af7cc8d42d
blueprints: fix error when imported blueprint is invalid ( #5414 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-28 22:44:19 +03:00
5830781a5a
root: add websocket logging ( #5408 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-28 20:34:34 +03:00
ecce31ee87
providers/scim: correctly handle 404 by re-creating object ( #5405 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-28 14:36:21 +03:00
967a38b7ac
crypto: make name field unique to prevent double certs ( #5406 )
...
* crypto: make name field unique to prevent double certs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix test
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-28 14:35:59 +03:00
9d1ad104ec
outposts: make state more consistent ( #5403 )
2023-04-28 13:53:07 +03:00
54d508ae8c
ci: fix pyright errors ( #5392 )
...
* ci: fix pyright errors
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix error in oauth 1 source
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove redundant blueprint fixtures
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-27 17:33:47 +03:00
7b0d8f8991
providers/scim: ensure scim group member isn't None ( #5391 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-27 15:03:50 +03:00
4426cbec34
policies: clear app cache when writing user, groups, policies ( #5371 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-25 15:24:47 +03:00
5970a6e2a2
events: always run policies for notification rules even if no group is selected ( #5353 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-23 19:10:22 +03:00
480f5c2aac
ci: add log grouping ( #5342 )
...
* ci: add log grouping
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* try to group structlog output
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* earlier hooks
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* hmm
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* disable beats integration for now
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* test container logs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove testing
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-21 19:06:11 +03:00
e75e2cf324
website/docs: flow context docs ( #5243 )
...
* add flow context docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* cleanup some redundant things
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* added more section headers
* tweaked new headings
* Apply suggestions from code review
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>
* add more keys, use dedicated prefix for internal keys
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* set toc_max_heading_level: 5
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update datatypes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more consistent header
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more fixes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* Update website/docs/flow/context/index.md
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
* Update website/docs/flow/context/index.md
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
* Update website/docs/flow/context/index.md
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Tana Berry <tana@goauthentik.io>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2023-04-20 17:31:34 +00:00
4671d4afb4
enterprise: initial license ( #5293 )
...
* enterprise: add enterprise license and app
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add license and terms
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* don't build enterprise into docker for now
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-19 16:13:45 +02:00
ee6edec1d8
stages/prompt: Add initial_data prompt field and ability to select a default choice for choice fields ( #5095 )
...
* Added initial_value to model
* Added initial_value to admin panel
* Added initial_value support to flows; updated tests
* Updated default blueprints
* update docs
* Fix test
* Fix another test
* Fix yet another test
* Add placeholder migration
* Remove unused import
2023-04-19 12:27:51 +02:00
dfa80543b5
root: add ruff linter ( #5240 )
...
* root: add ruff linter
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* actually add ruff
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-18 13:28:19 +02:00
ce5f6d5d43
release: Version 2023.4 ( #5283 )
...
* release: 2023.4.0
* release: 2023.4.1
2023-04-18 10:45:17 +02:00
8160663214
release: 2023.4.0 ( #5254 )
2023-04-14 13:20:22 +02:00
6a700cb376
core: fix user metrics for users which can't access events ( #5252 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-14 11:20:26 +02:00
a5098364eb
events: unpack wrapped query from FlowExecutor ( #5244 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-14 00:07:41 +02:00
6a74fa11c6
providers/oauth2: inconsistent client secret generation ( #5241 )
...
* use simpler char set for client secret
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* also adjust radius
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use similar logic in web to generate ids and secrets
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* dont use math.random
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-13 15:06:28 +02:00
f84a10b59b
core: revert django update ( #5236 )
...
* Revert "core: bump django from 4.1.7 to 4.2 (#5151 )"
This reverts commit 18a4eac527
2023-04-13 14:10:12 +02:00
18a4eac527
core: bump django from 4.1.7 to 4.2 ( #5151 )
...
* core: bump django from 4.1.7 to 4.2
Bumps [django](https://github.com/django/django ) from 4.1.7 to 4.2.
- [Release notes](https://github.com/django/django/releases )
- [Commits](https://github.com/django/django/compare/4.1.7...4.2 )
---
updated-dependencies:
- dependency-name: django
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* upgrade to psycopg3, use custom engine for prometheus metrics
See https://github.com/korfuri/django-prometheus/issues/350
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make scripts use pscopg3
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-04-11 15:00:27 +02:00
1ca8feb5fc
sources/ldap: make schema optional ( #5213 )
...
* sources/ldap: make schema optional
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* create one connection and re-use it
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use magicmock
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-10 21:55:56 +02:00
8b78570597
outposts: run containers as non root ( #5212 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-09 21:39:07 +02:00
977757f561
policies: provider raw result for better policy reusability ( #5189 )
...
* policies: include raw_result in PolicyResult
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* move ak_call_policy to base evaluator
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-06 09:42:29 +02:00
711e98d049
stages/identification: revert is_active check ( #5183 )
2023-04-05 15:49:35 +02:00
132a353b92
outposts: set k8s deployment security context ( #5163 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-05 13:36:46 +02:00
fb4808418c
core: bump sentry-sdk from 1.18.0 to 1.19.0 ( #5169 )
...
* core: bump sentry-sdk from 1.18.0 to 1.19.0
Bumps [sentry-sdk](https://github.com/getsentry/sentry-python ) from 1.18.0 to 1.19.0.
- [Release notes](https://github.com/getsentry/sentry-python/releases )
- [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md )
- [Commits](https://github.com/getsentry/sentry-python/compare/1.18.0...1.19.0 )
---
updated-dependencies:
- dependency-name: sentry-sdk
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* use new features
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-04-04 15:29:09 +02:00
02f75a92ce
lifecycle: don't use celery ping for worker healthcheck ( #5153 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-03 18:15:31 +02:00
adcd11b1f8
core: extend postgres configuration ( #5138 )
...
Add postgres configuration options to control
TLS verification and client certificates.
2023-04-02 17:39:36 +02:00
6192d01b7e
stages: Add ability to set user friendly names for MFA stages ( #5005 )
...
* Added ability to name MFA stage
* Schema
* Changed Charfield to Textfield
* Regenerated schema
* Add explicit required
* set null instead of blank so title check works
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add help text and adjust wording
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-04-02 16:52:44 +02:00
5947c7b97e
stages/user_write: improve error handling ( #5136 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-31 23:59:37 +02:00
75510ead84
core: fix app launch URL flow selection ( #5113 )
2023-03-30 02:10:25 +02:00
73bf6fd530
core: bump channels-redis from 4.0.0 to 4.1.0 ( #5115 )
...
