02 18:12:38 +02:00
db95dfe38d
security: fix CVE 2022 46145 ( #4140 )
...
* add flow authentication requirement
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add website for cve
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* flows: handle FlowNonApplicableException without policy result
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-02 16:14:25 +01:00
1f7d52c5ce
blueprints: Support nested custom tags in `!Find` and `!Format` tags ( #4127 )
...
* Added support for nested tags to !Find and !Format
* Added tests
* Fix variable names
* Added docs
* Fixed small mistake in tests
* Fixed variable names
* Broke example into multiple lines
2022-12-01 16:10:26 +01:00
3251bdc220
events: improve handling creation of events with non-pickleable objects
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-01 15:56:28 +02:00
2a4daa5360
release: 2022.11.2
2022-12-01 10:41:29 +02:00
e1a6dede54
*: backport CVE-2022-46145 fix
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-01 10:41:26 +02:00
cf40e5047e
policies: don't log context when policy returns None
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-30 14:43:47 +02:00
d5329432fe
lib: fix uploaded files not being saved correctly, add tests
...
closes #4110 #4109 #4107
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-30 12:48:33 +02:00
5156aeee0f
policies/password: Always add generic message to failing zxcvbn check ( #4100 )
...
* Always add generic message to failing zxcvbn password policy
Depending on the settings, sometimes a password policy that checks a password with the zxcvbn tool can fail without any message.
For example:
```
$ echo 'Awdccdw1234' | zxcvbn | jq | grep "feedback" -A 5 -B 1
Password:
"score": 3,
"feedback": {
"warning": "",
"suggestions": []
}
}
```
As seen above the tool does not produce any warnings or suggestions for the given password, but if the password policy is set to have a zxcvbn threshold of 3, the policy will silently fail without communicating the reason to the user.
There are two ways to handle this:
1. Always add a generic "password is too weak" message when the policy fails.
2. Check if there are any suggestions or warnings from the zxcvbn tool and only add the generic message if not.
I personally prefer 1. This way the generic message will be shown whenever the policy fails, and will get combined with extra "tips" whenever zxcvbn has some.
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
* Update authentik/policies/password/models.py
Co-authored-by: Jens L. <jens@beryju.org>
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
* Added test case
* fix black formatting
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: Jens L. <jens@beryju.org>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-30 07:58:16 +00:00
e22fce02f8
stages/authenticator_validate: improve validation for not_configured_action
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-28 10:52:51 +01:00
e2bd96c5de
stages/authenticator_validate: fix validation to ensure configuration stage is set
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-25 21:37:52 +01:00
f8ef2b666f
events: fix incorrect EventAction being used
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-25 11:53:05 +01:00
a9909fcf6d
providers/oauth2: set amr values based on login event
...
closes #4070
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-25 11:21:59 +01:00
1fa9b3a996
providers/saml: set AuthnContextClassRef based on login event
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#4070
2022-11-25 11:21:45 +01:00
5019346ab6
events: save login event in session after login
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#4070
2022-11-25 11:21:00 +01:00
f22f1ebcde
stages/authenticator_validate: save used mfa devices in login event
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-25 10:47:49 +01:00
1c2cdfe06a
web/flows: improve error messages for failed duo push
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-24 13:42:13 +01:00
d0308a8239
stages/authenticator_validate: log duo error
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-24 11:36:43 +01:00
6843c8389b
stages/authenticator_duo: fix imported duo devices not being confirmed
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-24 11:36:34 +01:00
3a13d19695
release: 2022.11.1
2022-11-22 21:42:10 +01:00
ed7bef9dbf
blueprints: open fixtures in read only mode
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-22 21:39:30 +01:00
b9fdb63a57
core: fix lint
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-22 21:02:18 +01:00
5262d89505
core: fix tab-complete in shell
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-22 20:30:00 +01:00
ab3d47c437
blueprints: add desired state attribute to objects ( #4061 )
...
