trustchain-oc1-orchestral/authentik
Archived
10
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
8998 commits 95 branches 330 tags 336 MiB
Commit graph

2283 commits

Author SHA1 Message Date
Jens L d570feffac
flows: add types to diagrams (#2902) 
* add policy and stage types to diagram

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* show policies bound to the root flow

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix get_build_hash being empty

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-19 20:50:28 +02:00
Jens Langhammer 3d52266773 flows: handle missing initial_data in challenge 
AUTHENTIK-1HK

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-19 20:31:28 +02:00
Jens L 7bdecd2ee6
stages/user_write: dynamic groups (#2901) 
* stages/user_write: add dynamic groups

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* simplify functions

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-19 20:28:16 +02:00
Jens Langhammer 11f7935155 providers/oauth2: use regex to check redirect URI 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2799
 2022-05-18 21:22:27 +02:00
Jens L 75b0fb3393
sources/oauth: migrate twitter to oauth2 (#2893) 2022-05-18 00:03:02 +02:00
Jens Langhammer 538c2ca4d3 stages/authenticator_*: directly save devices into db instead of session to prevent race conditions 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-17 10:02:30 +02:00
Jens Langhammer 5080840ed9 admin: ensure disable_update_check is set to false for tests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-17 10:00:26 +02:00
Jens L 333e58ce2f
flows/layouts (#2867) 2022-05-16 01:10:23 +02:00
Jens Langhammer 4de2ac3248 events: add task to expire seen notifications 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-14 22:41:50 +02:00
Jens Langhammer eb4dce91c3 events: add user filter to notifications 
as superuser all notifications are returned regardless of permission so we need to filter

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-14 22:31:13 +02:00
Jens Langhammer d4fd6153c8 api: fix OwnerFilter filtering out objects for superusers 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-14 21:36:00 +02:00
Jens Langhammer 85b6bfbe5f sources: fix parent serializer for user connections 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-14 21:26:02 +02:00
Jens Langhammer 5644d5f3f7 stages/authenticator_totp: fix key error 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-14 19:57:00 +02:00
Jens Langhammer f391c33bdf providers/oauth2: fix tests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-14 12:41:40 +02:00
Jens Langhammer 18f450bd49 root: enable sentry for tests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-14 12:29:30 +02:00
Jens Langhammer ee36b7f3eb flows: move autosubmit stage into flows package 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-14 12:06:19 +02:00
Jens Langhammer a9a62bbfc8 providers/oauth2: use correct title based on flow context and translated 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-14 00:08:29 +02:00
Jens Langhammer ddd785898b providers/saml: add title attribute to autosubmit stage and render correctly 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-14 00:08:14 +02:00
Jens Langhammer 8ba45a5f6a providers/oauth2: don't create events before client_id can be verified to prevent spam 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-14 00:02:01 +02:00
Jens Langhammer 7d41e6227b providers/oauth2: add tests for form_post, fix attrs not being flattened 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-13 23:52:50 +02:00
Jens Langhammer 1363226697 providers/saml: make SAML metadata generation consistent 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-13 17:40:18 +02:00
scheibling d4abf5621e
providers/oauth2: add support for form_post response mode (#2818) 
* Added request verification and parameter generation

* response_mode added to OAuthAuthorizationParams return

* Added class OauthPostFulfillmentStage
Check response_mode in initialization

* Corrected typo

* Removed separate class
Added handling for FORM_POST in create_response_uri
Added handling for FORM_POST in return class

* Fixed pylint error (trailing-whitespace)
Removed comment

* Reformatted authorize.py with black
 2022-05-12 21:36:31 +02:00
Jens L ec67b60219
policies/hibp: check in prompt data (#2845) 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-10 23:47:36 +02:00
Jens L fd1d38f844
stages/authenticator_validate: remember (#2828) 
* initial

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: cleanup timedelta help

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tooltip

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* assert response code in self.assertStageResponse