* core: bump channels-redis from 4.0.0 to 4.1.0
Bumps [channels-redis](https://github.com/django/channels_redis ) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/django/channels_redis/releases )
- [Changelog](https://github.com/django/channels_redis/blob/main/CHANGELOG.txt )
- [Commits](https://github.com/django/channels_redis/compare/4.0.0...4.1.0 )
---
updated-dependencies:
- dependency-name: channels-redis
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* remove channels <4.1 workaround
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-03-30 00:08:07 +02:00
1d2725825c
providers/scim: add missing default fields ( #5108 )
...
* providers/scim: add missing default fields
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
#4554
* update tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-28 14:42:52 +02:00
4218ece2a5
stages/authenticator_validate: fix stage not working without pending user ( #5096 )
...
closes #5094
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-27 23:08:55 +02:00
b097cf4d7e
providers/scim: fix error when user-group m2m is updated forward ( #5082 )
...
* providers/scim: fix error when user-group m2m is updated forward
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-26 22:34:53 +02:00
5c0d7f9a58
web/admin: fix error when creating bindings due to hidden inputs ( #5081 )
...
* web/admin: fix error when creating bindings due to hidden inputs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix flaky test
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-26 18:58:02 +02:00
6437fbc814
web/admin: prompt preview ( #5078 )
...
* add initial prompt preview
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* improve error handling
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* don't flood api with requests when fields are changeed
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-25 22:31:48 +01:00
1957717160
providers: Add ability to choose a default authentication flow ( #5070 )
...
* core: add ability to choose a default authentication flow for a provider
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* update web to use correct ak-search-select
I don't think this element existed when the PR was initially created, lol
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* only use provider authentication flow for authentication designation
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-03-24 13:26:00 +01:00
da3222df07
core: fix websocket url path ( #5019 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-21 00:20:48 +01:00
54cacd784c
*: load websocket paths similarly to URLs ( #5018 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-20 23:39:25 +01:00
3f5effb1bc
providers/radius: simple radius outpost ( #1796 )
...
* initial implementation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add migrations
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix web
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* minor fixes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use search-select
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update locale
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fixup
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix ip with port being sent to delegated ip
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add radius tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-20 16:54:35 +01:00
16a03160d0
core: Add unique constraint to user UUID ( #5004 )
2023-03-20 00:33:08 +01:00
8b52d711e8
stages/prompt: Add Radio Button Group, Dropdown and Text Area prompt fields ( #4822 )
...
* Added radio-button prompt type in model
* Add radio-button prompt
* Refactored radio-button prompt; Added dropdown prompt
* Added tests
* Fixed unrelated to choice fields bug causing validation errors; Added more tests
* Added description for new prompts
* Added docs
* Fix lint
* Add forgotten file changes
* Fix lint
* Small fix
* Add text-area prompts
* Update authentik/stages/prompt/models.py
Co-authored-by: Jens L. <jens@beryju.org>
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
* Update authentik/stages/prompt/models.py
Co-authored-by: Jens L. <jens@beryju.org>
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
* Fix inline css
* remove AKGlobal, update schema
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L. <jens@beryju.org>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-03-19 18:56:17 +01:00
97df7848a5
blueprints: allow setting of token key in blueprint context ( #4995 )
...
closes #4717
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-18 00:10:12 +01:00
e2d3a95c80
web: full web components part 1 ( #4964 )
...
* migrate loading
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* migrate api browser
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* migrate base css
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* move tenant fetching to base interface
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* import pre-loaded stages in flow interface and not executor to strip down executor size
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix redirect and such
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-17 23:10:19 +01:00
8363016982
version: 2023.3 ( #4980 )
...
* release: 2023.3.0
* providers/ldap: fix duplicate attributes (#4972 )
closes #4971
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* providers/oauth2: fix response for response_type code and response_mode fragment (#4975 )
* web/flows: fix authenticator selector in dark mode (#4974 )
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* release: 2023.3.1
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-16 22:43:57 +01:00
2a399cf8e8
providers/oauth2: fix response for response_type code and response_mode fragment ( #4975 )
2023-03-16 15:58:38 +01:00
eaf56f4f3f
stages/user_login: stay logged in ( #4958 )
...
* add initial remember me offset
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add to go executor
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add ui for user login stage
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-15 20:21:05 +01:00
9310d4cdc0
*: fix mismatched task names for discovery, make output service connection task monitored ( #4956 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-15 12:12:08 +01:00
86f9056d3f
core: fix url validator ( #4957 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-15 12:00:57 +01:00
73d7b5f110
root: add common fixture loader ( #4946 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-14 17:13:03 +01:00
4b1440944e
providers: fix authorization_flow not required in API ( #4932 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-13 23:36:24 +01:00
59a92dbacd
stages/authenticator_webauthn: remove credential_id size limit ( #4931 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-13 21:24:10 +01:00
6f6d22da13
release: 2023.3.0 ( #4925 )
2023-03-13 19:10:48 +01:00
fab6a8f8c9
stages/user_login: expiry before login ( #4920 )
...
* stages/user_write: run set_expiry before login, so that session used in Signal has correct expiry
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-13 15:31:06 +01:00
178bfe1d44
providers/scim: handle ServiceProviderConfig 404 ( #4915 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-13 13:44:29 +01:00
94f22cffba
root: fix session middleware for websocket connections ( #4909 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-12 16:47:19 +01:00
10b7d78825
events: set task start time before start not on init ( #4908 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-12 15:13:04 +01:00
0ef333f8ea
core: bump bandit from 1.7.4 to 1.7.5 ( #4896 )
...
* core: bump bandit from 1.7.4 to 1.7.5
Bumps [bandit](https://github.com/PyCQA/bandit ) from 1.7.4 to 1.7.5.
- [Release notes](https://github.com/PyCQA/bandit/releases )
- [Commits](https://github.com/PyCQA/bandit/compare/1.7.4...1.7.5 )
---
updated-dependencies:
- dependency-name: bandit
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-03-10 12:06:59 +01:00
86bb2afd02
core: add validator which allows for URLs with formatting ( #4890 )
2023-03-10 00:16:17 +01:00
b6b820f6f1
web: toggle dark/light theme manually ( #4876 )
2023-03-09 23:17:53 +01:00
6ae2fc9668
providers/SCIM: customizable externalId, document behavior ( #4868 )
...
