* main:
scripts: postgres, redis: only listen on localhost (#7849)
website: bump @types/react from 18.2.42 to 18.2.43 in /website (#7840)
web: bump ts-node from 10.9.1 to 10.9.2 in /tests/wdio (#7846)
core: bump github.com/go-openapi/runtime from 0.26.0 to 0.26.2 (#7841)
website: bump prettier from 3.1.0 to 3.1.1 in /website (#7839)
web: bump the esbuild group in /web with 2 updates (#7842)
web: bump rollup from 4.6.1 to 4.7.0 in /web (#7843)
web: bump prettier from 3.1.0 to 3.1.1 in /web (#7844)
web: bump the wdio group in /tests/wdio with 2 updates (#7845)
web: bump prettier from 3.1.0 to 3.1.1 in /tests/wdio (#7847)
translate: Updates for file web/xliff/en.xlf in fr (#7851)
translate: Updates for file locale/en/LC_MESSAGES/django.po in fr (#7850)
core: bump python from 3.12.0-slim-bookworm to 3.12.1-slim-bookworm
web/flows: update flow background (#7833)
web/flows: fix logo height (#7834)
Fix cache related image build issues
* dev:
blueprints: improve file change handler (#7813)
web/user: fix search not updating app (#7825)
web: bump the storybook group in /web with 5 updates (#7819)
core: compile backend translations (#7827)
translate: Updates for file locale/en/LC_MESSAGES/django.po in de (#7812)
core: bump github.com/go-openapi/strfmt from 0.21.8 to 0.21.9 (#7814)
ci: bump actions/stale from 8 to 9 (#7815)
web: bump the wdio group in /tests/wdio with 1 update (#7816)
translate: Updates for file web/xliff/en.xlf in zh_CN (#7820)
web: bump the sentry group in /web with 2 updates (#7817)
web: bump vite-tsconfig-paths from 4.2.1 to 4.2.2 in /web (#7818)
translate: Updates for file web/xliff/en.xlf in zh-Hans (#7821)
translate: Updates for file locale/en/LC_MESSAGES/django.po in zh-Hans (#7822)
translate: Updates for file locale/en/LC_MESSAGES/django.po in zh_CN (#7823)
web: bump typescript from 5.3.2 to 5.3.3 in /web (#7806)
website: bump typescript from 5.3.2 to 5.3.3 in /website (#7807)
web: bump typescript from 5.3.2 to 5.3.3 in /tests/wdio (#7808)
core: bump goauthentik.io/api/v3 from 3.2023104.1 to 3.2023104.2 (#7809)
ci: bump actions/setup-go from 4 to 5
web/user: fix app not updating
so when using two classes in a classMap directive, the update fails (basically saying that each class must be separated), however this error only shows when directly calling requestUpdate and is swallowed somewhere when relying on the default render cycle
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* dev:
web: bump API Client version (#7803)
events: add graph for event volume (#7639)
website/docs: change links to point to our YouTube (#7794)
web: bump core-js from 3.33.3 to 3.34.0 in /web (#7796)
core: bump golang from 1.21.4-bookworm to 1.21.5-bookworm (#7798)
web: bump the wdio group in /tests/wdio with 4 updates (#7799)
web/admin: revise wizard form handling (#7331)
web: bump the eslint group in /tests/wdio with 2 updates (#7783)
web: bump the sentry group in /web with 2 updates (#7784)
web: bump the eslint group in /web with 2 updates (#7785)
web: bump chart.js from 4.4.0 to 4.4.1 in /web (#7786)
website: bump @types/react from 18.2.41 to 18.2.42 in /website (#7787)
website: bump react-tooltip from 5.24.0 to 5.25.0 in /website (#7788)
outposts/ldap: avoid nil ptr deref in MemorySearcher (#7767)
* web: break circular dependency between AKElement & Interface.
This commit changes the way the root node of the web application shell is
discovered by child components, such that the base class shared by both
no longer results in a circular dependency between the two models.
I've run this in isolation and have seen no failures of discovery; the identity
token exists as soon as the Interface is constructed and is found by every item
on the page.
* web: fix broken typescript references
This built... and then it didn't? Anyway, the current fix is to
provide type information the AkInterface for the data that consumers
require.
* web: extract the form processing from the form submission process
Our forms have a lot of customized value handling, and the function `serializeForm` takes
our input structures and creates a JSON object ready for submission across the wire for
the various models provided by the API.
That function was embedded in the `ak-form` object, but it has no actual dependencies on
the state of that object; aside from identifying the input elements, which is done at the
very start of processing, this large block of code stands alone. Separating out the
"processing the form" from "identifying the form" allows us to customize our form handling
and preserve form information on the client for transactional purposes such as our wizard.
w
* web: multi-select, but there's a styling issue.
