authentik

Commit Graph

Author	SHA1	Message	Date
Jens L	86f9056d3f	core: fix url validator (#4957 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-15 12:00:57 +01:00
Jens L	73d7b5f110	root: add common fixture loader (#4946 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-14 17:13:03 +01:00
Jens L	4b1440944e	providers: fix authorization_flow not required in API (#4932 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-13 23:36:24 +01:00
Jens L	59a92dbacd	stages/authenticator_webauthn: remove credential_id size limit (#4931 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-13 21:24:10 +01:00
Jens L	6f6d22da13	release: 2023.3.0 (#4925 )	2023-03-13 19:10:48 +01:00
Jens L	fab6a8f8c9	stages/user_login: expiry before login (#4920 ) * stages/user_write: run set_expiry before login, so that session used in Signal has correct expiry Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-13 15:31:06 +01:00
Jens L	178bfe1d44	providers/scim: handle ServiceProviderConfig 404 (#4915 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-13 13:44:29 +01:00
Jens L	94f22cffba	root: fix session middleware for websocket connections (#4909 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-12 16:47:19 +01:00
Jens L	10b7d78825	events: set task start time before start not on init (#4908 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-12 15:13:04 +01:00
dependabot[bot]	0ef333f8ea	core: bump bandit from 1.7.4 to 1.7.5 (#4896 ) * core: bump bandit from 1.7.4 to 1.7.5 Bumps [bandit](https://github.com/PyCQA/bandit) from 1.7.4 to 1.7.5. - [Release notes](https://github.com/PyCQA/bandit/releases) - [Commits](https://github.com/PyCQA/bandit/compare/1.7.4...1.7.5) --- updated-dependencies: - dependency-name: bandit dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2023-03-10 12:06:59 +01:00
Jens L	86bb2afd02	core: add validator which allows for URLs with formatting (#4890 )	2023-03-10 00:16:17 +01:00
Jens L	b6b820f6f1	web: toggle dark/light theme manually (#4876 )	2023-03-09 23:17:53 +01:00
Jens L	6ae2fc9668	providers/SCIM: customizable externalId, document behavior (#4868 ) * only set externalId if mapping hasn't set it Signed-off-by: Jens Langhammer <jens@goauthentik.io> * better document use of SCIM in conjunction with OAuth/SAML Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-08 00:15:16 +01:00
Jens L	67f3db1e03	core: enforce unique on names where it makes sense (#4866 ) enforce unique on names where it makes sense Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-07 23:52:34 +01:00
Jens L	9559bc2e1e	providers/scim: add option to filter out service accounts, parent group (#4862 ) * add option to filter out service accounts, parent group Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rename to filter group Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rework sync card to show scim sync status Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-07 15:39:48 +01:00
Jens L	28ddeb124f	providers: SCIM (#4835 ) * basic user sync Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add group sync and some refactor Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start API Signed-off-by: Jens Langhammer <jens@goauthentik.io> * allow null authorization flow Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add UI Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make task monitored Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add missing dependency Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make authorization_flow required for most providers via API Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more UI Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make task result better readable, exclude anonymous user Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add task UI Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add scheduled task for all sync Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make scim errors more readable Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add mappings, migrate to mappings Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add mapping UI and more Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add scim docs to web Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start implementing membership Signed-off-by: Jens Langhammer <jens@goauthentik.io> * migrate signals to tasks Signed-off-by: Jens Langhammer <jens@goauthentik.io> * migrate fully to tasks Signed-off-by: Jens Langhammer <jens@goauthentik.io> * strip none keys, fix lint errors Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix things Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start adding tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix saml Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add scim schemas and validate against it Signed-off-by: Jens Langhammer <jens@goauthentik.io> * improve error handling Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add group put support, add group tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * send correct application/scim+json headers Signed-off-by: Jens Langhammer <jens@goauthentik.io> * stop sync if no mappings are confiugred Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add test for task sync Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add membership tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use decorator for tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make tests better Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-06 19:39:08 +01:00
dependabot[bot]	e08536af33	web: bump mermaid from 10.0.1 to 10.0.2 in /web (#4837 ) * web: bump mermaid from 10.0.1 to 10.0.2 in /web Bumps [mermaid](https://github.com/mermaid-js/mermaid) from 10.0.1 to 10.0.2. - [Release notes](https://github.com/mermaid-js/mermaid/releases) - [Changelog](https://github.com/mermaid-js/mermaid/blob/develop/CHANGELOG.md) - [Commits](https://github.com/mermaid-js/mermaid/compare/v10.0.1...v10.0.2) --- updated-dependencies: - dependency-name: mermaid dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * fix failing bandit check Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2023-03-03 10:27:16 +01:00
Jens L	9370d155f8	sources/plex: fix check_token error unusable if token is empty (#4834 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-02 22:21:54 +00:00
Jens L	972dce1462	security: fix CVE-2023-26481 (#4832 ) fix CVE-2023-26481 Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-02 20:15:33 +01:00