* only set externalId if mapping hasn't set it
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* better document use of SCIM in conjunction with OAuth/SAML
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-08 00:15:16 +01:00
67f3db1e03
core: enforce unique on names where it makes sense ( #4866 )
...
enforce unique on names where it makes sense
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-07 23:52:34 +01:00
9559bc2e1e
providers/scim: add option to filter out service accounts, parent group ( #4862 )
...
* add option to filter out service accounts, parent group
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* rename to filter group
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* rework sync card to show scim sync status
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-07 15:39:48 +01:00
28ddeb124f
providers: SCIM ( #4835 )
...
* basic user sync
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add group sync and some refactor
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start API
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* allow null authorization flow
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make task monitored
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add missing dependency
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make authorization_flow required for most providers via API
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make task result better readable, exclude anonymous user
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add task UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add scheduled task for all sync
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make scim errors more readable
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add mappings, migrate to mappings
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add mapping UI and more
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add scim docs to web
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start implementing membership
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* migrate signals to tasks
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* migrate fully to tasks
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* strip none keys, fix lint errors
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix things
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start adding tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix saml
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add scim schemas and validate against it
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* improve error handling
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add group put support, add group tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* send correct application/scim+json headers
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* stop sync if no mappings are confiugred
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add test for task sync
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add membership tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use decorator for tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make tests better
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-06 19:39:08 +01:00
e08536af33
web: bump mermaid from 10.0.1 to 10.0.2 in /web ( #4837 )
...
* web: bump mermaid from 10.0.1 to 10.0.2 in /web
Bumps [mermaid](https://github.com/mermaid-js/mermaid ) from 10.0.1 to 10.0.2.
- [Release notes](https://github.com/mermaid-js/mermaid/releases )
- [Changelog](https://github.com/mermaid-js/mermaid/blob/develop/CHANGELOG.md )
- [Commits](https://github.com/mermaid-js/mermaid/compare/v10.0.1...v10.0.2 )
---
updated-dependencies:
- dependency-name: mermaid
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* fix failing bandit check
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-03-03 10:27:16 +01:00
9370d155f8
sources/plex: fix check_token error unusable if token is empty ( #4834 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-02 22:21:54 +00:00
972dce1462
security: fix CVE-2023-26481 ( #4832 )
...
fix CVE-2023-26481
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-02 20:15:33 +01:00
7b44d8972f
stages/authenticator_sms: fix twilio sending, add test ( #4829 )
...
closes #4823
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-02 14:39:28 +01:00
a6eba37d5a
core: Add `resolve_dns` and `reverse_dns` functions to evaluator ( #4769 )
...
* Add resolve_dns
* Add reverse_dns
* Fix lint
* add caching, small optimisation
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* Added time-aware LRU cache
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-03-01 22:15:13 +01:00
20e971f5ce
flows: planner error handling ( #4812 )
...
* handle FlowNonApplicableException everywhere
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make flow planner check authentication when no pending user is in planning context
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add mailhog to e2e test services, remove local docker requirement
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-28 15:18:29 +01:00
118765ab30
web: fetch custom.css via fetch and add stylesheet ( #4804 )
...
* web: fetch custom.css via fetch and add stylesheet
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* don't hardcode path
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-27 19:54:19 +01:00
5e60db8593
providers/oauth2: fix typo ( #4803 )
2023-02-27 17:17:48 +01:00
39d0893303
flows: change default flow stage binding settings ( #4784 )
...
* flows: change default flow stage binding settings
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fallback to correct value
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-27 15:21:26 +01:00
596ff529c4
core: bootstrap email ( #4788 )
2023-02-26 17:02:45 +01:00
26f3275361
sources/ldap: improve error handling for password complexity ( #4780 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-24 10:39:43 +00:00
b7e4ad7234
web/user: fix source connections not being filtered ( #4778 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-24 10:22:02 +00:00
80f4fccd35
providers/oauth2: OpenID conformance ( #4758 )
...
* don't open inspector by default when debug is enabled
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* encode error in fragment when using hybrid grant_type
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* require nonce for all response_types that get an id_token from the authorization endpoint
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* don't set empty family_name
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* only set at_hash when response has token
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* cleaner way to get login time
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove authentication requirement from authentication flow
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use wrapper
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix auth_time not being handled correctly
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* minor cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add test files
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove USER_LOGIN_AUTHENTICATED
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* rework prompt=login handling
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* also set last login uid for max_age check to prevent double login when max_age and prompt=login is set
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-23 15:26:41 +01:00
122055b38b
stages/user_login: terminate others ( #4754 )
...
* rework session list
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use sender filtering for signals when possible
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add terminate_other_sessions
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-22 14:09:28 +01:00
c4e24c04f6
core: Improve service account creation ( #4751 )
...
* Added ability to select service account token expiration on creation
* Added call to user.set_unusable_password on service account creation
* Added forgotten call to save()
* Added and improved existsing tests
* Added accidentally deleted help text
* Fix lint
2023-02-22 13:19:01 +01:00
1f7178c3a8
providers/oauth2: remove unused import
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-22 11:11:20 +01:00
cfa2edebcf
providers/oauth2: revert PKCE requirement for public clients
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-21 23:51:27 +01:00
175502b053
core: Fix bug causing whitespace only names to raise exception when generating avatars ( #4746 )
...
Fix bug causing whitespace only names to raise exception when generating avatars
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
2023-02-21 16:19:19 +01:00
9e82de33e6
lib: remove unused imports
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-21 11:00:54 +01:00
d2cfb76a7c
root: don't trace websockets to sentry
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-20 21:32:35 +01:00
327d87355d
lib: improve caching of gravatar status
...
closes #4711
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-20 12:41:09 +01:00
b415e9b773
core: remove avatar from group user member list
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
#4711
2023-02-20 12:40:42 +01:00
1ac2e924a2
core: fix error when creating token without request in context
...
closes #4716
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-19 17:31:20 +01:00
0874574e5c
*: add additional prometheus metrics, remove unusable high entropy metrics
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-19 17:08:40 +01:00
069e9c015b
events: fix m2m_change events not being logged
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-19 16:28:30 +01:00
c6ead3dc49
providers/oauth2: make PKCE required for public clients
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-17 18:08:39 +01:00
f749027143
root: don't log django request warnings
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-17 18:08:18 +01:00
153bd3aaf1
sources/oauth: fix not all token errors being logged with response
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-17 13:22:41 +01:00
1a57d453ba
providers/oauth2: fix missing information for Revoked token access events
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-16 14:47:07 +01:00
d842fc4958
release: 2023.2.2
2023-02-15 19:53:42 +01:00
bff34cc5dc
root: use channel send workaround for sync sending of websocket messages
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-15 16:08:01 +01:00
7f009f6d02
flows: include flow authentication requirement in diagram
...