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add more tests, add duo

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-10 21:05:22 +02:00
Jens Langhammer 3554406aa5 root: fix duplicate enum in api scheme 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-10 10:24:18 +02:00
Jens L ab2299ba1e
outposts/ldap: cached bind (#2824) 
* initial cached ldap bind support

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add web

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* clean up api generation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use gh action for golangci-lint

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-08 16:48:53 +02:00
Jens Langhammer 860269acf0 root: set SESSION_SAVE_EVERY_REQUEST to enable sliding sessions 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#1878
 2022-05-07 22:32:56 +02:00
scheibling 30c7e6c94c
providers/oauth2: fixed typo (PROMPT_CONSNET => PROMPT_CONSENT) (#2819) 2022-05-06 10:09:09 +02:00
Jens Langhammer 59df02b3b8 root: disable stdout capturing for tests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-05 23:08:36 +02:00
Jens Langhammer ddbe0aaf13 stages/user_delete: fix delete stage failing when pending user is not explicitly set 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-01 13:59:33 +02:00
Jens Langhammer 84930b4924 Revert "internal: fix high cpu when backend isnt healthy" 
This reverts commit eb6cfd22a7.

Revert "root: handle JSON error in metrics too"

This reverts commit 1ede972222.

Revert "root: don't force multiprocess prometheus registry"

This reverts commit cd1d1b4402.

Revert "root: add error handling for prometheus view"

This reverts commit c0a883f76f.
 2022-04-29 18:13:26 +02:00
Jens Langhammer 1ede972222 root: handle JSON error in metrics too 
this can happen when the worker is killed while writing metrics
 2022-04-29 11:01:04 +00:00
Jens Langhammer cd1d1b4402 root: don't force multiprocess prometheus registry 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-04-29 10:53:47 +02:00
Jens Langhammer c0a883f76f root: add error handling for prometheus view 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-04-29 10:17:53 +02:00
Jens Langhammer ab8b37a899 events: fix ignored instances not being a tuple 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-04-25 11:19:58 +02:00
Jens Langhammer 9077eff34d root: add silk and debugging views 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-04-21 22:38:32 +02:00
Jens Langhammer 2399fa456b policies: fix current user not being set in server-side policy deny 
closes #2039

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-04-21 22:30:27 +02:00
Jens Langhammer 0b4ac54363 *: default to max 60 for fqdn_rand 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-04-20 20:07:25 +02:00
Jens Langhammer 1a1434bfda *: decrease frequency of background tasks, smear tasks based on name and fqdn 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2159
 2022-04-20 18:43:40 +02:00
Jens Langhammer d283a5236c core: add custom shell command which imports all models and creates events for model events 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-04-17 18:14:57 +02:00
github-actions[bot] e4486b98fc web: Update Web API Client version (#2733) 
Signed-off-by: GitHub <noreply@github.com>

Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-04-17 17:05:43 +02:00
Jens Langhammer 778065f468 core: add flag to globally disable impersonation 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-04-17 16:52:55 +02:00
Behn 70794d79dd
sources/oauth: Fix wording for OAuth source names (#2732) 2022-04-17 16:40:10 +02:00
Jens Langhammer a3bb5d89cc events: fix created events only being logged as debug level 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-04-14 22:37:30 +02:00
Jens Langhammer f4f9f525d7 providers/oauth2: include application in login event 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-04-14 22:36:45 +02:00
Jens Langhammer 4c14e88a25 flows: pin dependency in migration 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-04-14 22:28:26 +02:00
Jens Langhammer 7561ea15de providers/oauth2: add additional tracing to token view 2022-04-14 16:48:17 +00:00
Jens Langhammer 8242b09394 flows: handle flow title formatting error better, add user to flow title context 2022-04-14 13:56:20 +00:00
Jens Langhammer 9b9c0fe663 release: 2022.4.1 2022-04-12 22:07:34 +02:00
Jens Langhammer 5a58f6ee64 providers/oauth2: remove test for non sa user 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-04-12 20:35:13 +02:00
Jens Langhammer e84b17d550 providers/oauth2: don't force service accounts for client_credentials flow 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-04-12 10:23:25 +02:00
Jens Langhammer 9da439623b stages/authenticator_duo: fix bad request being sent to duo when calling enrollment_status outside a flow 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2666
 2022-04-11 21:02:32 +02:00
Jens Langhammer 957bb1c5ef core: make generated token length configurable 
closes #2574

