trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
13,142 Commits 95 Branches 330 Tags 336 MiB
Commit Graph

3084 Commits

Author SHA1 Message Date
Jens L 0772756eef
crypto: fix has_key filter (#6727) 
* crypto: fix has_key certificate filter

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-09-01 11:51:41 +02:00
Jens L 1c1c1cf5da
root: expand exception logging (#6690) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-08-31 14:17:57 +02:00
Jens L f57b3efcaa
policies/reputation: fix reputation not expiring (#6714) 
* policies/reputation: fix reputation not expiring

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix some verbose names for models

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-08-31 13:46:00 +02:00
Jens L 3f3ca6fe82
core: make groups' parent_name nullable as it might not be set (#6700) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-08-30 20:39:57 +02:00
Jens L 3afff1bae9
providers/oauth2: fix incorrect scope permissions shown (#6696) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-08-30 17:27:40 +02:00
Jens L b6a57ffd4f
events: fix missing application names from most used applications (#6689) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-08-30 12:46:42 +02:00
Jens Langhammer be3cfaee56
release: 2023.8.1 2023-08-30 00:31:45 +02:00
Jens L 9545857042
root/revert persistent connections (#6677) 
Revert "root: always use persistent database connections (#6560)"

This reverts commit 1d99ec95b5.
 2023-08-30 00:13:53 +02:00
Jens Langhammer bfa78afd54
release: 2023.8.0 2023-08-29 19:58:42 +02:00
Jens L aa874dd92a
security: fix CVE-2023-39522 (#6665) 
* stages/email: don't disclose whether a user exists or not when recovering

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update website

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-08-29 19:07:49 +02:00
Jens L af200a6bf9
web: cleanup (#6664) 
* web: remove <p> used for padding and do it properly

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* web: remove .form-help-text as it didn't change anything

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* move data-list styling to correct scope

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove title from navbar for docs-only build

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-08-29 18:24:11 +02:00
Jens L ccfd45774e
*: fix api errors raised in general validate() to specify a field (#6663) 
* *: fix api errors raised in general validate() to specify a field

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove required flag for tls server name for ldap provider

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* attempt to make timing test less flaky

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-08-29 14:41:48 +02:00
Jens L 30cb38ac6d
blueprints: fix tag values not resolved correctly (#6653) 
* blueprints: fix tag values not resolved correctly

this lead to `null` in an `!Env` tag being returned as `"null"`

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make blueprint user password optional

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ensure user doesn't have a usable password set when its an empty string

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-08-28 18:27:44 +02:00
Jens L 85bc35eb41
providers/oauth2: fix id_token being saved incorrectly leading to lost claims (#6645) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-08-28 00:51:48 +02:00
Jens L 9e29789c09
root: fix config loading for outposts (#6640) 
* root: fix config loading for outposts

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix error handling

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* improve check to see if outpost is embedded or not

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* also fix oauth url fetching

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-08-26 19:40:48 +02:00
Jens L d29163e3ad
core: fix filtering users by type attribute (#6638) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-08-26 17:26:50 +02:00
Marc 'risson' Schmitt 599f7e7c88 root: config: remove redundant default configs 
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
 2023-08-26 02:41:37 +02:00
dependabot[bot] bc6706016b
core: bump pydantic from 1.10.12 to 2.3.0 (#6613) 
* core: bump pydantic from 1.10.12 to 2.3.0

Bumps [pydantic](https://github.com/pydantic/pydantic) from 1.10.12 to 2.3.0.
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md)
- [Commits](https://github.com/pydantic/pydantic/compare/v1.10.12...v2.3.0)

---
updated-dependencies:
- dependency-name: pydantic
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix webauthn stuff

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix scim

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* "fix" lint

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
 2023-08-24 12:25:17 +02:00
Marc 'risson' Schmitt 739edba92d enterprise: default user count to 0 
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
 2023-08-23 17:10:50 +02:00
Jens L 168423a54e
enterprise: licensing fixes (#6601) 
* enterprise: fix unique index for key, fix field names

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* enterprise: update UI to match

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-08-23 13:20:42 +02:00
Jens L 0472ef583c
core: hotfix group membership check (#6584) 2023-08-20 23:47:13 +02:00
Jens L 8bba3c0a9b
core: rework recursive group membership (#6017) 
* rework checking group membership and add `user.all_groups` to get full list of groups

