Jens L
944368c4f2
events: add graph for event volume ( #7639 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-12-06 19:06:07 +02:00
Jens L
893b8376cf
stages/email: improve error handling for incorrect template syntax ( #7758 )
...
* stages/email: improve error handling for incorrect template syntax
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-12-04 12:02:39 +02:00
Jens L
5b244a04f9
root: don't show warning when app has no URLs to import ( #7765 )
2023-12-03 21:47:27 +02:00
Jens L
a07fbf5c02
root: disable django-silk profiler ( #7715 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-11-28 12:23:19 +02:00
Jens L
8889e0d39a
events: fix lint ( #7700 )
...
* events: fix lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* test without explicit poetry env use?
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* delete previous poetry env
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* prevent invalid cached poetry envs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* run test-from-stable as matrix and make required
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix missing postgres version
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* sigh
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* idk
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-11-23 23:59:42 +01:00
Jens L
0797dec46b
events: add better fallback for sanitize_item to ensure everything can be saved as JSON ( #7694 )
...
* events: fix events sanitizing not handling all types
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove some leftover prints
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-11-23 11:43:39 +01:00
Jens L
8db34fc65b
events: include user agent in events ( #7693 )
...
* events: include user agent in events
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-11-22 20:53:10 +01:00
Jens L
68d266a480
core: fix sources get icon naming ( #7674 )
...
* core: rename source's get_icon to clearer signify it being a property
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove deprecated vscode settings
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-11-21 21:38:30 +01:00
Jens Langhammer
18b2f489c0
release: 2023.10.4
2023-11-21 19:29:02 +01:00
Jens L
b88e39411c
security: fix CVE-2023-48228 ( #7666 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-11-21 18:10:07 +01:00
ChandonPierre
c0b7d32b36
sources/ldap: clean-up certs written from db ( #7617 )
...
* sources/ldap: clean-up certs written from db
* fix test when certificate is none
2023-11-20 15:29:18 +01:00
Jens L
44fc9ee80c
stages/identification: add option to pretend user exists ( #7610 )
...
* stages/identification: add option to pretend user exists
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests?
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* test CI permission fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-11-18 01:55:48 +01:00
Jens L
98a07cd0ef
events: stop spam ( #7611 )
...
* events: don't log updates to internal service accounts
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* dont log reputation updates
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* don't actually ignore things, stop updating outpost user when not required
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* prevent updating internal service account users
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix setattr call
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-11-18 01:46:16 +01:00
Jens L
ce86b20e6b
stages/authenticator_totp: fix API validation error due to choices ( #7608 )
2023-11-17 13:52:30 +01:00
Jens L
b5e059dfd9
root: fix API schema for kotlin ( #7601 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-11-17 00:07:21 +01:00
Jens L
31ef91900b
events: fix missing model_* events when not directly authenticated ( #7588 )
...
* events: fix missing model_* events when not directly authenticated
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* defer accessing database
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-11-16 12:06:39 +01:00
Jens L
51d3511f8b
providers/scim: fix missing schemas attribute for User and Group ( #7477 )
...
* providers/scim: fix missing schemas attribute for User and Group
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make things actually work
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-11-16 11:36:49 +01:00
Jens L
3d66923310
events: sanitize functions ( #7587 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-11-15 21:56:16 +01:00
Jens L
95c71016ae
stages/email: use uuid for email confirmation token instead of username ( #7581 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-11-15 21:13:53 +01:00
Jens L
f728bbb14b
sources/ldap: add check command to verify ldap connectivity ( #7263 )
...
* sources/ldap: add check command to verify ldap connectivity
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* default to checking all sources
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start adding an API for ldap connectivity
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add webui for ldap source connection status
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* better show sync status, clear previous tasks
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* set timeout on redis lock for ldap sync
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix py lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix web lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-11-13 15:01:40 +01:00
Philipp Kolberg
9db9ad3d66
root: Restructure broker / cache / channel / result configuration ( #7097 )
...