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-04-11 20:57:16 +02:00
Jens Langhammer 2303a97bb9 core: add method to set key of token 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2574
 2022-04-11 20:43:39 +02:00
Jens Langhammer 8be04cc013 providers/oauth2: fix elliptic curve keys attempting to use EC256 instead of ES256 
closes #2703

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-04-11 20:05:58 +02:00
Jens Langhammer cca33a74b6 core: fix error when checking generated users with no expiry 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-04-10 17:53:46 +02:00
Jens Langhammer f977bf61eb providers/oauth2: make exp optional on jwt client_credentials flow 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-04-10 17:25:35 +02:00
Jens Langhammer f8f8a9bbb9 providers/oauth2: give keypairs private key preference over certificate in client_credentials jwt flow 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-04-10 16:27:53 +02:00
Jens Langhammer e64ca4ab04 core: fix lint error 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-04-08 10:10:30 +02:00
Jens Langhammer e2f0a76309 outposts: check if docker ports should be mapped before comparing ports 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-04-07 17:30:33 +02:00
Jens Langhammer 5861d41ad3 tenants: add tenant-level attributes, applied to users based on request 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-04-06 10:41:35 +02:00
Jens Langhammer 20262f3f4b core: mark provider_obj as read_only 
closes #2637

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-04-04 10:17:59 +02:00
Jens L 633296503d
core: add grouping to applications (#2648) 
* core: add grouping to applications

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: add new field to tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-04-02 23:08:58 +02:00
Jens L 508cec2fd5
web: migrate dropdowns to wizards (#2633) 
* web/admin: add basic wizards for providers

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: add dark mode for wizard

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: migrate policies to wizard

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* start source

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* policies: sanitze_dict when returning log messages during tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* Revert "web/admin: migrate policies to wizard"

This reverts commit d8b7f62d3e.

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	web/src/locales/zh-Hans.po
#	web/src/locales/zh-Hant.po
#	web/src/locales/zh_TW.po

* web: rewrite wizard to be element based

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* further cleanup

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update sources

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: migrate property mappings

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* migrate stages

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* migrate misc dropdowns

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* migrate outpost integrations

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-04-02 19:48:17 +02:00
Jens Langhammer 7a93614e4b policies: fix tests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-04-02 18:31:02 +02:00
Jens Langhammer 4f319eaa4f policies/dummy: bump to info to always get message 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-04-02 17:28:51 +02:00
Jens Langhammer 86a8d00b3f policies: sanitze_dict when returning log messages during tests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-04-02 17:15:44 +02:00
Jens Langhammer 5fe8c1f3d7 policies: fix missing default for log_messages 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-04-02 16:44:49 +02:00
Jens Langhammer d84ff2bbca policies: add policy log messages to test endpoints 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-04-01 22:07:35 +02:00
Jens Langhammer 4be238018b providers/oauth2: pass scope and other parameters to access policy request context 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2641
 2022-04-01 21:39:05 +02:00
Jens Langhammer 99008252f8 providers/oauth2: fix verification_keys being required 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-03-31 20:19:13 +02:00
Jens Langhammer 8689444954 providers/oauth2: add password grant support (treated as client_credentials) 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-03-31 18:02:17 +02:00
Jens L bb8af2f19b
providers/oauth2: add client_assertion_type jwt bearer support (#2618) 2022-03-31 00:30:55 +02:00
Jens Langhammer 996bd05ba6 api: fix API header auth not passing to next auth method 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-03-31 00:06:01 +02:00
Jens Langhammer a1a64e25ee api: remove legacy http basic auth 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-03-30 23:39:08 +02:00
Jens Langhammer 993c6472db crypto: only count discovered when cert was loaded successfully 2022-03-28 08:58:23 +00:00
Jens Langhammer 123b0b2f05 core: fix pylint renamed variable 2022-03-28 08:58:13 +00:00
Jens Langhammer 7cbd5174f0 stages/invitation: fix tests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-03-26 19:12:22 +01:00
Jens Langhammer c7a83e6182 stages/invitation: add invitation name 
closes #2583