closes #4533
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-15 16:04:45 +01:00
c8c401e2c5
lib: don't try to cache generated avatar with full user, only cache with name
...
closes #4690
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-15 10:49:13 +01:00
80de3ee853
release: 2023.2.1
2023-02-14 18:52:36 +01:00
deb91bd12b
sources/ldap: add LDAP Debug endpoint
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-14 16:06:54 +01:00
81d70e5d41
release: 2023.2.0
2023-02-14 13:15:47 +01:00
ec42b597ab
providers/proxy: send token request internally, with overwritten host header ( #4675 )
...
* send token request internally, with overwritten host header
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-13 16:34:47 +01:00
925477b3a2
policies: raise sentry-ignored error for invalid PolicyEngine parameters
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-13 13:23:07 +01:00
cefc1a57ee
core: handle error when cleaning up sessions and cached session can't be loaded
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-13 13:22:34 +01:00
53b25d61f7
events: use colon as separator for task name and task UID
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-13 12:06:29 +01:00
1240ed6c6d
providers/oauth2: fix inconsistency in event client_credentials created events
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-13 11:17:03 +01:00
4f868c2ef2
events: dont log oauth temporary model creation
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-12 16:55:45 +01:00
b69e55eae9
core: Add support for auto generating unique avatars based on the user's initials ( #4663 )
2023-02-12 16:35:17 +01:00
c5870fcab2
core: fix missing uniqueness validator on user api
...
closes #4665
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-11 21:08:51 +01:00
8850446bc2
admin: fix schema generation warning
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-11 21:08:48 +01:00
10b9878f03
providers/saml: fix mismatched SAML SLO Urls ( #4655 )
...
* Fix SLO URL
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
* Fixed SAML SLO URLs
* Revert "Fix SLO URL"
This reverts commit 664051934b
2023-02-10 20:30:38 +01:00
8de92943ab
providers/saml: fix invalid SAML provider metadata, add schema tests
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-10 12:32:18 +01:00
af43330fd6
providers/oauth2: rework OAuth2 Provider ( #4652 )
...
* always treat flow as openid flow
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* improve issuer URL generation
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more refactoring
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update introspection
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more refinement
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* migrate more
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix more things, update api
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* regen migrations
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix a bunch of things
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start updating tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix implicit flow, auto set exp
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix timeozone not used correctly
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix revoke
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more timezone shenanigans
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix userinfo tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update web
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix proxy outpost
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix api tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix missing at_hash for implicit flows
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* re-include at_hash in implicit auth flow
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use folder context for outpost build
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-09 20:19:48 +01:00
1be792fbd8
policies/event_matcher: fix empty app label not being allowed, require at least 1 criteria
...
closes #4643
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-08 23:29:59 +01:00
ec9085ff06
providers/oauth2: don't use policy cache for token requests
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-07 23:53:50 +01:00
00a16bee76
web/elements: add dropdown css to DOM directly instead of including
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-05 23:32:54 +01:00
66aabcc371
providers/oauth2: fix token login event args not set correctly
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-05 00:45:54 +01:00
388367785d
*/saml: disable pretty_print, add signature tests
...
closes #4536
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-03 15:42:09 +01:00
798245b8db
providers/oauth2: optimise client credentials JWT database lookup ( #4606 )
2023-02-02 19:15:19 +01:00
f98b5b651b
admin: remove import
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-02 14:19:25 +01:00
2113029a14
admin: allow post to system info api endpoint for debugging
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-02 11:09:03 +01:00
c590cb86cf
core: bump pylint from 2.15.10 to 2.16.0 ( #4600 )
...
* core: bump pylint from 2.15.10 to 2.16.0
Bumps [pylint](https://github.com/PyCQA/pylint ) from 2.15.10 to 2.16.0.
- [Release notes](https://github.com/PyCQA/pylint/releases )
- [Commits](https://github.com/PyCQA/pylint/compare/v2.15.10...v2.16.0 )
---
updated-dependencies:
- dependency-name: pylint
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* fix lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-02-02 11:05:46 +01:00
dbf2bd5aba
blueprints: handle error when blueprint entry identifier field does not exist
...
closes #4588
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-01 19:45:36 +01:00
f2386f126e
core: fix inconsistent branding in end_session view
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
#4586
2023-02-01 19:40:59 +01:00
ffc97905f3
events: prevent error when request fails without response
...
closes #4589
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-01 19:40:02 +01:00
18cfe67719
core: bump black from 22.12.0 to 23.1.0 ( #4584 )
...
* core: bump black from 22.12.0 to 23.1.0
Bumps [black](https://github.com/psf/black ) from 22.12.0 to 23.1.0.
- [Release notes](https://github.com/psf/black/releases )
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md )
- [Commits](https://github.com/psf/black/compare/22.12.0...23.1.0 )
---
updated-dependencies:
- dependency-name: black
dependency-type: direct:development
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* re-format
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-02-01 11:31:32 +01:00
e5ba5d51fe
events: improve sanitising for tuples and sets
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-31 19:19:22 +01:00
eb60bba0d5
providers/oauth2: cast user.pk to string when using it for token 'sub' value ( #4570 )
2023-01-30 15:38:10 +00:00
c05d6b96a2
stages/prompt: set UUID to be a string ( #4563 )
2023-01-30 00:02:12 +01:00
72168fae29
providers/oauth2: add user id as "sub" mode
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-29 16:15:03 +01:00
96eeb91493
providers/oauth2: only set auth_time in ID token when a login event is stored in the session
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-29 16:00:19 +01:00
627e8a250e
tests: run e2e tests in random order ( #4550 )
...
* run e2e tests randomly
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix test_ldap_bind_search
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-27 23:57:53 +01:00
ecb1ce8135
core: fix token's set_key accessing data incorrectly
...
also add tests
closes #4551
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-27 23:57:35 +01:00
5631a99f00
stages/prompt: fallback to uuid for unique names
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-25 23:29:26 +01:00
36f8f8bae5
stages/prompt: fix mismatched name field in migration
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-25 14:46:40 +01:00
68058fb2ae
stages/authenticator_validate: fix error with passwordless webauthn login, improve tests
...
closes #4527
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-25 14:45:00 +01:00
53b65a9d1a
stages/prompt: field name ( #4497 )
...