* Initial commit
* Remove any remaining mentions of Redis URL
This is handled in https://github.com/goauthentik/authentik/pull/5395
* Allow setting broker transport options
This enables usage of other brokers that require additional settings
* Remove remaining reference to Redis URL
This functionality is not part of this PR
* Reset default TLS requirements to none
* Fix linter errors
* Move dict from base64 encoded json to config.py
Additionally add tests
* Replace ast.literal_eval with json.loads
* Use default channel and cache backend configuration
If more customization is desired users shall look at goauthentik.io/docs/installation/configuration#custom-python-settings
* Send config deprecation notification to all superusers
* Remove duplicate method
* Add configuration explanation
For channel layer settings
* Use Event for deprecation warning
* Fix remove duplicated method
* Add missing comma
* Update authentik/lib/config.py
Signed-off-by: Jens L. <jens@beryju.org>
* Fix Event deprecation handling
---------
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: Jens L <jens@beryju.org>
2023-11-10 15:44:37 +01:00
Jens Langhammer
c30a2406a9
release: 2023.10.3
2023-11-09 19:20:28 +01:00
Jens L
1e05d38059
core: fix worker beat toggle inverted ( #7508 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-11-09 18:33:41 +01:00
Marc 'risson' Schmitt
2d821a07c6
events: fix gdpr compliance always running
...
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2023-11-08 15:19:49 +01:00
Jens L
fe1a06ebf2
sources/oauth: fix patreon ( #7454 )
...
* web/admin: add note for potentially confusing consumer key/secret
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* sources/oauth: fix patreon default scopes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-11-06 15:40:43 +01:00
Jens L
3d9f7ee27e
providers/oauth2: set auth_via for token and other endpoints ( #7417 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-11-03 00:11:30 +01:00
Jens L
028c7af00f
stages/email: fix duplicate querystring encoding ( #7386 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-10-31 00:27:34 +01:00
Jens Langhammer
8e72fcab59
release: 2023.10.2
2023-10-28 21:43:54 +02:00
Jens L
261879022d
security: fix oobe-flow reuse when akadmin is deleted ( #7361 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-10-28 21:24:06 +02:00
Jens L
ad9f500ad1
crypto: fix race conditions when creating self-signed certificates on startup ( #7344 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-10-27 16:29:10 +02:00
Jens L
15d7175750
blueprints: fix entries with state: absent not being deleted if their serializer has errors ( #7345 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-10-27 16:28:56 +02:00
Jens L
83b84e8d26
rbac: handle lookup error ( #7341 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-10-27 13:38:44 +02:00
Jens L
2b4b1d2f76
stages/email: fix sending emails from task ( #7325 )
...
closes #7322
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-10-27 00:39:06 +02:00
Jens Langhammer
64c38909ff
release: 2023.10.1
2023-10-26 20:06:05 +02:00
Jens L
134799c734
root: fix pylint errors ( #7312 )
2023-10-26 19:57:11 +02:00
Jens Langhammer
ed46fd629e
release: 2023.10.0
2023-10-26 16:51:57 +02:00
Jens Langhammer
263d9128c4
stages/email: fix path for email icon
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-10-26 16:06:00 +02:00
Jens L
28053059ff
stages/user_write: allow setting user type when creating new user ( #7293 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-10-26 14:33:29 +02:00
Oleh Vivtash
add873ca9b
core: Use branding_title in the end session page ( #7282 )
...
Update end_session.html
Use branding_title in the end session "You've logged out of" section
Signed-off-by: Oleh Vivtash <oleh@vivtash.net>
2023-10-25 15:55:20 +02:00
Jens L
c0fe99714f
stages/authenticator_sms: fix error when phone number from context already exists ( #7264 )
2023-10-24 02:42:16 +02:00
Jens L
616f0b8b4f
sources/oauth: fix name clash ( #7253 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-10-21 20:29:36 +02:00
Jens L
7e213f3ca6
sources/oauth: fix oidc well-known parsing ( #7248 )
2023-10-20 20:37:52 +02:00
Jens L
63426bc9a8
sources/oauth: include default JWKS URLs for OAuth sources ( #6992 )
...