* web: provide a closed control for multi-select
This commit creates a new control, using the ak-form-element-horizontal as a *CLOSED*
object, for our multi-select. This control right now is limited to what we expect to
be using in the wizard, but that doesn't mean it can't be smarter in the future.
* web: hung up by a silly spelling error
* web: update the form-handling method
With the `serializeForm` method extracted, it's much easier to examine and parse
every *form* with every keystroke, preserving them against the changes that
happen as the customer navigates the Wizard. With that in place, it became
straightforward to retrofit the "handle changes to the application, to the provider, and to the providerType"
into the three pages of the wizard, and to provide *all* of the form elements in a base class
such that no specialized handling needs to happen to any of the child pages.
Fixed an ugly typo in the oauth2 provider, as well.
* web: wizard should work with multi-select and should reflect default values
(Note: This commit is predicated on both the "Extract serializeForm function from Form.ts" and
"Provide a controlled multi-select input control" PRs.)
The initial attempt at the wizard was woefully naive in its implementation, missing some critical
details along the way. This revision starts off with one stronger assumption: trust that Jens knows
what he's doing, and knew what he was building when he wrote the initial `Form` handler.
The problem with the `Form` handler, and the reason I avoided it, was simply that it does too many
things, especially in its ModelForm variant: it receives a model from the back-end, renders a
(hand-written) form for that model, allows the user to interact with that model, and facilitates
saving it to the back-end again, complete with on-page notifications of success or failure.
The Wizard could not use all of that. It needs to gather the information for *two* models (an
Application and a Provider, plus the ProviderType) and has a new and specialized end-point for a
transaction that allows the committing or roll back of both models to happen simultaneously,
predicated on success or failure respectively.
With "Extract `serializeForm` completed, it was possible to repurpose the forms that already
existed, stripping them down to just their input components, and eventing the entire thing in a
single event loop of "events flow up, data flows down." In this case, the *entire form* is
serialized on a per-event basis and pushed up the to the orchestration layer, which saves them off.
Writing a parent `BasePanel` class that has accessors for `formValues` and `valid` means that the
state of every page is accessible with a simple query. This simplified the `BaseProviderPanel` class
to just specialize the `dispatchUpdate` method to send the wizard update with the new provider
information filled out.
Because the *form* is being treated as the source of truth about the state of a `Partial<Application>`
or `Partial<*Provider>` object, the defaults are now being captured as expected.
Likewise, this simplified the `providerCache` layer which preserves customer input in the event that
the customer starts filling out the wrong provider to a simple conditional clause in the
orchestrator. The Wizard has much fewer smarts because it doesn't (and probably never did) need
them.
Along with the above changes, the following has also been done:
For SAML and SCIM, the providerMappings now works. They weren't being managed as `state` objects,
so they weren't receiving updates when the update event retrieved the information from the back-end.
In order to make clear what's happening, I have extracted the loops from the original definition and
built them as named objects: `propertyMappings`, `pmUserValues`, `pmGroupValues` and so on, which I
then pass into the new multi-select component.
I fixed a really embarrassing typo in Oauth2's "advanced settings" block.
I have extracted the CoreGroup search-select into a custom component.
I deleted the `merge` function. That was a faulty experiment with non-deterministic outcomes, and I
was never happy with it. I'm glad its gone.
I've added a title header to each of the providers, so the user can be sure that they're looking
at the right provider type when they start filling out the form.
I've created a new token, `data-ak-control`, with which we can mark all objects that we can treat as
Authentik value-producing components, the form value of which is available through a `json()`
method. I've added this bit of intelligence to the `serializeForm` function, short-circuiting the
complex processing and putting the "this is the shape of the value we expect from this input" *onto
the input itself*. Which is where it belongs.
* web: add error handling to wizard.
* web: improve error handling in light components
Rather than reproduce the error handling across all of the LightComponents,
I've made a parent class that takes the common fields to distribute between
the ak-form-element-horizontal and the input object itself. This made it
much easier to properly display errors in freeform input fields in the
wizard, as well as working with the routine error handling in Form.ts
* Added the radio control to the list of LightComponents.
* Fix bug where event was recorded twice.
* Fixed merge bug (?) that somehow deleted the Authorization Select block in OAuth2.
* web: prettier had opinions
* web: added error handling and display
* web: bump @lit-labs/context from 0.4.1 to 0.5.1 in /web
Bumps [@lit-labs/context](https://github.com/lit/lit/tree/HEAD/packages/labs/context) from 0.4.1 to 0.5.1.
- [Release notes](https://github.com/lit/lit/releases)
- [Changelog](https://github.com/lit/lit/blob/main/packages/labs/context/CHANGELOG.md)
- [Commits](https://github.com/lit/lit/commits/@lit-labs/context@0.5.1/packages/labs/context)
---
updated-dependencies:
- dependency-name: "@lit-labs/context"
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* web: updated wizard to run with latest package.json configuration
Apparently, there were stale dependencies in package-lock.json that were conflicting
with the requests in our package.json. By running `npm update`, I was able to resolve
the conflict.