* add prompt field name
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove numerical prefix
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix missing name
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use text field
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add description label
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add migrate blueprint to remove old stages
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add task to remove unretrievable blueprints
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix blueprint test paths
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* actually fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests even more
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix fixtures
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-24 12:23:22 +01:00
16076cc46f
outposts: fallback to ghcr
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-24 10:47:30 +01:00
b2d272bf6f
api: fix lint
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-23 20:19:03 +01:00
31ef6fb6a6
core: delete session when user is set to inactive
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-23 16:24:30 +01:00
c9c059a008
api: ensure user is active when authenticating
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-23 16:24:30 +01:00
9397598376
release: 2023.1.2
2023-01-23 14:25:55 +01:00
91ffe4e7f9
stages/user_write: fix migration setting wrong value, fix form
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-23 14:05:41 +01:00
430a207865
release: 2023.1.1
2023-01-23 11:34:58 +01:00
1ce2a1b846
stages/email: update tests
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-23 10:43:49 +01:00
4731ccfafe
stages/email: fix a typo in email template ( #4485 )
...
fix a typo in main content
Signed-off-by: Loan J <joliveau.loan@gmail.com>
Signed-off-by: Loan J <joliveau.loan@gmail.com>
2023-01-23 10:22:49 +01:00
c1b9b5c5e2
stages/authenticator_totp: url quote TOTP issuer instead of slugifying ( #4482 )
...
* Fix TOTP issuer mangling
* Fix OTP issuer mangling
* sort imports
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-01-22 16:37:47 +00:00
b288393cd4
stages/invitation: handle incorrectly formatted token
...
closes #4481
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-22 00:03:39 +01:00
5736a1542c
stages/authenticator_sms: fix code not being sent when phone_number is in context
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-19 20:19:23 +01:00
fc8fe5317a
stages: always use get_pending_user instead of getting context user
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-19 17:57:21 +01:00
c61529e4d4
sources/ldap: add e2e LDAP source tests ( #4462 )
...
* start adding more LDAP source tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* improve healthcheck
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* try local webdriver
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add full samba tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix locale types
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-19 15:03:56 +01:00
a302a72379
crypto: fallback when no SAN values are given
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-18 19:40:24 +01:00
e390f5b2d1
providers/oauth2: more x5c and ecdsa x/y tests ( #4463 )
...
* add option to exclude x5*
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
#4082
* cleanup jwks, add flaky test
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add workaround based on https://github.com/jpadilla/pyjwt/issues/709
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* don't rstrip hashes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* keycloak seems to strip equals
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-18 18:11:36 +00:00
60189ce9ca
add tests to prevent empty SAN
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-18 18:59:10 +01:00
fdc445e6a1
ensure we don't generate an empty SAN certificate
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-18 18:44:41 +01:00
49b6c71079
release: 2023.1.0
2023-01-18 15:49:45 +01:00
6e0c9acb34
events: exclude base models from model audit log
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-18 15:11:33 +01:00
23c69c456a
providers/proxy: add setting to intercept authorization header ( #4457 )
...
* add setting to intercept authorization header
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* rename to intercept_header_auth
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-17 18:56:48 +01:00
c73fce4f58
sources/ldap: manual import ( #4456 )
...
* events: fix task UID
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add ldap sync command
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-17 12:21:33 +01:00
9568f4dbd6
root: improve code style ( #4436 )
...
* cleanup pylint comments
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove more
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix url name
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* *: use ExtractHour instead of ExtractDay
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-15 17:02:31 +01:00
143309448e
policies: ensure user is set
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-14 20:24:46 +01:00
1f038ecee2
providers/oauth2: fallback to anonymous user for policy engine
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-14 20:22:06 +01:00
1b1f2ea72c
providers/oauth2: actually fix import order
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-14 19:58:24 +01:00
6e1a54753e
providers/oauth2: fix import order
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-14 19:56:12 +01:00
67d1f06c91
providers/oauth2: use guardian anonymous user to get claims for provider info
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-14 19:53:43 +01:00
d37de6bc00
policies: log full stacktrace
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-14 19:53:21 +01:00
cd12e177ea
providers/proxy: add initial header token auth ( #4421 )
...
* initial implementation
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* check for openid/profile claims
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* include jwks sources in proxy provider
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add web ui for jwks
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* only show sources with JWKS data configured
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix introspection tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start basic
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add basic auth
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add docs, update admonitions
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add client_id to api, add tab for auth
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update locale
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-13 16:22:03 +01:00
31c6ea9fda
providers/oauth2: don't allow spaces in scope_name
...
closes #4094
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-13 16:20:37 +01:00
20931ccc1d
providers/oauth2: correctly fill claims_supported based on selected scopes ( #4429 )
...
* providers/oauth2: correctly fill claims_supported based on selected scopes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add nonce claim
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-13 14:14:25 +01:00
36822c128c
admin: include task duration in API ( #4428 )
...
include task duration in API
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-13 13:21:49 +01:00
81e9f2d608
web/admin: fix overflow in aggregate cards
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-11 14:12:02 +01:00
67a6fa6399
events: rework metrics ( #4407 )
...
* rework metrics
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* change graphs to be over last week
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix Apps with most usage card
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-11 12:21:07 +01:00
1ed24a5eef
blueprints: internal storage ( #4397 )
...
* rework oci client
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add blueprint content
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make path optional
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add validation
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-10 22:00:34 +01:00
b555ccd549
sources/ldap: don't run membership sync if group sync is disabled
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
#4392
2023-01-09 17:19:50 +01:00
9445354b31
sources/ldap: only warn about missing groups when source is configured to sync groups
...
closes #4392
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-09 17:17:48 +01:00
a1be924fa4
*: strip leading and trailing whitespace when reading config values from files
...
also add a debug endpoint that dumps the go parsed config
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-09 15:29:22 +01:00
47aba4a996
crypto: prevent creation of duplicate self-signed default certs
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-06 16:51:07 +01:00
001869641d
web: ensure img tags have alt attributes
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-06 12:44:51 +01:00
bec538c543
sources/ldap: make task timeout adjustable
...
closes #4375
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-06 12:37:59 +01:00
c63ba3f378
blueprints: Fix resolve model_name in `!Find` tag ( #4371 )
...