* add state attribute to delete objects
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tests, move yaml from block to files
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add state to docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* only try to format
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-22 14:27:20 +01:00
14cd52686d
stages/email: add test for email translation
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#3885
2022-11-22 14:14:42 +01:00
1a39754fe9
*: don't return values in test suites
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-22 11:38:34 +01:00
5b8223808e
Merge branch 'version-2022.11'
2022-11-21 22:14:33 +01:00
14f341f504
web/admin: fix error when importing duo devices
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-21 21:36:10 +01:00
20c1770ec4
release: 2022.11.0
2022-11-21 20:12:02 +01:00
a2e512c36c
stages/authenticator_validate: add flag to configure user_verification for webauthn devices
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-21 17:52:37 +01:00
3c2da8138d
stages/invitation: directly delete invitation now that flow plan is saved in email token
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-21 14:55:49 +01:00
426f0bc9dd
events: deepcopy event kwargs to prevent objects being removed, remove workaround
...
closes #4041
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-21 12:31:17 +01:00
cc3ab141e5
policies: only cache policies for authenticated users
...
closes #4033
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-18 21:06:53 +01:00
c158ef80db
*: fix remaining old cache keys
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-18 16:18:32 +01:00
9f5fb692ba
sources: add custom icon support ( #4022 )
...
* add source icon
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add to oauth form
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add to other browser sources
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add migration, return icon in UI challenges
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* deduplicate file upload
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-16 14:10:10 +01:00
d67ec1b62f
lib: fix complex objects being included in event context for ak_create_event
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-15 16:51:02 +01:00
e5241ac574
core: fix error when propertymappings return complex value
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-15 16:28:15 +01:00
276af8457d
root: make sentry DSN configurable ( #4016 )
...
* make sentry DSN configurable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* make proxy smarter
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix typo in config struct
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-15 16:05:29 +01:00
55aa1897af
root: use single redis db ( #4009 )
...
* use single redis db
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup prefixes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* ensure __str__ always returns string
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix remaining old prefixes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-15 14:31:29 +01:00
9f269faf53
stages/authenticator_*: cleanup
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-15 13:46:00 +01:00
9bde7ef59e
Revert "stages/authenticator_*: directly save devices into db instead of session to prevent race conditions"
...
closes #4008
This reverts commit 538c2ca4d3
2022-11-15 11:35:53 +01:00
88594075b2
policies/password: merge hibp add zxcvbn ( #4001 )
...
* initial zxcvbn
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add api and port tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* more tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add ui
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add api diff
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-14 14:42:43 +01:00
ffe6f65af5
outposts/kubernetes: ingress class ( #4002 )
...
* add support for ingressClassName
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add option to disable ssl verification for k8s controller
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update website
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-14 14:24:11 +01:00
4095c422df
core: bump python from 3.10.7-slim-bullseye to 3.11.0-slim-bullseye ( #3864 )
...
* core: bump python from 3.10.7-slim-bullseye to 3.11.0-slim-bullseye
Bumps python from 3.10.7-slim-bullseye to 3.11.0-slim-bullseye.
---
updated-dependencies:
- dependency-name: python
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* bump project
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* bump deps
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* bump ci to 3.11
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix formatting
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-13 14:20:55 +01:00
5d8dd9cf3f
blueprints: Fixed bug causing blueprint instance context be discarded ( #3990 )
...
Fixed bug causing blueprint instance context be discarded when applying a blueprint.
2022-11-12 13:23:33 +01:00
3306003f0e
providers/oauth2: fix inconsistent expiry encoded in JWT
...
- access token validity is used for JWTs issues in implicit flows
- general cleanup of how times are set
closes #2581
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-10 20:23:24 +01:00
85c790728f
core: simplify group serializer for user API endpoint ( #3899 )
...
* core/api: Adding simple group serializer to improve user retrieval performance
Due to the exhaustive use of the user_obj the performance suffers
greatly if the users are assigned to large groups. This simple fix adds
a new serializer that does not expose the user_obj within a group.