Jens L	7b44d8972f	stages/authenticator_sms: fix twilio sending, add test (#4829 ) closes #4823 Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-02 14:39:28 +01:00
sdimovv	a6eba37d5a	core: Add `resolve_dns` and `reverse_dns` functions to evaluator (#4769 ) * Add resolve_dns * Add reverse_dns * Fix lint * add caching, small optimisation Signed-off-by: Jens Langhammer <jens@goauthentik.io> * Added time-aware LRU cache --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2023-03-01 22:15:13 +01:00
Jens L	20e971f5ce	flows: planner error handling (#4812 ) * handle FlowNonApplicableException everywhere Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make flow planner check authentication when no pending user is in planning context Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add mailhog to e2e test services, remove local docker requirement Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-28 15:18:29 +01:00
Jens L	118765ab30	web: fetch custom.css via fetch and add stylesheet (#4804 ) * web: fetch custom.css via fetch and add stylesheet Signed-off-by: Jens Langhammer <jens@goauthentik.io> * don't hardcode path Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-27 19:54:19 +01:00
Jens L	5e60db8593	providers/oauth2: fix typo (#4803 )	2023-02-27 17:17:48 +01:00
Jens L	39d0893303	flows: change default flow stage binding settings (#4784 ) * flows: change default flow stage binding settings Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fallback to correct value Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-27 15:21:26 +01:00
Jens L	596ff529c4	core: bootstrap email (#4788 )	2023-02-26 17:02:45 +01:00
Jens L	26f3275361	sources/ldap: improve error handling for password complexity (#4780 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-24 10:39:43 +00:00
Jens L	b7e4ad7234	web/user: fix source connections not being filtered (#4778 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-24 10:22:02 +00:00
Jens L	80f4fccd35	providers/oauth2: OpenID conformance (#4758 ) * don't open inspector by default when debug is enabled Signed-off-by: Jens Langhammer <jens@goauthentik.io> * encode error in fragment when using hybrid grant_type Signed-off-by: Jens Langhammer <jens@goauthentik.io> * require nonce for all response_types that get an id_token from the authorization endpoint Signed-off-by: Jens Langhammer <jens@goauthentik.io> * don't set empty family_name Signed-off-by: Jens Langhammer <jens@goauthentik.io> * only set at_hash when response has token Signed-off-by: Jens Langhammer <jens@goauthentik.io> * cleaner way to get login time Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove authentication requirement from authentication flow Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use wrapper Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix auth_time not being handled correctly Signed-off-by: Jens Langhammer <jens@goauthentik.io> * minor cleanup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add test files Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove USER_LOGIN_AUTHENTICATED Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rework prompt=login handling Signed-off-by: Jens Langhammer <jens@goauthentik.io> * also set last login uid for max_age check to prevent double login when max_age and prompt=login is set Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-23 15:26:41 +01:00
Jens L	122055b38b	stages/user_login: terminate others (#4754 ) * rework session list Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use sender filtering for signals when possible Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add terminate_other_sessions Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-22 14:09:28 +01:00
sdimovv	c4e24c04f6	core: Improve service account creation (#4751 ) * Added ability to select service account token expiration on creation * Added call to user.set_unusable_password on service account creation * Added forgotten call to save() * Added and improved existsing tests * Added accidentally deleted help text * Fix lint	2023-02-22 13:19:01 +01:00
Jens Langhammer	1f7178c3a8	providers/oauth2: remove unused import Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-22 11:11:20 +01:00
Jens Langhammer	cfa2edebcf	providers/oauth2: revert PKCE requirement for public clients Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-21 23:51:27 +01:00
sdimovv	175502b053	core: Fix bug causing whitespace only names to raise exception when generating avatars (#4746 ) Fix bug causing whitespace only names to raise exception when generating avatars Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>	2023-02-21 16:19:19 +01:00
Jens Langhammer	9e82de33e6	lib: remove unused imports Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-21 11:00:54 +01:00
Jens Langhammer	d2cfb76a7c	root: don't trace websockets to sentry Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-20 21:32:35 +01:00
Jens Langhammer	327d87355d	lib: improve caching of gravatar status closes #4711 Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-20 12:41:09 +01:00
Jens Langhammer	b415e9b773	core: remove avatar from group user member list Signed-off-by: Jens Langhammer <jens@goauthentik.io> #4711	2023-02-20 12:40:42 +01:00
Jens Langhammer	1ac2e924a2	core: fix error when creating token without request in context closes #4716 Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-19 17:31:20 +01:00
Jens Langhammer	0874574e5c	*: add additional prometheus metrics, remove unusable high entropy metrics Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-19 17:08:40 +01:00
Jens Langhammer	069e9c015b	events: fix m2m_change events not being logged Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-19 16:28:30 +01:00
Jens Langhammer	c6ead3dc49	providers/oauth2: make PKCE required for public clients Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-17 18:08:39 +01:00
Jens Langhammer	f749027143	root: don't log django request warnings Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-17 18:08:18 +01:00
Jens Langhammer	153bd3aaf1	sources/oauth: fix not all token errors being logged with response Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-17 13:22:41 +01:00
Jens Langhammer	1a57d453ba	providers/oauth2: fix missing information for Revoked token access events Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-16 14:47:07 +01:00
Jens Langhammer	d842fc4958	release: 2023.2.2	2023-02-15 19:53:42 +01:00
Jens Langhammer	bff34cc5dc	root: use channel send workaround for sync sending of websocket messages Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-15 16:08:01 +01:00