Resolve model_name in !Find tag
2023-01-06 09:49:28 +01:00
53cab07a48
blueprints: Add `!Enumerate`, `!Value` and `!Index` tags ( #4338 )
...
* Added For and Item tags
* Removed Sequence node support from ForItem tag
* Added ForItemIndex tag
* Added support for iterating over mappings
* Added support for mapping output body
* Renamed tags: For to Enumerate, ForItem to Value, ForItemIndex to Index
* Refactored tests
* Formatting
* Improved exception info
* Improved error handing
* Added docs
* lint
* Small doc improvements
* Replaced deepcopy() call with call to copy()
* Fix mistake in docs example
* Fix missed "!" in example
2023-01-05 21:36:19 +01:00
a960ce9454
stages/user_write: add more user creation options ( #4367 )
...
* add more user creation options
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update blueprints and docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-05 15:46:20 +01:00
e6b5810e03
polices/hibp: remove deprecated ( #4363 )
...
* remove hibp
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* don't save event matcher apps in migrations
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup migrations
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update docs, update some phrasing
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-05 13:19:26 +01:00
78b711ec9d
Merge branch 'version-2022.12'
2023-01-05 10:41:54 +01:00
ac07833688
release: 2022.12.2
2023-01-05 10:01:30 +01:00
730139e43c
*: improve general tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-04 22:40:09 +01:00
24e8915e0a
providers/proxy: add tests for proxy basic auth ( #4357 )
...
* add tests for proxy basic auth
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* stop bandit from complaining
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add API tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* more tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-04 22:40:06 +01:00
3e7320734c
*: improve general tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-04 22:26:55 +01:00
3131e557d9
providers/proxy: add tests for proxy basic auth ( #4357 )
...
* add tests for proxy basic auth
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* stop bandit from complaining
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add API tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* more tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-04 22:04:16 +01:00
dc1359a763
providers/saml: initial SLO implementation ( #2346 )
...
* providers/saml: initial SLO implementation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* providers/saml: add logout request tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* providers/saml: add tests for POST SLO
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* matrix e2e tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix import
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* set e2e matrix name
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix imports
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* separate oidc and oauth tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add basic saml slo e2e tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add better metadata download url
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* kinda prepare release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* sort releases into folders
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add slo urls to website
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix linking
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add api tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-04 19:45:31 +01:00
1e01e9813d
providers/saml: add prefix to entity descriptor ( #4355 )
...
add prefix to entity descriptor
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-04 16:44:52 +01:00
e887a315be
providers/oauth2: correctly advertise supported response_modes_supported
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-04 10:21:34 +01:00
4b93f40c5e
providers/oauth2: fix null amr value not being removed from id_token
...
closes #4339
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-03 00:41:18 +01:00
57400925a4
providers/saml: don't error if no request in API serializer context
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-03 00:14:16 +01:00
2dc0792d9e
stages/email: remove unused import
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-02 09:28:26 +01:00
fde848ee51
admin: remove unused import
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-02 00:12:14 +01:00
e9d52282b7
admin: use matching environment for system API
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-01 23:58:12 +01:00
c810628fe3
stages/email: use pending user correctly
...
closes #4318
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-01 23:50:57 +01:00
de0a5191f7
core: remove unused import
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-01 23:50:42 +01:00
93e20bce2e
core: don't use inline_serializer for user operations
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-01 23:16:44 +01:00
960a2aab74
crypto: fix type for has_key
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-01 23:14:19 +01:00
2cae6596eb
core: cleanup
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-01 23:01:08 +01:00
11b1eb4173
stages/email: make template tests less flaky
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-01 23:00:32 +01:00
3980eea7c6
web/flows: rework error display, always use ak-stage-flow-error instead of shell
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-01 21:43:44 +01:00
9fdfb8c99b
stages/dummy: add toggle to throw error for debugging
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-01 21:25:53 +01:00
5cab280759
stages/captcha: fix captcha not loading correctly, add tests
...
closes #4320
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-01 18:15:41 +01:00
9d422918b3
stages/prompt: use stage.get_pending_user() to fallback to the correct user
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-30 20:38:15 +01:00
2c42c87689
release: 2022.12.1
2022-12-30 13:43:42 +01:00
8262a47455
core: bump packaging from 21.3 to 22.0 ( #4181 )
...
* core: bump packaging from 21.3 to 22.0
Bumps [packaging](https://github.com/pypa/packaging ) from 21.3 to 22.0.
- [Release notes](https://github.com/pypa/packaging/releases )
- [Changelog](https://github.com/pypa/packaging/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pypa/packaging/compare/21.3...22.0 )
---
updated-dependencies:
- dependency-name: packaging
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* remove LegacyVersion
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-30 12:07:25 +01:00
bd56922a2f
blueprints: watch blueprints directory and trigger tasks ( #4309 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-30 11:30:18 +01:00
68b58fb73c
blueprints: fix error when entry with state absent doesn't exist
...
closes #4305
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-29 21:55:17 +01:00
97513467ad
blueprints: disallow flow token
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-29 21:54:56 +01:00
ce5d1fd80d
blueprints: Resolve yamltags in state and model attributes ( #4299 )
...
* Fixed state and model attributes not resolving yaml tags
* Linting
2022-12-29 10:05:32 +01:00
b1020fde64
web/elements: render ak-seach-select dropdown correctly in modals
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-28 20:38:57 +01:00
f0e121c064
api: add filter backend for secret key to allow access to tenants and certificates
...
closes #4182
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-28 18:59:25 +01:00
2b2323fae7
outposts: include hostname in outpost heartbeat
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-28 16:07:52 +01:00
24eb4ed963
release: 2022.12.0
2022-12-28 13:00:49 +01:00
b16d1134ea
core: add endpoints to add/remove users from group atomically
...
closes #4252
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-28 10:50:30 +01:00
20a4dfd13d
stages/invitation: fix incorrect pk check for invitation's flow
...
closes #4278
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-27 13:55:51 +01:00
8f3579ba45
blueprints: add `!If` tag ( #4264 )
...