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* refactor some more for better performance

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* migrate things to use all_groups

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update release notes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix for django 4.2

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-08-18 17:31:39 +02:00
Jens L 42c21da8b6
blueprints: fix blueprint importer logging potentially sensitive data (#6567) 2023-08-18 00:33:26 +01:00
Jens L 7b3d1a229f
stages/authenticator_static: make static token size adjustable (#6565) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-08-17 23:48:05 +02:00
risson 1d99ec95b5
root: always use persistent database connections (#6560) 
* root: always use persistent database connections

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* root: activate database connection health checks

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

---------

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
 2023-08-17 19:38:39 +02:00
Jens L 287cf6f0c7
web/admin: fix user sorting by active field (#6485) 
* web/admin: fix user sorting by active field

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* web/admin: fix hide service account toggle

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-08-05 22:07:17 +02:00
Jens L 00fae2353c
api: optimise pagination in API schema (#6478) 2023-08-05 15:37:06 +02:00
Jean-Michel DILLY e191cd6e7f
provider/oauth2: fix aud (Audience) field type which can be a list of… (#6447) 
provider/oauth2: fix aud (Audience) field type which can be a list of strings
 2023-08-01 23:16:26 +02:00
Jens L cc6824fd7c
core: bump django from 4.1.7 to 4.2 (#5238) 
* core: bump django from 4.1.7 to 4.2 (#5151)

* core: bump django from 4.1.7 to 4.2

Bumps [django](https://github.com/django/django) from 4.1.7 to 4.2.
- [Release notes](https://github.com/django/django/releases)
- [Commits](https://github.com/django/django/compare/4.1.7...4.2)

---
updated-dependencies:
- dependency-name: django
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* upgrade to psycopg3, use custom engine for prometheus metrics

See https://github.com/korfuri/django-prometheus/issues/350

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make scripts use pscopg3

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* start changelog

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* initial postgres upgrade guide

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Apply suggestions from code review

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update header

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
 2023-08-01 19:30:28 +02:00
Jens L 561e6956fe
root: add get_int to config loader instead of casting to int everywhere (#6436) 
* root: add get_int to config loader instead of casting to int everywhere

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* improve error handling, add test

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-07-31 19:34:59 +02:00
Jens L 10b0c84d97
root: migrate bootstrap to blueprints (#6433) 
* remove old bootstrap

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add meta model to set user password

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* ensure KeyOf works with objects in the state of created that already exist

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* migrate

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add support for shorter form !If tag

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* allow !Context to resolve other yaml tags

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* don't require serializer to be valid for deleting an object

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix check if a model is being created

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove duplicate way to set password

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* migrate token

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* only change what is required with migrations

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add description

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix admin status

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* expand tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* don't require bootstrap in events to fix ci?

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-07-31 19:34:46 +02:00
Jens L 09907ecb6a
root: add generated Source docs (#5323) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-07-31 11:59:20 +02:00
Jens L b08f8d8e0c
api: re-fix url import logging (#6400) 
* fix logging

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove lib from apps

lib doesn't declare any models, so it really doesn't need to be in there anyways?

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove lib from schema too

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-07-27 12:56:51 +02:00
risson 94836a3ce7
api: log errors if app URLs import fail (#6397) 
* api: log errors if app URLs import fail

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* bump level to warning

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
 2023-07-27 11:29:20 +02:00
Jens L f272d14fcf
events: fix monitored task not removing state (#6386) 
when `save_on_success` is set, a task failure saves state. when it succeeds afterwards, that state should be removed

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-07-26 16:00:50 +02:00
Timo Schwarzer 17fe595528
sources/ldap: fix syncing large LDAP directories (#6384) 
* sources/ldap: fix syncing large LDAP directories

* add test

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
 2023-07-26 12:25:40 +02:00
Marc 'risson' Schmitt 18472c231a enterprise: fix license check not using the proper JWT algorithm 
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
 2023-07-25 12:10:15 +02:00
Jens L 7be94df00c
root: set csrf cookie's secure flag same as session (#6350) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-07-24 13:57:30 +02:00
Yip Rui Fung 346c6e6a85
outposts: Fix infinite self-recursion in traefik reconciler. (#6336) 
Fix infinite self-recursion in traefik reconciler.
 2023-07-24 10:25:29 +00:00
ChandonPierre 8d4b7ce8d3
outposts: fix patch processing (#6338) 
* outposts: fix patch processing for custom object types