Jens Langhammer	7f009f6d02	flows: include flow authentication requirement in diagram closes #4533 Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-15 16:04:45 +01:00
Jens Langhammer	c8c401e2c5	lib: don't try to cache generated avatar with full user, only cache with name closes #4690 Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-15 10:49:13 +01:00
Jens Langhammer	80de3ee853	release: 2023.2.1	2023-02-14 18:52:36 +01:00
Jens Langhammer	deb91bd12b	sources/ldap: add LDAP Debug endpoint Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-14 16:06:54 +01:00
Jens Langhammer	81d70e5d41	release: 2023.2.0	2023-02-14 13:15:47 +01:00
Jens L	ec42b597ab	providers/proxy: send token request internally, with overwritten host header (#4675 ) * send token request internally, with overwritten host header Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-13 16:34:47 +01:00
Jens Langhammer	925477b3a2	policies: raise sentry-ignored error for invalid PolicyEngine parameters Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-13 13:23:07 +01:00
Jens Langhammer	cefc1a57ee	core: handle error when cleaning up sessions and cached session can't be loaded Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-13 13:22:34 +01:00
Jens Langhammer	53b25d61f7	events: use colon as separator for task name and task UID Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-13 12:06:29 +01:00
Jens Langhammer	1240ed6c6d	providers/oauth2: fix inconsistency in event client_credentials created events Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-13 11:17:03 +01:00
Jens Langhammer	4f868c2ef2	events: dont log oauth temporary model creation Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-12 16:55:45 +01:00
sdimovv	b69e55eae9	core: Add support for auto generating unique avatars based on the user's initials (#4663 )	2023-02-12 16:35:17 +01:00
Jens Langhammer	c5870fcab2	core: fix missing uniqueness validator on user api closes #4665 Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-11 21:08:51 +01:00
Jens Langhammer	8850446bc2	admin: fix schema generation warning Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-11 21:08:48 +01:00
sdimovv	10b9878f03	providers/saml: fix mismatched SAML SLO Urls (#4655 ) * Fix SLO URL Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com> * Fixed SAML SLO URLs * Revert "Fix SLO URL" This reverts commit `664051934b`. --------- Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>	2023-02-10 20:30:38 +01:00
Jens Langhammer	8de92943ab	providers/saml: fix invalid SAML provider metadata, add schema tests Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-10 12:32:18 +01:00
Jens L	af43330fd6	providers/oauth2: rework OAuth2 Provider (#4652 ) * always treat flow as openid flow Signed-off-by: Jens Langhammer <jens@goauthentik.io> * improve issuer URL generation Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more refactoring Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update introspection Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more refinement Signed-off-by: Jens Langhammer <jens@goauthentik.io> * migrate more Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix more things, update api Signed-off-by: Jens Langhammer <jens@goauthentik.io> * regen migrations Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix a bunch of things Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start updating tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix implicit flow, auto set exp Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix timeozone not used correctly Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix revoke Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more timezone shenanigans Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix userinfo tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update web Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix proxy outpost Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix api tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix missing at_hash for implicit flows Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * re-include at_hash in implicit auth flow Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use folder context for outpost build Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-09 20:19:48 +01:00
Jens Langhammer	1be792fbd8	policies/event_matcher: fix empty app label not being allowed, require at least 1 criteria closes #4643 Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-08 23:29:59 +01:00
Jens Langhammer	ec9085ff06	providers/oauth2: don't use policy cache for token requests Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-07 23:53:50 +01:00
Jens Langhammer	00a16bee76	web/elements: add dropdown css to DOM directly instead of including Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-05 23:32:54 +01:00
Jens Langhammer	66aabcc371	providers/oauth2: fix token login event args not set correctly Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-05 00:45:54 +01:00
Jens Langhammer	388367785d	*/saml: disable pretty_print, add signature tests closes #4536 Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-03 15:42:09 +01:00
Jens L	798245b8db	providers/oauth2: optimise client credentials JWT database lookup (#4606 )	2023-02-02 19:15:19 +01:00
Jens Langhammer	f98b5b651b	admin: remove import Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-02 14:19:25 +01:00
Jens Langhammer	2113029a14	admin: allow post to system info api endpoint for debugging Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-02 11:09:03 +01:00
dependabot[bot]	c590cb86cf	core: bump pylint from 2.15.10 to 2.16.0 (#4600 ) * core: bump pylint from 2.15.10 to 2.16.0 Bumps [pylint](https://github.com/PyCQA/pylint) from 2.15.10 to 2.16.0. - [Release notes](https://github.com/PyCQA/pylint/releases) - [Commits](https://github.com/PyCQA/pylint/compare/v2.15.10...v2.16.0) --- updated-dependencies: - dependency-name: pylint dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * fix lint Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2023-02-02 11:05:46 +01:00
Jens Langhammer	dbf2bd5aba	blueprints: handle error when blueprint entry identifier field does not exist closes #4588 Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-01 19:45:36 +01:00
Jens Langhammer	f2386f126e	core: fix inconsistent branding in end_session view Signed-off-by: Jens Langhammer <jens@goauthentik.io> #4586	2023-02-01 19:40:59 +01:00