* Added \!If tag
* Fix typo
* Removed trailing whitespace
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
* format blueprint fixtures
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-26 16:20:22 +01:00
ae13fc3b92
policies: make name required
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-25 14:46:48 +01:00
94b9ebb0bb
blueprints: add Env tag
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-24 20:41:51 +01:00
1b86a3d5d6
Merge branch 'version-2022.11'
2022-12-23 14:39:52 +01:00
8b710b57a5
root: don't send traces in testing
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 14:37:58 +01:00
9dc0bb2a77
release: 2022.11.4
2022-12-23 14:17:48 +01:00
2d827eaae1
security: fix CVE 2022 23555 ( #4274 )
...
* add flow to invitation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* show warning on invitation page
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add security advisory
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 14:16:30 +01:00
47d79ac28c
security: fix CVE 2022 46172 ( #4275 )
...
* fallback to current user in user_write, add flag to disable user creation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update api and web ui
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update default flows
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add cve post to website
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 14:16:26 +01:00
9f846d94be
security: fix CVE 2022 23555 ( #4274 )
...
* add flow to invitation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* show warning on invitation page
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add security advisory
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 14:13:49 +01:00
84fbeb5721
security: fix CVE 2022 46172 ( #4275 )
...
* fallback to current user in user_write, add flag to disable user creation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update api and web ui
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update default flows
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add cve post to website
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 14:12:58 +01:00
01da8e1792
providers/oauth2: optimise and cache signing key, prevent key being loaded multiple times
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 12:04:31 +01:00
42c278b4f8
root: migrate to hosted sentry with rate-limited DSN
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 11:18:26 +01:00
e52c964354
flows: fix redirect from plan context "redirect" not being wrapped in flow response
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-22 23:28:26 +01:00
c635487210
blueprints: better OCI support in UI ( #4263 )
...
use oci:// prefix to detect oci blueprint, add UI support
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-22 18:49:25 +01:00
fb09df26c9
core: fix lint
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-22 17:56:05 +01:00
e4e7a112e3
web: use version family subdomain for in-app doc links
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-22 17:03:08 +01:00
042865c606
blueprints: add conditions to blueprint schema
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-21 18:59:17 +01:00
7f662ac2f3
blueprints: Added conditional entry application ( #4167 )
...
* blueprints: Added !AsBool tag
* Renamed AsBool tag to Condition
* Added conditions attributed to BlueprintEntry
* Added docs for the conditions attribute of a blueprint entry
* Website linting fix
* add new tag to vscode settings
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-21 17:04:00 +00:00
609f95ac97
providers: add preview for mappings ( #4254 )
...
* preview
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/admin: show provider page on application page
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use oauth2 end session url instead of direct interface
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* dont show provider page on application page for now
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add UI for preview
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* translate and release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix lint
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* separate saml api files
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add api tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-21 12:13:11 +01:00
027ca88d83
lib: enable sentry profiles_sample_rate
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-19 12:51:22 +01:00
ec925491b2
stages/captcha: customisable URLs ( #3832 )
...
* make api and js url customisable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use recaptcha.net domains
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add form
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* regen locale
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-18 14:18:43 +01:00
3418943949
root: allow custom settings via python module
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-15 10:59:14 +01:00
8d169a8bd9
Merge branch 'version-2022.11'
2022-12-12 17:05:39 +00:00
f47ce9a360
stages/user_login: prevent double success message when logging in via source
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-12 16:34:16 +00:00
01a897dbc2
flows: set stage name and verbose_name for in_memory stages
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-12 16:22:48 +00:00
fddcb3a835
events: remove legacy logger declaration
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-12 15:32:06 +00:00
5d51621278
stages/user_write: always ignore `component` field and prevent warning
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-12 15:31:56 +00:00
9ffc720f48
policies: log correct cache state
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-12 15:31:41 +00:00
4d8978ea90
bleuprints: fix flaky test
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-09 11:04:44 +00:00
8d13235b74
blueprints: fixed bug causing filtering with an empty query ( #4106 )
...
* Fixed bug causing filtering with an empty query
Fixed bug allowing blueprint import to filter for existing models using an empty query.
The code only checks if the `identifiers` dict is empty, but `__query_from_identifier` skips identifier member values of type `dict` or keys == `pk`, so it is possible to produce an empty query if an `identifier` consists of just `dict` type members or "pk" key.
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
* Added test case
* Added support for using dict fields as blueprint entry identifiers
* Disabled pylint too-many-locals for _validate_single
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
2022-12-06 12:06:25 +01:00
44bf9a890e
release: 2022.11.3
2022-12-02 23:00:59 +02:00
58cd6007b2
Merge branch 'version-2022.11'
2022-12-02 18:12:38 +02:00
db95dfe38d
security: fix CVE 2022 46145 ( #4140 )
...
* add flow authentication requirement
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add website for cve
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* flows: handle FlowNonApplicableException without policy result
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-02 16:14:25 +01:00
1f7d52c5ce
blueprints: Support nested custom tags in `!Find` and `!Format` tags ( #4127 )
...
* Added support for nested tags to !Find and !Format
* Added tests
* Fix variable names
* Added docs
* Fixed small mistake in tests
* Fixed variable names
* Broke example into multiple lines
2022-12-01 16:10:26 +01:00
3251bdc220
events: improve handling creation of events with non-pickleable objects
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-01 15:56:28 +02:00
2a4daa5360
release: 2022.11.2
2022-12-01 10:41:29 +02:00
e1a6dede54
*: backport CVE-2022-46145 fix
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-01 10:41:26 +02:00
cf40e5047e
policies: don't log context when policy returns None
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-30 14:43:47 +02:00
d5329432fe
lib: fix uploaded files not being saved correctly, add tests
...
closes #4110 #4109 #4107
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-30 12:48:33 +02:00
5156aeee0f
policies/password: Always add generic message to failing zxcvbn check ( #4100 )
...
* Always add generic message to failing zxcvbn password policy
Depending on the settings, sometimes a password policy that checks a password with the zxcvbn tool can fail without any message.
For example:
```
$ echo 'Awdccdw1234' | zxcvbn | jq | grep "feedback" -A 5 -B 1
Password:
"score": 3,
"feedback": {
"warning": "",
"suggestions": []
}
}
```
As seen above the tool does not produce any warnings or suggestions for the given password, but if the password policy is set to have a zxcvbn threshold of 3, the policy will silently fail without communicating the reason to the user.
There are two ways to handle this:
1. Always add a generic "password is too weak" message when the policy fails.
2. Check if there are any suggestions or warnings from the zxcvbn tool and only add the generic message if not.
I personally prefer 1. This way the generic message will be shown whenever the policy fails, and will get combined with extra "tips" whenever zxcvbn has some.