* outposts: correct parsing patch type

* small change

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
 2023-07-24 10:25:14 +00:00
Jens L 4647fbacb0
enterprise: fix license check not using DER as spec specifies (#6348) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-07-24 12:11:47 +02:00
ChandonPierre d435a65cfd
outposts: support json patch for Kubernetes (#6319) 2023-07-22 02:29:28 +02:00
Jens L a728dad166
providers/oauth2: fix grant_type password raising an exception (#6333) 2023-07-22 01:36:55 +02:00
Jens L d50f92d8b4
enterprise: cleanup v2 (#6330) 
* cleanup minor stuff

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* change default user type to internal to be more consistent

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-07-21 18:23:51 +02:00
Jens L 9b7c30d44c
sources/ldap: fix ldap_sync cli command not running in foreground (#6325) 
closes #6317

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-07-21 13:03:06 +02:00
Jens Langhammer d12db62a6d
root: fix lint error 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-07-20 00:38:01 +02:00
Jens L 546425acde
root: fix config env var resolution (#6310) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-07-20 00:16:00 +02:00
Jens L 2f469d2709
root: partial Live-updating config (#5959) 
* stages/email: directly use email credentials from config

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use custom database backend that supports dynamic credentials

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add crude config reloader

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make method names for CONFIG clearer

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* replace config.set with environ

Not sure if this is the cleanest way, but it persists through a config reload

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* re-add set for @patch

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* even more crudeness

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* clean up some old stuff?

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* somewhat rewrite config loader to keep track of a source of an attribute so we can refresh it

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* cleanup old things

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix flow e2e

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-07-19 23:13:22 +02:00
Jens L b6e8342466
enterprise: add more info to enterprise forecast (#6292) 
* add more info to enterprise forecast

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix banner colour

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix some layout

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix layout for warning banner

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-07-18 23:24:44 +02:00
Jens L 41af486006
enterprise: initial enterprise (#5721) 
* initial

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add user type

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add external users

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add ui, add more logic, add public JWT validation key

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* revert to not use install_id as session jwt signing key

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix more

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* switch to PKI

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add more licensing stuff

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add install ID to form

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix bugs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* start adding tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fixes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use x5c correctly

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* license checks

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use production CA

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more UI stuff

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* rename to summary

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update locale, improve ui

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add direct button

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update link

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format and such

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove old attributes from ldap

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove is_enterprise_licensed

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix admin interface styling issue

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Update authentik/core/models.py

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>

* fix default case

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
 2023-07-17 17:57:08 +02:00
Jens L cf799fca03
sources/ldap: check nsaccountlock for FreeIPA/389-ds (#6270) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-07-17 12:59:29 +02:00
Jens L 5ca65003f1
events: fix authentik_system_tasks metric status label (#6252) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-07-13 16:24:13 +02:00
Jens Langhammer d6af506a78
release: 2023.6.1 2023-07-10 13:20:22 +02:00
Jens L 080ac6b5bb
core: fix UUID filter field for users api (#6203) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-07-10 12:14:06 +02:00
Jens L 5fe737326e
sources/ldap: fix more errors (#6191) 2023-07-09 15:10:57 +02:00
Jens L ff0d3c3d63
sources/ldap: fix page size (#6187) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-07-09 15:10:51 +02:00
Jens Langhammer 7db9ced218
release: 2023.6.0 2023-07-07 13:43:16 +02:00
Jens L d22d147c8e
security: fix CVE-2023-36456 (#6171) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-07-06 18:16:26 +02:00
Jens L f306fb9c26
stages/user_write: fix duplicate source writing (#6105) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-06-29 21:42:42 +02:00
Jens L e712225ced
sources/ldap: improve scalability (#6056) 
* sources/ldap: improve scalability

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix lint

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use cache instead of call signature for page data

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-06-28 17:13:42 +02:00
Jens L a987846c76
root: celery refactor (#6095) 
* root: celery refactor

cleanup deprecation messages by configuring celery with a single object

run celery as django management command

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* improve debug experience

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix lint

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add debugpy to dev dependencies