Jens Langhammer	ffc97905f3	events: prevent error when request fails without response closes #4589 Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-01 19:40:02 +01:00
dependabot[bot]	18cfe67719	core: bump black from 22.12.0 to 23.1.0 (#4584 ) * core: bump black from 22.12.0 to 23.1.0 Bumps [black](https://github.com/psf/black) from 22.12.0 to 23.1.0. - [Release notes](https://github.com/psf/black/releases) - [Changelog](https://github.com/psf/black/blob/main/CHANGES.md) - [Commits](https://github.com/psf/black/compare/22.12.0...23.1.0) --- updated-dependencies: - dependency-name: black dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * re-format Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2023-02-01 11:31:32 +01:00
Jens Langhammer	e5ba5d51fe	events: improve sanitising for tuples and sets Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-31 19:19:22 +01:00
Ellis Percival	eb60bba0d5	providers/oauth2: cast user.pk to string when using it for token 'sub' value (#4570 )	2023-01-30 15:38:10 +00:00
Aaron Carson	c05d6b96a2	stages/prompt: set UUID to be a string (#4563 )	2023-01-30 00:02:12 +01:00
Jens Langhammer	72168fae29	providers/oauth2: add user id as "sub" mode Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-29 16:15:03 +01:00
Jens Langhammer	96eeb91493	providers/oauth2: only set auth_time in ID token when a login event is stored in the session Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-29 16:00:19 +01:00
Jens L	627e8a250e	tests: run e2e tests in random order (#4550 ) * run e2e tests randomly Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix test_ldap_bind_search Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-27 23:57:53 +01:00
Jens Langhammer	ecb1ce8135	core: fix token's set_key accessing data incorrectly also add tests closes #4551 Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-27 23:57:35 +01:00
Jens Langhammer	5631a99f00	stages/prompt: fallback to uuid for unique names Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-25 23:29:26 +01:00
Jens Langhammer	36f8f8bae5	stages/prompt: fix mismatched name field in migration Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-25 14:46:40 +01:00
Jens Langhammer	68058fb2ae	stages/authenticator_validate: fix error with passwordless webauthn login, improve tests closes #4527 Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-25 14:45:00 +01:00
Jens L	53b65a9d1a	stages/prompt: field name (#4497 ) * add prompt field name Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove numerical prefix Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix missing name Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use text field Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add description label Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add migrate blueprint to remove old stages Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add task to remove unretrievable blueprints Signed-off-by: Jens Langhammer <jens@goauthentik.io> * lint Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix blueprint test paths Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * actually fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests even more Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix fixtures Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-24 12:23:22 +01:00
Jens Langhammer	16076cc46f	outposts: fallback to ghcr Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-24 10:47:30 +01:00
Jens Langhammer	b2d272bf6f	api: fix lint Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-23 20:19:03 +01:00
Jens Langhammer	31ef6fb6a6	core: delete session when user is set to inactive Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-23 16:24:30 +01:00
Jens Langhammer	c9c059a008	api: ensure user is active when authenticating Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-23 16:24:30 +01:00
Jens Langhammer	9397598376	release: 2023.1.2	2023-01-23 14:25:55 +01:00
Jens Langhammer	91ffe4e7f9	stages/user_write: fix migration setting wrong value, fix form Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-23 14:05:41 +01:00
Jens Langhammer	430a207865	release: 2023.1.1	2023-01-23 11:34:58 +01:00
Jens Langhammer	1ce2a1b846	stages/email: update tests Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-23 10:43:49 +01:00
Loan J	4731ccfafe	stages/email: fix a typo in email template (#4485 ) fix a typo in main content Signed-off-by: Loan J <joliveau.loan@gmail.com> Signed-off-by: Loan J <joliveau.loan@gmail.com>	2023-01-23 10:22:49 +01:00
jmptbl	c1b9b5c5e2	stages/authenticator_totp: url quote TOTP issuer instead of slugifying (#4482 ) * Fix TOTP issuer mangling * Fix OTP issuer mangling * sort imports Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2023-01-22 16:37:47 +00:00
Jens Langhammer	b288393cd4	stages/invitation: handle incorrectly formatted token closes #4481 Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-22 00:03:39 +01:00
Jens Langhammer	5736a1542c	stages/authenticator_sms: fix code not being sent when phone_number is in context Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-19 20:19:23 +01:00
Jens Langhammer	fc8fe5317a	stages: always use get_pending_user instead of getting context user Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-19 17:57:21 +01:00
Jens L	c61529e4d4	sources/ldap: add e2e LDAP source tests (#4462 ) * start adding more LDAP source tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * improve healthcheck Signed-off-by: Jens Langhammer <jens@goauthentik.io> * try local webdriver Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add full samba tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix locale types Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-19 15:03:56 +01:00
Jens Langhammer	a302a72379	crypto: fallback when no SAN values are given Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-18 19:40:24 +01:00
Jens L	e390f5b2d1	providers/oauth2: more x5c and ecdsa x/y tests (#4463 ) * add option to exclude x5* Signed-off-by: Jens Langhammer <jens@goauthentik.io> #4082 * cleanup jwks, add flaky test Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add workaround based on https://github.com/jpadilla/pyjwt/issues/709 Signed-off-by: Jens Langhammer <jens@goauthentik.io> * don't rstrip hashes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * keycloak seems to strip equals Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-18 18:11:36 +00:00
Jens Langhammer	60189ce9ca	add tests to prevent empty SAN Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-18 18:59:10 +01:00