I have also removed the default names from the context names collection; they weren't doing
any good, and they permit frictionless renaming of dependencies, which is never a good
idea.
* web: schlepping on the errors messages
During testing, I realized I was unhappy with the error messages. They're not very helpful.
By adding links to navigate back to the place where the error occurred, and providing better
context for what the error could have been, I hope to help the use correct their errors.
* make package the same as main
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
* main: (22 commits)
stages/email: improve error handling for incorrect template syntax (#7758)
core: bump github.com/go-openapi/strfmt from 0.21.7 to 0.21.8 (#7768)
website: bump postcss from 8.4.31 to 8.4.32 in /website (#7770)
web: bump the eslint group in /tests/wdio with 1 update (#7773)
website: bump @types/react from 18.2.39 to 18.2.41 in /website (#7769)
web: bump the eslint group in /web with 1 update (#7772)
website: fix typos in example URLs (#7774)
root: include ca-certificates in container (#7763)
root: don't show warning when app has no URLs to import (#7765)
web: revert storybook (#7764)
web: bump the eslint group in /web with 2 updates (#7730)
website: bump @types/react from 18.2.38 to 18.2.39 in /website (#7720)
web: bump the storybook group in /web with 5 updates (#7750)
website/blog: fix email syntax (#7753)
web: bump the wdio group in /tests/wdio with 3 updates (#7751)
web: bump the babel group in /web with 3 updates (#7741)
web: bump the sentry group in /web with 2 updates (#7747)
web: bump pyright from 1.1.337 to 1.1.338 in /web (#7743)
website: bump the docusaurus group in /website with 9 updates (#7746)
web: bump rollup from 4.6.0 to 4.6.1 in /web (#7748)
...
* Revert "web: bump the storybook group in /web with 5 updates (#7750)"
This reverts commit 8898709a9a.
* Revert "web: bump the storybook group in /web with 5 updates (#7733)"
This reverts commit f559d2531f.
`authentikConfig`, that can be mixed into any AKElement object that requires access to it.
Since access to `rootInterface()?.config?` is _universally_ used for a single (and repetitive)
boolean check, a separate accessor has been provided that converts all calls of the form:
``` javascript
rootInterface()?.config?.capabilities.includes(CapabilitiesEnum.CanImpersonate)
```
into:
``` javascript
this.can(CapabilitiesEnum.CanImpersonate)
```
It does this via a Mixin, `WithCapabilitiesConfig`, which understands that these calls only make
sense in the context of a running, fully configured authentik instance, and that their purpose is to
inform authentik components of a user’s capabilities. The latter is why I don’t feel uncomfortable
turning a function call into a method; we should make it explicit that this is a relationship
between components.
The mixin has a single single field, `[WCC.capabilitiesConfig]`, where its association with the
upper-level configuration is made. If that syntax looks peculiar to you, good! I’ve used an explict
unique symbol as the field name; it is inaccessable an innumerable in the object list. The debugger
shows it only as:
Symbol(): {
cacheTimeout: 300
cacheTimeoutFlows: 300
cacheTimeoutPolicies: 300
cacheTimeoutReputation: 300
capabilities: (5) ['can_save_media', 'can_geo_ip', 'can_impersonate', 'can_debug', 'is_enterprise']
}
Since you can’t reference it by identity, you can’t write to it. Until every browser supports actual
private fields, this is the best we can do; it does guarantee that field name collisions are
impossible, which is a win.
The mixin takes a second optional boolean; setting this to true will cause any web component using
the mixin to automatically schedule a re-render if the capabilities list changes.
The mixin is also generic; despite the "...into a Lit-Context" in the title, the internals of the
Mixin can be replaced with anything so long as the signature of `.can()` is preserved.
Because this work builds off the work I did to give the Sidebar access to the configuration without
ad-hoc retrieval or prop-drilling, it wasn’t necessary to create a new context for it. That will be
necessary for the following:
TODO:
``` javascript
rootInterface()?.uiConfig;
rootInterface()?.tenant;
me();
```
* web: break circular dependency between AKElement & Interface.
This commit changes the way the root node of the web application shell is
discovered by child components, such that the base class shared by both
no longer results in a circular dependency between the two models.
I've run this in isolation and have seen no failures of discovery; the identity
token exists as soon as the Interface is constructed and is found by every item
on the page.
* web: fix broken typescript references
This built... and then it didn't? Anyway, the current fix is to
provide type information the AkInterface for the data that consumers
require.
* web: rollback dependabot's upgrade of context
The most frustrating part of this is that I RAN THIS, dammit, with the updated
context and the current Wizard, and it finished the End-to-End tests without
complaint.
* web: fix labels on group view page
This is a wild bug, because what caused it and how it manifested are seemingly
unrelated as to be hallcinatory.