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix task_always_eager

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-06-28 16:44:50 +02:00
Jens L 35e2b648ba
sources/ldap: fix 100% cpu usage when LDAP Server is unavailable (#6094) 2023-06-28 15:13:12 +02:00
Jens L 8bd23f1686
sources/oauth: fix OIDC client sending access token as header and query param (#6081) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-06-27 23:16:52 +02:00
Jens L 863454a895
flows: allow empty value in AutosubmitChallenge (#6079) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-06-27 23:13:58 +02:00
Jens L 416f916da6
core: fix inconsistent favicon (#6080) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-06-27 23:13:31 +02:00
Jens Langhammer 422b19df60
release: 2023.5.4 2023-06-26 23:33:04 +02:00
Jens L eab767fc1b
stages/authenticator_validate: fix regression (#6062) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-06-26 13:06:11 +02:00
Jens L b0fbd576fc
security: cure53 fix (#6039) 
* ATH-01-001: resolve path and check start before loading blueprints

This is even less of an issue since 411ef239f6, since with that commit we only allow files that the listing returns

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ATH-01-010: fix missing user filter for webauthn device

This prevents an attack that is only possible when an attacker can intercept HTTP traffic and in the case of HTTPS decrypt it.

* ATH-01-008: fix web forms not submitting correctly when pressing enter

When submitting some forms with the Enter key instead of clicking "Confirm"/etc, the form would not get submitted correctly

This would in the worst case is when setting a user's password, where the new password can end up in the URL, but the password was not actually saved to the user.

* ATH-01-004: remove env from admin system endpoint

this endpoint already required admin access, but for debugging the env variables are used very little

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ATH-01-003 / ATH-01-012: disable htmlLabels in mermaid

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ATH-01-005: use hmac.compare_digest for secret_key authentication

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ATH-01-009: migrate impersonation to use API

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ATH-01-010: rework

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ATH-01-014: save authenticator validation state in flow context

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

bugfixes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ATH-01-012: escape quotation marks

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add website

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update release ntoes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update with all notes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-06-22 22:25:04 +02:00
Samir Musali b1de0b767e
sources/ldap: include UnwillingToPerformError as possible exception (#6031) 
feat: include UnwillingToPerformError as possible exception
 2023-06-21 19:45:20 +03:00
Jens L 469899233a
policies/event_matcher: change empty values to null (#6032) 
* policies/event_matcher: change empty values to null

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* migrate old default values

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-06-21 15:49:46 +02:00
Jens L 93575a9966
core: prevent selecting a group as a parent of itself (#6016) 
* core: prevent selecting a group as a parent of itself

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix api error when no parent is given

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-06-20 20:21:58 +02:00
Jens L 01311929d1
providers/ldap: improve password totp detection (#6006) 
* providers/ldap: improve password totp detection

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add flag for totp mfa support

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* keep support for static tokens

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix migrations

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-06-20 12:09:13 +02:00
Jens L f6181ceb70
providers/oauth2: correctly advertise code_challenge_methods_supported (#6007) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-06-19 21:26:33 +02:00
Jens L a5db60129d
*: use dataclass slots wherever applicable (#6005) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-06-19 18:31:07 +02:00
Jens L 05d73f688c
policies/event_matcher: add model filter (#5802) 
* policies/event_matcher: add model filter

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* cleanup

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* improve logic

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove t``

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-06-12 22:11:11 +02:00
ChandonPierre 029395d08b
sources/ldap: add support for cert based auth (#5850) 
* ldap: support cert based auth

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ldap: default sni switch to off

* ldap: `get_info=NONE` on insufficient access error

* fix: Make file locale script

* ldap: add google ldap attribute mappings

* ldap: move google secure ldap blueprint to examples

Revert "ldap: add google ldap attribute mappings"

This reverts commit 8a861bb92c1bd763b6e7ec0513f73b3039a1adb4.

* ldap: remove `validate` for client cert auth

not strictly necessary

* ldap: write temp cert files more securely

* ldap: use first array value for sni when provided csv input

* don't specify tempdir

we set $TMPDIR in the dockerfile

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* limit API to only allow certificate key pairs with private key

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use maxsplit

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update locale

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
 2023-06-12 15:41:44 +02:00
Jens L 51f4d4646c
providers/ldap: fix Outpost provider listing excluding backchannel providers (#5933) 
* providers/ldap: fix Outpost provider listing excluding backchannel providers