Jens Langhammer	fdc445e6a1	ensure we don't generate an empty SAN certificate Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-18 18:44:41 +01:00
Jens Langhammer	49b6c71079	release: 2023.1.0	2023-01-18 15:49:45 +01:00
Jens Langhammer	6e0c9acb34	events: exclude base models from model audit log Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-18 15:11:33 +01:00
Jens L	23c69c456a	providers/proxy: add setting to intercept authorization header (#4457 ) * add setting to intercept authorization header Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rename to intercept_header_auth Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-17 18:56:48 +01:00
Jens L	c73fce4f58	sources/ldap: manual import (#4456 ) * events: fix task UID Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add ldap sync command Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-17 12:21:33 +01:00
Jens L	9568f4dbd6	root: improve code style (#4436 ) * cleanup pylint comments Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove more Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix url name Signed-off-by: Jens Langhammer <jens@goauthentik.io> * *: use ExtractHour instead of ExtractDay Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-15 17:02:31 +01:00
Jens Langhammer	143309448e	policies: ensure user is set Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-14 20:24:46 +01:00
Jens Langhammer	1f038ecee2	providers/oauth2: fallback to anonymous user for policy engine Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-14 20:22:06 +01:00
Jens Langhammer	1b1f2ea72c	providers/oauth2: actually fix import order Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-14 19:58:24 +01:00
Jens Langhammer	6e1a54753e	providers/oauth2: fix import order Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-14 19:56:12 +01:00
Jens Langhammer	67d1f06c91	providers/oauth2: use guardian anonymous user to get claims for provider info Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-14 19:53:43 +01:00
Jens Langhammer	d37de6bc00	policies: log full stacktrace Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-14 19:53:21 +01:00
Jens L	cd12e177ea	providers/proxy: add initial header token auth (#4421 ) * initial implementation Signed-off-by: Jens Langhammer <jens@goauthentik.io> * check for openid/profile claims Signed-off-by: Jens Langhammer <jens@goauthentik.io> * include jwks sources in proxy provider Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add web ui for jwks Signed-off-by: Jens Langhammer <jens@goauthentik.io> * only show sources with JWKS data configured Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix introspection tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start basic Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add basic auth Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add docs, update admonitions Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add client_id to api, add tab for auth Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update locale Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-13 16:22:03 +01:00
Jens Langhammer	31c6ea9fda	providers/oauth2: don't allow spaces in scope_name closes #4094 Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-13 16:20:37 +01:00
Jens L	20931ccc1d	providers/oauth2: correctly fill claims_supported based on selected scopes (#4429 ) * providers/oauth2: correctly fill claims_supported based on selected scopes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add nonce claim Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-13 14:14:25 +01:00
Jens L	36822c128c	admin: include task duration in API (#4428 ) include task duration in API Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-13 13:21:49 +01:00
Jens Langhammer	81e9f2d608	web/admin: fix overflow in aggregate cards Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-11 14:12:02 +01:00
Jens L	67a6fa6399	events: rework metrics (#4407 ) * rework metrics Signed-off-by: Jens Langhammer <jens@goauthentik.io> * change graphs to be over last week Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix Apps with most usage card Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-11 12:21:07 +01:00
Jens L	1ed24a5eef	blueprints: internal storage (#4397 ) * rework oci client Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add blueprint content Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add UI Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make path optional Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add validation Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-10 22:00:34 +01:00
Jens Langhammer	b555ccd549	sources/ldap: don't run membership sync if group sync is disabled Signed-off-by: Jens Langhammer <jens@goauthentik.io> #4392	2023-01-09 17:19:50 +01:00
Jens Langhammer	9445354b31	sources/ldap: only warn about missing groups when source is configured to sync groups closes #4392 Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-09 17:17:48 +01:00
Jens Langhammer	a1be924fa4	*: strip leading and trailing whitespace when reading config values from files also add a debug endpoint that dumps the go parsed config Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-09 15:29:22 +01:00
Jens Langhammer	47aba4a996	crypto: prevent creation of duplicate self-signed default certs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2023-01-06 16:51:07 +01:00
Jens Langhammer	001869641d	web: ensure img tags have alt attributes Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2023-01-06 12:44:51 +01:00
Jens Langhammer	bec538c543	sources/ldap: make task timeout adjustable closes #4375 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2023-01-06 12:37:59 +01:00
sdimovv	c63ba3f378	blueprints: Fix resolve model_name in `!Find` tag (#4371 ) Resolve model_name in !Find tag	2023-01-06 09:49:28 +01:00
sdimovv	53cab07a48	blueprints: Add `!Enumerate`, `!Value` and `!Index` tags (#4338 ) * Added For and Item tags * Removed Sequence node support from ForItem tag * Added ForItemIndex tag * Added support for iterating over mappings * Added support for mapping output body * Renamed tags: For to Enumerate, ForItem to Value, ForItemIndex to Index * Refactored tests * Formatting * Improved exception info * Improved error handing * Added docs * lint * Small doc improvements * Replaced deepcopy() call with call to copy() * Fix mistake in docs example * Fix missed "!" in example	2023-01-05 21:36:19 +01:00