* core/api: Update schema
Update to the schema based on the new SimpleGroupSerializer
* core/api: Fix black and pylint
* make naming consistent, remove unnecessary fields
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-09 11:19:40 +01:00
47132faffb
root: relicense and launch blog post
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-03 16:00:00 +01:00
cd0d898a4b
events: sanitize generator for json safety
...
closes #3903
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-31 20:30:11 +01:00
400751ed3c
api: fix missing scheme in securitySchemes
...
closes #3883
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-29 18:50:34 +02:00
f3a72761c0
release: 2022.10.1
2022-10-29 17:24:55 +02:00
841c13ed77
core: set prehydrated locale based on active backend locale
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-28 19:43:24 +02:00
30d708dd1f
core: explicitly enable locales ( #3889 )
...
* activate locales
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* set locale for email templates
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-28 19:42:49 +02:00
9d0a7578ec
flows: fix error due to not validating error challenge
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-27 20:04:00 +02:00
f8fab14e1e
core: refactor MessageStage to not use dynamic class
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-26 20:01:42 +02:00
6b35d0c70b
core: check if session is authenticated before showing linked message
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-26 00:30:42 +02:00
dd65862bf2
core: show success message when authenticating/enrolling after flow is finished
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-25 22:46:15 +02:00
6ea57921f2
sources/saml: set username field to name_id attribute
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-24 21:53:37 +02:00
b0d4f035f1
blueprints: fix error when cleaning up unset attribute
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-21 22:12:59 +02:00
661d2ec701
Merge branch 'version-2022.10'
2022-10-21 22:11:04 +02:00
3f570bb96d
blueprints: improve error handling
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-21 20:18:02 +02:00
89dc46a7ff
release: 2022.10.0
2022-10-21 19:42:38 +02:00
a1ce8100e9
stages/identification: log invalid_login similar to event for easier log parsing
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#3715
2022-10-20 19:31:22 +02:00
13d975a258
flows: fix error when opening inspector with no history
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-20 19:30:56 +02:00
782fec0eb9
flows: use stripped down flow serializer for flow_set to optimise loading time
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-20 09:56:08 +02:00
cfad472e1b
flows: optimise queries ( #3818 )
...
* flows: optimise flow queries
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* index source on slug and name
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* binding index
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add policy parent index
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix migrations
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup old migrations
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add release note to upgrade
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-19 22:53:07 +02:00
6882445937
*: handle PermissionError when saving files, ensure permission bits are set correctly
...
closes #3817
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-19 20:24:28 +02:00
9e3bf94547
flows: optimise flow API loading speed
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-19 10:29:06 +02:00
b06a3a8f9f
admin: add authorisations metric ( #3811 )
...
add authorizations metric
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-19 00:06:45 +02:00
167695d4b1
core: bump channels from 3.0.5 to 4.0.0 ( #3799 )
...
* core: bump channels from 3.0.5 to 4.0.0
Bumps [channels](https://github.com/django/channels ) from 3.0.5 to 4.0.0.
- [Release notes](https://github.com/django/channels/releases )
- [Changelog](https://github.com/django/channels/blob/main/CHANGELOG.txt )
- [Commits](https://github.com/django/channels/compare/3.0.5...4.0.0 )
---
updated-dependencies:
- dependency-name: channels
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* add daphne
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-18 22:34:27 +02:00
3e1490dcac
providers/saml: don't attempt verification of SAML request when no verification certificate is configured
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-18 22:26:04 +02:00
6bff6a2a1a
core: fallback to empty user object for PropertyMappingEvaluator
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-18 22:03:26 +02:00
0efee2a660
flows: improved import ( #3807 )
...