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-06-12 11:28:00 +02:00
Jens L c45e92b17e
root: revert to use secret_key for JWT signing (#5934) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-06-12 11:02:05 +02:00
Jens L 4741d8aa0d
sources/ldap: fix duplicate bind when authenticating user directly to… (#5927) 
sources/ldap: fix duplicate bind when authenticating user directly to LDAP source

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-06-12 10:24:01 +02:00
risson 0041cf88f4
providers/oauth2: launch url: if URL parsing fails, return no launch URL (#5918) 
* providers/oauth2: launch url: if URL parsing fails, return no launch URL

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* add test

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* only get provider launch URL when no url is set

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* only catch value error

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
 2023-06-09 21:56:34 +02:00
Jens L 69f0460f69
website: update translation docs (#5875) 
* website/docs: remove lingui references

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* replace deprecated cryptography types

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* tell eslint to avoid escapes in strings when possible

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ignore generated locale code

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-06-06 12:32:32 +02:00
Jens Langhammer 0a1d0b85ca
Merge branch 'version-2023.5' 2023-06-01 21:00:13 +02:00
Jens Langhammer be85eecac5
release: 2023.5.3 2023-06-01 19:35:13 +02:00
Jens L e141a11475
blueprints: fix API validation with OCI blueprint path (#5822) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-31 14:52:12 +02:00
Jens L 772acb10d6
providers/ldap: fix LDAP Outpost application selection (#5812) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-31 14:51:46 +02:00
Jens L b6d338659f
blueprints: fix API validation with OCI blueprint path (#5822) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-31 14:50:39 +02:00
Jens L fd4c5f5ce7
providers/ldap: fix LDAP Outpost application selection (#5812) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-31 14:14:25 +02:00
rlew-is a7bf963409
stages/deny: fix typos (#5800) 
* Fix typo in stage.py

Fix typo in "Cancells the current flow"

Signed-off-by: rlew-is <96594816+rlew-is@users.noreply.github.com>

* Fix typo in models.py

Fix typo in "Cancells the current flow"

Signed-off-by: rlew-is <96594816+rlew-is@users.noreply.github.com>

---------

Signed-off-by: rlew-is <96594816+rlew-is@users.noreply.github.com>
 2023-05-30 10:54:24 +02:00
rlew-is 0b25c612c0
stages/deny: fix typos (#5800) 
* Fix typo in stage.py

Fix typo in "Cancells the current flow"

Signed-off-by: rlew-is <96594816+rlew-is@users.noreply.github.com>

* Fix typo in models.py

Fix typo in "Cancells the current flow"

Signed-off-by: rlew-is <96594816+rlew-is@users.noreply.github.com>

---------

Signed-off-by: rlew-is <96594816+rlew-is@users.noreply.github.com>
 2023-05-30 10:36:51 +02:00
Jens L f0619814f9
blueprints: allow setting user's passwords from blueprints (#5797) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-29 21:28:44 +02:00
Jens L d09bee7bf9
providers/proxy: add support for traefik.io API and CRD (#5801) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-29 21:12:59 +02:00
Jens Langhammer ce96600adb
Merge branch 'version-2023.5' 2023-05-28 13:23:32 +02:00
Jens Langhammer 5e5a74eebf
release: 2023.5.2 2023-05-26 23:54:12 +02:00
Jens L 5b0cc3672b
root: add method to get install_id without django being loaded (#5755) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-25 18:52:21 +02:00
Jens L 47d5fc26cc
events: fix ak_create_event using wrong request for event creation (#5731) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-24 21:52:14 +02:00
Jens L 9a996e7176
outposts: fix missing radius outpost controller (#5730) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-24 21:52:11 +02:00
Jens L 554a26442d
blueprints: support custom ports for OCI blueprints (#5727) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-24 21:52:07 +02:00
Jens L 573517bf0a
lib: add tests for ak_create_event (#5710) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
# Conflicts:
#	locale/en/LC_MESSAGES/django.po
 2023-05-24 21:51:52 +02:00
Jens L 2cd68dfa87
blueprints: fix check for file path not being run on worker (#5703) 2023-05-24 21:51:30 +02:00
Jens L 8029a13be1
core: make groups field for user optional (#5702) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-24 21:51:23 +02:00
Jens L 6766b12bd1
events: fix ak_create_event using wrong request for event creation (#5731) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-24 00:51:16 +02:00
Jens L c1404285bb
outposts: fix missing radius outpost controller (#5730) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-24 00:49:20 +02:00
Jens L 8bba8422d7
blueprints: support custom ports for OCI blueprints (#5727) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-23 13:52:50 +02:00
Jens L 0d0bb1a559
root: add install ID (#5717) 
* root: add install ID