Jens L	a960ce9454	stages/user_write: add more user creation options (#4367 ) * add more user creation options Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * update blueprints and docs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2023-01-05 15:46:20 +01:00
Jens L	e6b5810e03	polices/hibp: remove deprecated (#4363 ) * remove hibp Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * don't save event matcher apps in migrations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup migrations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * update docs, update some phrasing Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2023-01-05 13:19:26 +01:00
Jens Langhammer	78b711ec9d	Merge branch 'version-2022.12'	2023-01-05 10:41:54 +01:00
Jens Langhammer	ac07833688	release: 2022.12.2	2023-01-05 10:01:30 +01:00
Jens Langhammer	730139e43c	*: improve general tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2023-01-04 22:40:09 +01:00
Jens L	24e8915e0a	providers/proxy: add tests for proxy basic auth (#4357 ) * add tests for proxy basic auth Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stop bandit from complaining Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add API tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * more tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2023-01-04 22:40:06 +01:00
Jens Langhammer	3e7320734c	*: improve general tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2023-01-04 22:26:55 +01:00
Jens L	3131e557d9	providers/proxy: add tests for proxy basic auth (#4357 ) * add tests for proxy basic auth Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stop bandit from complaining Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add API tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * more tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2023-01-04 22:04:16 +01:00
Jens L	dc1359a763	providers/saml: initial SLO implementation (#2346 ) * providers/saml: initial SLO implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/saml: add logout request tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/saml: add tests for POST SLO Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * matrix e2e tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix import Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * set e2e matrix name Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix imports Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * separate oidc and oauth tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add basic saml slo e2e tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add better metadata download url Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * kinda prepare release notes Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * sort releases into folders Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add slo urls to website Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix linking Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add api tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * update docs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2023-01-04 19:45:31 +01:00
Jens L	1e01e9813d	providers/saml: add prefix to entity descriptor (#4355 ) add prefix to entity descriptor Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2023-01-04 16:44:52 +01:00
Jens Langhammer	e887a315be	providers/oauth2: correctly advertise supported response_modes_supported Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2023-01-04 10:21:34 +01:00
Jens Langhammer	4b93f40c5e	providers/oauth2: fix null amr value not being removed from id_token closes #4339 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2023-01-03 00:41:18 +01:00
Jens Langhammer	57400925a4	providers/saml: don't error if no request in API serializer context Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2023-01-03 00:14:16 +01:00
Jens Langhammer	2dc0792d9e	stages/email: remove unused import Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2023-01-02 09:28:26 +01:00
Jens Langhammer	fde848ee51	admin: remove unused import Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2023-01-02 00:12:14 +01:00
Jens Langhammer	e9d52282b7	admin: use matching environment for system API Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2023-01-01 23:58:12 +01:00
Jens Langhammer	c810628fe3	stages/email: use pending user correctly closes #4318 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2023-01-01 23:50:57 +01:00
Jens Langhammer	de0a5191f7	core: remove unused import Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2023-01-01 23:50:42 +01:00
Jens Langhammer	93e20bce2e	core: don't use inline_serializer for user operations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2023-01-01 23:16:44 +01:00
Jens Langhammer	960a2aab74	crypto: fix type for has_key Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2023-01-01 23:14:19 +01:00
Jens Langhammer	2cae6596eb	core: cleanup Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2023-01-01 23:01:08 +01:00
Jens Langhammer	11b1eb4173	stages/email: make template tests less flaky Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2023-01-01 23:00:32 +01:00
Jens Langhammer	3980eea7c6	web/flows: rework error display, always use ak-stage-flow-error instead of shell Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2023-01-01 21:43:44 +01:00
Jens Langhammer	9fdfb8c99b	stages/dummy: add toggle to throw error for debugging Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2023-01-01 21:25:53 +01:00
Jens Langhammer	5cab280759	stages/captcha: fix captcha not loading correctly, add tests closes #4320 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2023-01-01 18:15:41 +01:00
Jens Langhammer	9d422918b3	stages/prompt: use stage.get_pending_user() to fallback to the correct user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-30 20:38:15 +01:00
Jens Langhammer	2c42c87689	release: 2022.12.1	2022-12-30 13:43:42 +01:00
dependabot[bot]	8262a47455	core: bump packaging from 21.3 to 22.0 (#4181 ) * core: bump packaging from 21.3 to 22.0 Bumps [packaging](https://github.com/pypa/packaging) from 21.3 to 22.0. - [Release notes](https://github.com/pypa/packaging/releases) - [Changelog](https://github.com/pypa/packaging/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pypa/packaging/compare/21.3...22.0) --- updated-dependencies: - dependency-name: packaging dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * remove LegacyVersion Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-30 12:07:25 +01:00