* return logs when importing flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* improve error handling, show logs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-18 22:01:42 +02:00
b85be12567
providers/oauth2: fix issues with es256 and add tests ( #3808 )
...
fix issues with es256 and add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-18 22:01:29 +02:00
96a30af0eb
sources/oauth: allow overriding of all scopes
...
closes #3747
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-16 21:21:43 +02:00
76531589dd
core: fix title in generic error template
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-16 13:55:22 +02:00
2112b5b26b
root: add global fallback throttle
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-15 23:51:36 +02:00
a3cc844e25
crypto: fix cert_expiry not having the correct format
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-15 23:32:02 +02:00
53aef73f58
flows: optimise queries for flow and stage API endpoints
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-15 11:54:31 +02:00
363872715d
sources/saml: revamp SAML Source ( #3785 )
...
* update saml source to use user connections, add all attributes to flow context
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* check for SAML Status in response, add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* package apple icon
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add webui for connections
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-14 17:04:47 +02:00
79e8b72569
flows: always show flow inspector in debug mode, don't require admin in debug ( #3786 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-14 15:44:59 +02:00
74a0e27a8c
blueprints: fix error when exporting objects with lazily translated strings
...
closes #3482
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-14 14:31:44 +02:00
0ca1368dcc
sources/saml: improve error handling for missing assertion and missing subject
...
closes #3784
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-14 13:56:39 +02:00
2980c5884f
root: Add setting to adjust database config for pgbouncer ( #3769 )
...
* Add setting to adjust database config for pgbouncer
* docker-compose.yml cleanup
Delete pgbouncer setting as false is the default value
* Cleanup docker-compose.yml
Also remove use_pgbouncer option in server section
2022-10-14 11:53:24 +02:00
217e145d23
stages/authenticator_sms: make sms stage payload customisable ( #3780 )
...
* make sms stage payload customisable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update phrasing for webhook mapping
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-14 11:53:01 +02:00
e5e6c33b2d
providers/oauth2: fix expires_in not being an int
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-11 14:25:30 +03:00
8ed2f7fe9e
providers/oauth2: add device flow ( #3334 )
...
* start device flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web: fix inconsistent app filtering
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tenant device code flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add throttling to device code view
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* somewhat unrelated changes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add initial device code entry flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add finish stage
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* it works
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add support for verification_uri_complete
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add some tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add more tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-11 12:42:10 +02:00
00a6c2a40b
sources/oauth: improve error messages
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-10 13:28:25 +03:00
239092b872
core: fix messages not being shown when no client is connected
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-10 13:27:41 +03:00
34d520a3fb
core: bump channels-redis from 3.4.1 to 4.0.0 ( #3752 )
2022-10-10 11:26:49 +02:00
3ecc715e91
sources/oauth: add Twitch OAuth source ( #3746 )
...
* sources/oauth: add Twitch OAuth source
Signed-off-by: Lukas Vögl <lukas@voegl.org>
* website/integrations: add Twitch OAuth source documentation
Signed-off-by: Lukas Vögl <lukas@voegl.org>
Signed-off-by: Lukas Vögl <lukas@voegl.org>
2022-10-10 10:59:07 +02:00
9bbe8e6c57
providers/oauth2: save full IDToken to database, only use to_dict for encoding final token
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-08 15:06:17 +03:00
b2a658d091
providers/oauth2: remove c_hash and nonce claim if they're not set
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-07 17:07:33 +03:00
ce085a029d
providers/oauth2: exclude at_hash claim if not set instead of being null
...
closes #3739
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-07 10:10:53 +03:00
93e90f8f50
crypto: fix import_certificate checking private key as certificate
...
closes #3713
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-02 00:31:14 +02:00
44e4f2e561
crypto: make certificate parsing optional for crypto api ( #3711 )
2022-10-01 00:06:00 +02:00
cca0f60bda
root: decrease default token size to 60 chars for compatibility ( #3710 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2614
2022-09-30 23:12:51 +02:00
d8a98e71bd
outposts: fix indentation in generated SSH Config
2022-09-29 09:23:27 +00:00
Jens Langhammer
Jens L
sdimovv
dependabot[bot]
Ellis Percival
Aaron Carson
Loan J
jmptbl
Daniel
Philipp Kolberg
lvoegl