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add fallback when no migrations table exists

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix lint

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-22 17:24:12 +02:00
Jens L 44341f0224
lib: add tests for ak_create_event (#5710) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-22 00:18:54 +02:00
Jens L 411ef239f6
blueprints: fix check for file path not being run on worker (#5703) 2023-05-21 15:29:55 +02:00
Jens L bb64fb1130
core: make groups field for user optional (#5702) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-21 15:19:05 +02:00
Jens L 5d5938c412
sources/saml: separate verification cert (#5699) 
* sources/saml: allow separate verification certificate to be specified

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add migration to keep current behaviour

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update strings

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* keep testing verification

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-21 14:42:17 +02:00
Jens Langhammer 6900ffffd8
release: 2023.5.1 2023-05-18 21:33:38 +02:00
Jens L 9c69f67778
sources/ldap: log full exception when user password set fails (#5678) 
* sources/ldap: log full exception when user password set fails

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Update authentik/sources/ldap/auth.py

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
 2023-05-18 19:00:17 +02:00
Jens L 79dcc30778
providers/radius: add warning message when radius provider is not used with outpost (#5656) 
* providers/radius: add warning message when radius provider is not used with outpost

same message as Proxy and LDAP provider have

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-17 16:19:33 +02:00
Jens L 68a1bcf233
providers/SCIM: improve backchannel signalling (#5657) 
* providers/scim: add warning when provider is not used as backchannel provider

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* providers/scim: don't sync SCIM provider that isn't used as backchannel at all

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-17 16:19:18 +02:00
Jens L cd7de4c0b9
sources/ldap: improve error message (#5653) 
* sources/ldap: improve ldap password change error message

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* stages/user_write: handle validation error when updating user

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-17 15:26:46 +02:00
Jens L f4b0d6e85c
providers/scim: default to None for fields instead of empty list (#5642) 
* providers/scim: default to None for fields instead of empty list

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make name of delete_none_keys clearer

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-17 00:25:28 +02:00
Jens L a6b16ecc68
lib: fix fallback_names migration not working when multiple objects n… (#5637) 
lib: fix fallback_names migration not working when multiple objects need to be renamed

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-16 22:17:56 +02:00
Jens Langhammer 8faec99bd6
release: 2023.5.0 2023-05-16 14:00:48 +02:00
tograss 557aadecc0
stages/authenticator_sms: Fix json serialization in send_generic (#5630) 
stages/authenticator_sms: Fix SMS Authenticator Setup Stage with generic provider does not work without mapping

This fixes issue #5629. Problem is/was that self.get_message(token) in send_generic returned a type django.utils.functional.lazy.<locals>.__proxy__ which is not json serializable.
 2023-05-16 10:28:14 +00:00
Jens L ff1510dedc
events: sanitize enums (#5610) 
when importing a flow and returning logs, sometimes an enum might be included which is currently not sanitized and hence causes an exception

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-15 14:39:58 +02:00
Jens L c3398004ff
blueprints: add meta models to schema (#5611) 
these models were previously ignored

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-15 14:39:48 +02:00
Jens L 47f09ac285
providers/scim: improve SCIM error messages (#5600) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-15 14:39:27 +02:00
Jens L 6299fc7f81
root: migrate from os.path to Pathlib (#5594) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-12 20:04:02 +02:00
Jens L a032fd529b
events: don't include task uid in task metric (#5595) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-12 20:03:52 +02:00
Jens L ec78e56fbd
providers/scim: fix group patch schema (#5596) 
the original request was made based on the sentry docs, which aren't actually correct

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-12 20:03:43 +02:00
Jens L 61434c807d
stages/identification: auto-redirect to source when no user fields are selected (#5583) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-11 16:52:30 +02:00
risson 7265a56f05
root: switch sentry dsn to our relay (#5494) 
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
 2023-05-11 15:24:38 +02:00
Tana M Berry 95df14106c
blueprints: further copy-edits (#5559) 
another copy-edit