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-03-26 18:32:59 +01:00
Jens Langhammer 74ff9d04dd stages/prompt: set field default based on placeholder, fix duplicate fields 
closes #2572

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-03-23 22:26:06 +01:00
Jens Langhammer 969902f503 stages/prompt: filter rest_framework.fields.empty when field is not required 
closes #2572

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-03-23 20:21:12 +01:00
Jens Langhammer 04372e21dd events: handle types in event contexts 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2572
 2022-03-23 19:49:55 +01:00
Adam G d75a864f0e
providers/oauth2: map internal groups to GitHub teams in GHE OAuth emulation (#2497) 
* providers/oauth2: impl `/user/teams` endpoint for Github OAuth2

This commit adds a functional `/user/teams` endpoint for the emulated Github OAuth2 service.
The teams a user is part of are based on the user's groups in Authentik.

* providers/oauth2: Move org template inside loop; Change slug to use Django slugify

* providers/oauth2: Remove placeholder replacement

* Possibly fix complaints from the linters

* Update github.py

* Change organization name

* Update github.py
 2022-03-23 12:05:20 +01:00
Jens Langhammer 0c2b32da31 core: add num_pk to group for applications that need a numerical group id 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2497
 2022-03-22 21:37:11 +01:00
Jens Langhammer 9ad4c736f1 stages/email: allow overriding of destination email in plan context 
closes #2445

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-03-22 21:19:34 +01:00
Jens Langhammer 4154b62565 stages/prompt: fix non-required fields not allowing blank values, add more tests 
closes #2544

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-03-22 20:38:04 +01:00
Jens Langhammer 86a4a7dcee release: 2022.3.3 2022-03-21 22:37:13 +01:00
Angel Nunez Mencias 8b95e9f97a
crypto: open files in read-only mode for importing (#2536) 
closes #2535
 2022-03-21 10:46:09 +01:00
Jens Langhammer be232e2b77 core: fix provider launch URL being prioritised over manually configured launch URL 
closes #2493

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-03-16 10:26:55 +01:00
Jens Langhammer 53d0205e86 outposts/proxy: use Prefix in ingress for k8s 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-03-15 19:01:08 +01:00
Jens Langhammer 260a7aac63 release: 2022.3.2 2022-03-15 00:01:01 +01:00
Jens Langhammer a3df414f24 sources/ldap: fix parent_group not being applied 
closes #2464

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-03-14 22:13:20 +01:00
Jens Langhammer dcaa8d6322 flows: revert default flow user change 
closes #2483

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-03-14 22:05:30 +01:00
Jens Langhammer ceb894039e stages/authenticator_validate: fix passwordless flows not working 
closes #2484

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-03-14 21:15:47 +01:00
Jens Langhammer c7a825c393 lib: lower default sample rate 2022-03-14 12:38:14 +00:00
Jens Langhammer 54f170650a core: replace uid with uuid search 
uid can't be searched it as its a computed field

closes #2480

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-03-14 10:35:55 +01:00
Jens Langhammer fedb81571d release: 2022.3.1 2022-03-10 19:12:29 +01:00
Jens Langhammer 37528e1bba stages/authenticator_validate: fix lint 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-03-10 09:56:04 +01:00
Jens Langhammer cc1509cf57 stages/authenticator_validate: fix logic error when multiple authenticator devices can be selected 
closes #2290

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-03-10 00:46:42 +01:00
Jens Langhammer 0dfecc6ae2 stages/authenticator_*: fix device.confirmed being set incorrectly 
closes #2330

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-03-10 00:19:49 +01:00