Jens L	bd56922a2f	blueprints: watch blueprints directory and trigger tasks (#4309 ) Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-30 11:30:18 +01:00
Jens Langhammer	68b58fb73c	blueprints: fix error when entry with state absent doesn't exist closes #4305 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-29 21:55:17 +01:00
Jens Langhammer	97513467ad	blueprints: disallow flow token Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-29 21:54:56 +01:00
sdimovv	ce5d1fd80d	blueprints: Resolve yamltags in state and model attributes (#4299 ) * Fixed state and model attributes not resolving yaml tags * Linting	2022-12-29 10:05:32 +01:00
Jens Langhammer	b1020fde64	web/elements: render ak-seach-select dropdown correctly in modals Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-28 20:38:57 +01:00
Jens Langhammer	f0e121c064	api: add filter backend for secret key to allow access to tenants and certificates closes #4182 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-28 18:59:25 +01:00
Jens Langhammer	2b2323fae7	outposts: include hostname in outpost heartbeat Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-28 16:07:52 +01:00
Jens Langhammer	24eb4ed963	release: 2022.12.0	2022-12-28 13:00:49 +01:00
Jens Langhammer	b16d1134ea	core: add endpoints to add/remove users from group atomically closes #4252 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-28 10:50:30 +01:00
Jens Langhammer	20a4dfd13d	stages/invitation: fix incorrect pk check for invitation's flow closes #4278 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-27 13:55:51 +01:00
sdimovv	8f3579ba45	blueprints: add `!If` tag (#4264 ) * Added \!If tag * Fix typo * Removed trailing whitespace Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com> * format blueprint fixtures Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-26 16:20:22 +01:00
Jens Langhammer	ae13fc3b92	policies: make name required Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-25 14:46:48 +01:00
Jens Langhammer	94b9ebb0bb	blueprints: add Env tag Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-24 20:41:51 +01:00
Jens Langhammer	1b86a3d5d6	Merge branch 'version-2022.11'	2022-12-23 14:39:52 +01:00
Jens Langhammer	8b710b57a5	root: don't send traces in testing Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-23 14:37:58 +01:00
Jens Langhammer	9dc0bb2a77	release: 2022.11.4	2022-12-23 14:17:48 +01:00
Jens L	2d827eaae1	security: fix CVE 2022 23555 (#4274 ) * add flow to invitation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * show warning on invitation page Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add security advisory Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-23 14:16:30 +01:00
Jens L	47d79ac28c	security: fix CVE 2022 46172 (#4275 ) * fallback to current user in user_write, add flag to disable user creation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * update api and web ui Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * update default flows Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add cve post to website Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-23 14:16:26 +01:00
Jens L	9f846d94be	security: fix CVE 2022 23555 (#4274 ) * add flow to invitation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * show warning on invitation page Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add security advisory Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-23 14:13:49 +01:00
Jens L	84fbeb5721	security: fix CVE 2022 46172 (#4275 ) * fallback to current user in user_write, add flag to disable user creation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * update api and web ui Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * update default flows Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add cve post to website Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-23 14:12:58 +01:00
Jens Langhammer	01da8e1792	providers/oauth2: optimise and cache signing key, prevent key being loaded multiple times Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-23 12:04:31 +01:00
Jens Langhammer	42c278b4f8	root: migrate to hosted sentry with rate-limited DSN Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-23 11:18:26 +01:00
Jens Langhammer	e52c964354	flows: fix redirect from plan context "redirect" not being wrapped in flow response Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-22 23:28:26 +01:00
Jens L	c635487210	blueprints: better OCI support in UI (#4263 ) use oci:// prefix to detect oci blueprint, add UI support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-22 18:49:25 +01:00
Jens Langhammer	fb09df26c9	core: fix lint Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-22 17:56:05 +01:00
Jens Langhammer	e4e7a112e3	web: use version family subdomain for in-app doc links Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-22 17:03:08 +01:00
Jens Langhammer	042865c606	blueprints: add conditions to blueprint schema Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-21 18:59:17 +01:00
sdimovv	7f662ac2f3	blueprints: Added conditional entry application (#4167 ) * blueprints: Added !AsBool tag * Renamed AsBool tag to Condition * Added conditions attributed to BlueprintEntry * Added docs for the conditions attribute of a blueprint entry * Website linting fix * add new tag to vscode settings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-21 17:04:00 +00:00
Jens L	609f95ac97	providers: add preview for mappings (#4254 ) * preview Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: show provider page on application page Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * use oauth2 end session url instead of direct interface Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * dont show provider page on application page for now Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add UI for preview Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * translate and release notes Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix lint Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * separate saml api files Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add api tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-21 12:13:11 +01:00
Jens Langhammer	027ca88d83	lib: enable sentry profiles_sample_rate Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-19 12:51:22 +01:00
Jens L	ec925491b2	stages/captcha: customisable URLs (#3832 ) * make api and js url customisable Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * use recaptcha.net domains Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add form Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * regen locale Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-18 14:18:43 +01:00