* sources/oauth: include default JWKS URLs for OAuth sources
makes it easier to use pre-defined types like github, google, azure with JWT M2M instead of needing to create a generic OAuth Source
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix error
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-10-20 16:54:03 +02:00
Jens L
63c52fd936
sources/oauth: periodically update OAuth sources' OIDC configuration ( #7245 )
...
* sources/oauth: periodically update OAuth sources' OIDC configuration
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make monitored task
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-10-20 16:51:37 +02:00
Roney Dsilva
f036820fd8
stages/email: Fix query parameters getting lost in Email links ( #5376 )
...
* fix to email confirmation flow
* handled query keyerror
* rewrite using django's QueryDict, add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix makefile
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove commented out code
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Roney Dsilva <roney.dsilva@cdmx.in>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-10-19 17:52:27 +02:00
Jens L
8aafa06259
providers/radius: TOTP MFA support ( #7217 )
...
* move CheckPasswordMFA to flow executor
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add mfa support field to radius
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-10-18 19:43:36 +02:00
Samir Musali
a60f3b4b81
stage/deny: add custom message ( #7144 )
...
* stage/deny: add message
* add migration, tests and schema update
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add form
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-10-18 17:13:33 +02:00
Jens L
6ba4f4df46
enterprise: bump license usage task frequency ( #7215 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-10-18 14:57:35 +02:00
Jens L
0697e3d5a4
rbac: revisions ( #7188 )
...
* improve system migration logging
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix filter for internal service accounts
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* merge migration
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* bump go api
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* sources/ldap: check if we need to connect to ldap before connecting
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-10-16 19:42:19 +02:00
Jens L
e28babb0b8
core: Initial RBAC ( #6806 )
...
* rename consent permission
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* the user version
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
t
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* initial role
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start form
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* some minor table refactoring
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix user, add assign
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add roles ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix backend
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add assign API for roles
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start adding toggle buttons
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start view page
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* exclude add_ permission for per-object perms
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* small cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add permission list for roles
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make sidebar update
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix page header not re-rendering?
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fixup
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add search
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* show first category in table groupBy except when its empty
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make model and object PK optional but required together
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* allow for setting global perms
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* exclude non-authentik permissions
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* exclude models which aren't allowed (base models etc)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* ensure all models have verbose_name set, exclude some more internal objects
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* lint fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix role perm assign
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add unasign for global perms
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add meta changes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* clear modal state after submit
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add roles to our group
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix duplicate url names
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make recursive group query more usable
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add name field to role itself and move group creation to signal
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start sync
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* move rbac stuff to separate django app
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix lint and such
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix go
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start API changes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add more API tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make admin interface not require superuser for now, improve error handling
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* replace some IsAdminUser where applicable
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* migrate flow inspector perms to actual permission
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix license not being a serializermodel
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add permission modal to models without view page
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add additional permissions to assign/unassign permissions
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add action to unassign user permissions
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add permissions tab to remaining view pages
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix flow inspector permission check
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix codecov config?
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add more API tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* ensure viewsets have an order set
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* hopefully the last api name change
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make perm modal less confusing
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start user view permission page
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* only make delete bulk form expandable if usedBy is set
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* expand permission tables
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add more things
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add user global permission table
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests' url names
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add tests for assign perms
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add unassign tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* rebuild permissions
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* prevent assigning/unassigning permissions to internal service accounts
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* only enable default api browser in debug
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix role object permissions showing duplicate
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix role link on role object permissions table
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix object permission modal having duplicate close buttons
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* return error if user has no global perm and no object perms
also improve error display on table
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* small optimisation
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* optimise even more
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update locale
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add system permission for non-object permissions
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* allow access to admin interface based on perm
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* clean
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* don't exclude base models
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-10-16 17:31:50 +02:00