Commit Graph

527 Commits

Author SHA1 Message Date
Jens Langhammer 7d9b66b6e6
show device state in webui
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-09 12:28:05 +01:00
Jens Langhammer 90606fabf9
set firebase key with checkin
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-09 12:28:05 +01:00
Jens Langhammer 76498a2d7b
allow setting firebase api key while sending enrollment callback
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-09 12:28:05 +01:00
Jens Langhammer c90d35b113
fix geoip usage
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-09 12:28:05 +01:00
Jens Langhammer e496d86e2b
use uuid for mobile token
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-09 12:28:04 +01:00
Jens Langhammer c19e12d1e1
fix web to support string for device uuid
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-09 12:28:04 +01:00
Jens Langhammer 41387e413f
switch to text field, add debug mode
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-09 12:28:03 +01:00
Jens Langhammer edccf3331a
migrate to cloud gateway
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-09 12:28:03 +01:00
Jens Langhammer 97871ecd6c
re-gen migrations, implement one half of number matching
this also treats accept/deny as "number" matching (we call it item matching to make it more general), since it's just a more static version of selecting the correct thing

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-09 12:28:03 +01:00
Jens Langhammer 7720c80d5b
allow mobile device token to retrieve user info
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-09 12:28:03 +01:00
Jens Langhammer 00fb77e3da
move firebase config to db for testing
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-09 12:28:02 +01:00
Jens Langhammer 757d179ae5
add logic for checkin
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-09 12:28:02 +01:00
Jens Langhammer c55f88d4df
implement more
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-09 12:28:02 +01:00
Jens Langhammer ad5ccf8062
set device name from hostname
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-09 12:28:02 +01:00
Jens Langhammer 38e7a7fe59
add transaction states
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-09 12:28:02 +01:00
Jens Langhammer a334d21708
move sending code into mobiletransaction model
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-09 12:28:02 +01:00
Jens Langhammer 47cb4603da
start checkin
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-09 12:28:02 +01:00
Jens Langhammer bb8a70448f
more fixes, start implementing validate
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-09 12:28:01 +01:00
Jens Langhammer 742b946caf
add temporary firebase
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-09 12:28:01 +01:00
Jens Langhammer a239084385
fix QR
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-09 12:28:01 +01:00
Jens Langhammer 4114c757b9
implement more of the API
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-09 12:28:01 +01:00
Jens Langhammer 28e1c08800
change mobile device pk to uuid
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-09 12:28:01 +01:00
Jens Langhammer e99a660a5f
move functions to device
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-09 12:28:01 +01:00
Jens Langhammer 31f869c2e0
fix stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-09 12:28:01 +01:00
Jens Langhammer a895157be1
fix lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-09 12:28:01 +01:00
Jens Langhammer 86b69e83e0
change enrollment to post
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-09 12:28:00 +01:00
Jens Langhammer cb60fc2c7b
use more minimal payload for QR code sake
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-09 12:28:00 +01:00
Jens Langhammer fc5f5ed117
initial scaffold
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-09 12:28:00 +01:00
Jens L 2064395434
enterprise/providers/rac: add option to limit concurrent connections to endpoint (#8053)
* enterprise/providers/rac: add option to limit concurrent connections to endpoint

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* unrelated: put outpost settings in group

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-04 16:27:16 +01:00
Jens L 116ac30c72
enterprise/providers/rac: add alert that enterprise is required for RAC (#8057)
add alert that enterprise is required for RAC

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-04 16:18:12 +01:00
Jens L 240cf6dd94
enterprise/providers: Add RAC [AUTH-15] (#7291)
* add basic guacamole

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make everything mostly work

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add rac build to CI

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix resize, fix web lint, sendSize correctly

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* pre-send connection from client, format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* improve throughput

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* cleanup

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* rework TokenOutpostConsumer into middleware

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix some layout issues

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add outpost controllers

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* start testing audio things

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix a bunch of things

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add deps

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix to work with outpost group

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add simple loadbalancing

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add simple reconnect

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* show reconnecting text

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix error when checking ports

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* move to providers

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add flow check to interface

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix go lint

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix rac app label

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix audio

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add logging

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* cleanup

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* allow overriding all settings

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix duplicate keyboard, debug high DPI

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* re-add deps

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix lint

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix missing __init__.py breaking model loading

I love python

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* bump successful ws connection to info

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* hide cursor since guac draws that

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add clipboard support (bidirectional)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make codespell not want to break the code

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* run pr comment in separate task

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* start endpoint and property mapping stuff

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more endpoint things

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* unrelated: fix event model_pk filtering with ints

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* unrelated: improve event display for changelog

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* rebuild endpoint stuff again

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* idk special url

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more stuff, connect token with session

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add disconnect

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* rework disconnect

cleanly disconnect from guacd instead of just letting the connection timeout

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* clear cache when creating outpost