Co-authored-by: Tana Berry <tana@goauthentik.io>
 2023-05-11 13:48:27 +02:00
Jens L 91d78b0c7d
sources/oauth: re-fix reddit source (#5582) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-11 13:48:11 +02:00
Jens L 906faf9cce
providers/proxy: fix panic when claims in session were nil (#5569) 
* providers/proxy: fix panic when claims in session were nil

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add new options

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-10 20:58:44 +02:00
Jens L 3704f4ccf4
core: disallow username and email changes by default (#5571) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-10 20:57:57 +02:00
Michael OBrien eb071d4d90
providers/oauth2: add user UUID as subject option (#5556) 
* providers/oauth2: add user UUID as subject option

* Added translations for new OAuth2 subject option
 2023-05-10 17:50:13 +02:00
Jens L 1c04dc0986
providers/SCIM: patch group name (#5564) 
* providers/scim: patch name when group put fails

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* re-raise ResourceMissing in group update to trigger recreation

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-10 12:29:39 +02:00
Jens L 92fd6a55db
blueprints: adjust wording on managed field (#5558) 2023-05-09 23:41:42 +02:00
Jens L b5b1ed5887
sources/oauth: fix reddit (#5557) 2023-05-09 23:41:24 +02:00
Jens L eaa3d11df8
api: modular urls (#5551) 
* api: make API urls modular

load API urls from app module's urls file instead of a single static file

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* refactor websocket url mounting

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-09 14:46:47 +02:00
Jens L 9c25d72d61
providers/scim: fix scim_sync_all error (#5539) 
* providers/scim: fix scim_sync_all error

closes #5538

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* don't use static names in tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-08 22:39:48 +02:00
Jens L 5ea54e8f7e
*: improve configuration error events (#5523) 
* *: improve configuration error events

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* delete test-db when resetting

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-08 15:34:43 +02:00
Jens L 8215ee19c6
events: include event user in webhook notification (#5524) 
* events: include event user in webhook notification

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update other transports

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-08 15:34:21 +02:00
Jens L 7acd0558f5
core: applications backchannel provider (#5449) 
* backchannel applications

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add webui

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* include assigned app in provider

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* improve backchannel provider list display

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make ldap provider compatible

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* show backchannel providers in app view

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make backchannel required for SCIM

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* cleanup api

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Apply suggestions from code review

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>

* update docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
 2023-05-08 15:29:12 +02:00
Jens L 9f4be4d150
blueprints: support setting file URLs in blueprints (#5510) 
* blueprints: support setting file URLs in blueprints

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make new fields not required

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* include conditional fields in schema

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-08 15:07:00 +02:00
Jens L 7df0e88b9d
events: cleanse http query string in events (#5508) 
* events: cleanse http query string in events

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add more tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-07 20:11:36 +02:00
Jens L 53f827b54f
blueprints: specify schema for blueprint metadata (#5509) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-07 20:11:18 +02:00
Jens L 2a2e159a0d
blueprints: improve schema generation by including model schema (#5503) 
* blueprints: improve schema generation by including model schema

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* unset required

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add deps

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-07 12:32:01 +02:00
Jens L 564b2874a9
providers/oauth2: use simpler charset for refresh tokens (#5502) 
various implementations might have issues with the special chars

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-07 00:19:11 +02:00
Jens L b99ce890ef
providers/scim: fix missing user/group filtering on SCIM direct save signals (#5473) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-04 02:28:58 +03:00
Jens L 5509bce3d7
blueprints: ignore hidden files in discovery (#5472) 
blueprints: ignore hidden files

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-04 02:16:48 +03:00
Jens L 3f607ee2c8
policies: make policy engine modes consistent with database values (#5462) 
* policies: make policy engine modes consistent with database values

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix in ui

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix missing case

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-03 18:16:16 +03:00
DerGardine a2994218e4
sources/oauth: add patreon type (#5452) 
* Models Update to include Patreon as Social Sign On

Signed-off-by: DerGardine <julian.burgschweiger@gmail.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add tests, use vanity as username

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: DerGardine <julian.burgschweiger@gmail.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-03 13:49:43 +03:00
Jens L bb8b87fcb3
providers/scim: improve compatibility (#5425) 
* providers/scim: improve compatibility

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix lint and tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-04-30 19:43:24 +03:00
Jens L f36a5a053f
root: fix import error on non debug builds (#5424) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-04-30 16:36:43 +03:00
Jens L 0b0e08446d
blueprints: fix tests (#5421) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-04-30 14:08:36 +03:00