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
* Update authentik/policies/password/models.py
Co-authored-by: Jens L. <jens@beryju.org>
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
* Added test case
* fix black formatting
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: Jens L. <jens@beryju.org>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-30 07:58:16 +00:00
e22fce02f8
stages/authenticator_validate: improve validation for not_configured_action
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-28 10:52:51 +01:00
e2bd96c5de
stages/authenticator_validate: fix validation to ensure configuration stage is set
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-25 21:37:52 +01:00
f8ef2b666f
events: fix incorrect EventAction being used
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-25 11:53:05 +01:00
a9909fcf6d
providers/oauth2: set amr values based on login event
...
closes #4070
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-25 11:21:59 +01:00
1fa9b3a996
providers/saml: set AuthnContextClassRef based on login event
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#4070
2022-11-25 11:21:45 +01:00
5019346ab6
events: save login event in session after login
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#4070
2022-11-25 11:21:00 +01:00
f22f1ebcde
stages/authenticator_validate: save used mfa devices in login event
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-25 10:47:49 +01:00
1c2cdfe06a
web/flows: improve error messages for failed duo push
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-24 13:42:13 +01:00
d0308a8239
stages/authenticator_validate: log duo error
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-24 11:36:43 +01:00
6843c8389b
stages/authenticator_duo: fix imported duo devices not being confirmed
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-24 11:36:34 +01:00
3a13d19695
release: 2022.11.1
2022-11-22 21:42:10 +01:00
ed7bef9dbf
blueprints: open fixtures in read only mode
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-22 21:39:30 +01:00
b9fdb63a57
core: fix lint
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-22 21:02:18 +01:00
5262d89505
core: fix tab-complete in shell
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-22 20:30:00 +01:00
ab3d47c437
blueprints: add desired state attribute to objects ( #4061 )
...
* add state attribute to delete objects
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tests, move yaml from block to files
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add state to docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* only try to format
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-22 14:27:20 +01:00
14cd52686d
stages/email: add test for email translation
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#3885
2022-11-22 14:14:42 +01:00
1a39754fe9
*: don't return values in test suites
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-22 11:38:34 +01:00
5b8223808e
Merge branch 'version-2022.11'
2022-11-21 22:14:33 +01:00
14f341f504
web/admin: fix error when importing duo devices
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-21 21:36:10 +01:00
20c1770ec4
release: 2022.11.0
2022-11-21 20:12:02 +01:00
a2e512c36c
stages/authenticator_validate: add flag to configure user_verification for webauthn devices
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-21 17:52:37 +01:00
3c2da8138d
stages/invitation: directly delete invitation now that flow plan is saved in email token
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-21 14:55:49 +01:00
426f0bc9dd
events: deepcopy event kwargs to prevent objects being removed, remove workaround
...
closes #4041
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-21 12:31:17 +01:00
cc3ab141e5
policies: only cache policies for authenticated users
...
closes #4033
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-18 21:06:53 +01:00
c158ef80db
*: fix remaining old cache keys
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-18 16:18:32 +01:00
9f5fb692ba
sources: add custom icon support ( #4022 )
...
* add source icon
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add to oauth form
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add to other browser sources
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add migration, return icon in UI challenges
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* deduplicate file upload
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-16 14:10:10 +01:00
d67ec1b62f
lib: fix complex objects being included in event context for ak_create_event
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-15 16:51:02 +01:00
e5241ac574
core: fix error when propertymappings return complex value
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-15 16:28:15 +01:00
276af8457d
root: make sentry DSN configurable ( #4016 )
...
* make sentry DSN configurable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* make proxy smarter
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix typo in config struct
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-15 16:05:29 +01:00
55aa1897af
root: use single redis db ( #4009 )
...
* use single redis db
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup prefixes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* ensure __str__ always returns string
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix remaining old prefixes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-15 14:31:29 +01:00
9f269faf53
stages/authenticator_*: cleanup
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-15 13:46:00 +01:00
9bde7ef59e
Revert "stages/authenticator_*: directly save devices into db instead of session to prevent race conditions"
...
closes #4008
This reverts commit 538c2ca4d3
2022-11-15 11:35:53 +01:00
88594075b2
policies/password: merge hibp add zxcvbn ( #4001 )
...
* initial zxcvbn
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add api and port tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* more tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add ui
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add api diff
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-14 14:42:43 +01:00
ffe6f65af5
outposts/kubernetes: ingress class ( #4002 )
...
* add support for ingressClassName
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add option to disable ssl verification for k8s controller
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update website
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-14 14:24:11 +01:00
4095c422df
core: bump python from 3.10.7-slim-bullseye to 3.11.0-slim-bullseye ( #3864 )
...
* core: bump python from 3.10.7-slim-bullseye to 3.11.0-slim-bullseye
Bumps python from 3.10.7-slim-bullseye to 3.11.0-slim-bullseye.
---
updated-dependencies:
- dependency-name: python
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* bump project
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* bump deps
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* bump ci to 3.11
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix formatting
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-13 14:20:55 +01:00
5d8dd9cf3f
blueprints: Fixed bug causing blueprint instance context be discarded ( #3990 )
...
Fixed bug causing blueprint instance context be discarded when applying a blueprint.
2022-11-12 13:23:33 +01:00
3306003f0e
providers/oauth2: fix inconsistent expiry encoded in JWT
...
- access token validity is used for JWTs issues in implicit flows
- general cleanup of how times are set
closes #2581
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-10 20:23:24 +01:00
85c790728f
core: simplify group serializer for user API endpoint ( #3899 )
...
* core/api: Adding simple group serializer to improve user retrieval performance
Due to the exhaustive use of the user_obj the performance suffers
greatly if the users are assigned to large groups. This simple fix adds
a new serializer that does not expose the user_obj within a group.
* core/api: Update schema
Update to the schema based on the new SimpleGroupSerializer
* core/api: Fix black and pylint
* make naming consistent, remove unnecessary fields
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-09 11:19:40 +01:00
47132faffb
root: relicense and launch blog post
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-03 16:00:00 +01:00
cd0d898a4b
events: sanitize generator for json safety
...
closes #3903
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-31 20:30:11 +01:00
Jens L
sdimovv
dependabot[bot]
Ongy
risson
Jens L
Ellis Percival
Aaron Carson
Loan J
jmptbl
Daniel