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* support host:port and fix protocol

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* center smaller viewport

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* rework connection to wait more and stop after some time

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add policy control to endpoints

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove provider protocol

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* don't switch to different outpost connection when already chosen

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* start using property mappings, add static settings

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add some RAC mapping settings

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix lint

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* start adding tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add tests for event changes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add tests and fix issues found by said tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add preview banner, move endpoints to main page

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add locale

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* auto-select endpoint if only one is available

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* backport https://github.com/goauthentik/authentik/pull/7831 to rac

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* dont select property mappings on endpoints

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make table modal only load when opened

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* only auto-redirect when open

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix web deps

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* check for token expiry and terminate session

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* re-add endpoint name to title

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* disconnect connection when token is manually deleted

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add initial RAC docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add connection expiry setting to provider

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix flaky tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-12-30 21:33:14 +01:00
Jens L 02869d8173
stages/user_login: session binding (#7881)
* start with user_login stage

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

# Conflicts:
#	authentik/root/settings.py

* fix and improve logout event

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* lint pass

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update authenticated session when IP changes and binding doesn't break

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update docs, always keep old and new IP in event

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* re-gen api schema

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-12-23 01:20:23 +01:00
Jens Langhammer 7778a8fab2
release: 2023.10.5 2023-12-21 15:08:13 +01:00
Jens L 2521073dba
providers/scim: use lock for sync (#7948)
* providers/scim: use lock for sync

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-12-21 14:43:40 +01:00
Jens L 50860d7ffe
events: add ASN Database reader (#7793)
* events: add ASN Database reader

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix test config generator

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* de-duplicate code

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add enrich_context

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* rename to context processors?

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix cache

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use config deprecation system, update docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update more docs and tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add test asn db

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* re-build schema with latest versions

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-12-20 22:16:50 +01:00
Jens L 3e530cf1b5
flows: add "require outpost" authentication_requirement (#7921)
* migrate get_client_ip to middleware

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use middleware directly without wrapper

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add require_outpost setting for flows

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update schema

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update web ui

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fixup

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* improve fallback

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-12-19 13:32:10 +01:00
Jens L 729ef4d786
root: bump python deps (django 5) (#7862)
* bump python deps

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* vendor pickle serializer for now

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

#7761

* cleanup some things and re-build api scheme

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix web and go

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* actually fix go...?

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* better annotate json fields

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use jsondictfield wherever

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove all virtualenvs?

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ?

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* final version bump

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-12-18 22:07:59 +01:00
Jens L 944368c4f2
events: add graph for event volume (#7639)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-12-06 19:06:07 +02:00
Jens Langhammer 18b2f489c0
release: 2023.10.4 2023-11-21 19:29:02 +01:00
Jens L 44fc9ee80c
stages/identification: add option to pretend user exists (#7610)
* stages/identification: add option to pretend user exists

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests?

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* test CI permission fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-11-18 01:55:48 +01:00
Jens L b5e059dfd9
root: fix API schema for kotlin (#7601)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-11-17 00:07:21 +01:00
Jens L f728bbb14b
sources/ldap: add check command to verify ldap connectivity (#7263)
* sources/ldap: add check command to verify ldap connectivity

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* default to checking all sources

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* start adding an API for ldap connectivity

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add webui for ldap source connection status

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* better show sync status, clear previous tasks

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* set timeout on redis lock for ldap sync

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix py lint

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix web lint

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-11-13 15:01:40 +01:00
Jens Langhammer c30a2406a9
release: 2023.10.3 2023-11-09 19:20:28 +01:00
Jens Langhammer 8e72fcab59
release: 2023.10.2 2023-10-28 21:43:54 +02:00
Jens Langhammer 64c38909ff
release: 2023.10.1 2023-10-26 20:06:05 +02:00
Jens Langhammer ed46fd629e
release: 2023.10.0 2023-10-26 16:51:57 +02:00
Jens L 28053059ff
stages/user_write: allow setting user type when creating new user (#7293)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-10-26 14:33:29 +02:00
Jens L 63426bc9a8
sources/oauth: include default JWKS URLs for OAuth sources (#6992)
* sources/oauth: include default JWKS URLs for OAuth sources

makes it easier to use pre-defined types like github, google, azure with JWT M2M instead of needing to create a generic OAuth Source

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix error

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-10-20 16:54:03 +02:00
Jens L 8aafa06259
providers/radius: TOTP MFA support (#7217)
* move CheckPasswordMFA to flow executor

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add mfa support field to radius

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-10-18 19:43:36 +02:00
Samir Musali a60f3b4b81
stage/deny: add custom message (#7144)
* stage/deny: add message

* add migration, tests and schema update

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add form

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-10-18 17:13:33 +02:00