Jens Langhammer	3418943949	root: allow custom settings via python module Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-15 10:59:14 +01:00
Jens Langhammer	8d169a8bd9	Merge branch 'version-2022.11'	2022-12-12 17:05:39 +00:00
Jens Langhammer	f47ce9a360	stages/user_login: prevent double success message when logging in via source Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-12 16:34:16 +00:00
Jens Langhammer	01a897dbc2	flows: set stage name and verbose_name for in_memory stages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-12 16:22:48 +00:00
Jens Langhammer	fddcb3a835	events: remove legacy logger declaration Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-12 15:32:06 +00:00
Jens Langhammer	5d51621278	stages/user_write: always ignore `component` field and prevent warning Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-12 15:31:56 +00:00
Jens Langhammer	9ffc720f48	policies: log correct cache state Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-12 15:31:41 +00:00
Jens Langhammer	4d8978ea90	bleuprints: fix flaky test Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-09 11:04:44 +00:00
sdimovv	8d13235b74	blueprints: fixed bug causing filtering with an empty query (#4106 ) * Fixed bug causing filtering with an empty query Fixed bug allowing blueprint import to filter for existing models using an empty query. The code only checks if the `identifiers` dict is empty, but `__query_from_identifier` skips identifier member values of type `dict` or keys == `pk`, so it is possible to produce an empty query if an `identifier` consists of just `dict` type members or "pk" key. Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com> * Added test case * Added support for using dict fields as blueprint entry identifiers * Disabled pylint too-many-locals for _validate_single Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>	2022-12-06 12:06:25 +01:00
Jens Langhammer	44bf9a890e	release: 2022.11.3	2022-12-02 23:00:59 +02:00
Jens Langhammer	58cd6007b2	Merge branch 'version-2022.11'	2022-12-02 18:12:38 +02:00
Jens L	db95dfe38d	security: fix CVE 2022 46145 (#4140 ) * add flow authentication requirement Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add website for cve Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * flows: handle FlowNonApplicableException without policy result Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add release notes Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-02 16:14:25 +01:00
sdimovv	1f7d52c5ce	blueprints: Support nested custom tags in `!Find` and `!Format` tags (#4127 ) * Added support for nested tags to !Find and !Format * Added tests * Fix variable names * Added docs * Fixed small mistake in tests * Fixed variable names * Broke example into multiple lines	2022-12-01 16:10:26 +01:00
Jens Langhammer	3251bdc220	events: improve handling creation of events with non-pickleable objects Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-01 15:56:28 +02:00
Jens Langhammer	2a4daa5360	release: 2022.11.2	2022-12-01 10:41:29 +02:00
Jens Langhammer	e1a6dede54	*: backport CVE-2022-46145 fix Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-01 10:41:26 +02:00
Jens Langhammer	cf40e5047e	policies: don't log context when policy returns None Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-30 14:43:47 +02:00
Jens Langhammer	d5329432fe	lib: fix uploaded files not being saved correctly, add tests closes #4110 #4109 #4107 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-30 12:48:33 +02:00
sdimovv	5156aeee0f	policies/password: Always add generic message to failing zxcvbn check (#4100 ) * Always add generic message to failing zxcvbn password policy Depending on the settings, sometimes a password policy that checks a password with the zxcvbn tool can fail without any message. For example: ``` $ echo 'Awdccdw1234' \| zxcvbn \| jq \| grep "feedback" -A 5 -B 1 Password: "score": 3, "feedback": { "warning": "", "suggestions": [] } } ``` As seen above the tool does not produce any warnings or suggestions for the given password, but if the password policy is set to have a zxcvbn threshold of 3, the policy will silently fail without communicating the reason to the user. There are two ways to handle this: 1. Always add a generic "password is too weak" message when the policy fails. 2. Check if there are any suggestions or warnings from the zxcvbn tool and only add the generic message if not. I personally prefer 1. This way the generic message will be shown whenever the policy fails, and will get combined with extra "tips" whenever zxcvbn has some. Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com> * Update authentik/policies/password/models.py Co-authored-by: Jens L. <jens@beryju.org> Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com> * Added test case * fix black formatting Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Co-authored-by: Jens L. <jens@beryju.org> Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-30 07:58:16 +00:00
Jens Langhammer	e22fce02f8	stages/authenticator_validate: improve validation for not_configured_action Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-28 10:52:51 +01:00
Jens Langhammer	e2bd96c5de	stages/authenticator_validate: fix validation to ensure configuration stage is set Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-25 21:37:52 +01:00
Jens Langhammer	f8ef2b666f	events: fix incorrect EventAction being used Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-25 11:53:05 +01:00
Jens Langhammer	a9909fcf6d	providers/oauth2: set amr values based on login event closes #4070 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-25 11:21:59 +01:00
Jens Langhammer	1fa9b3a996	providers/saml: set AuthnContextClassRef based on login event Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> #4070	2022-11-25 11:21:45 +01:00
Jens Langhammer	5019346ab6	events: save login event in session after login Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> #4070	2022-11-25 11:21:00 +01:00
Jens Langhammer	f22f1ebcde	stages/authenticator_validate: save used mfa devices in login event Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-25 10:47:49 +01:00
Jens Langhammer	1c2cdfe06a	web/flows: improve error messages for failed duo push Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-24 13:42:13 +01:00
Jens Langhammer	d0308a8239	stages/authenticator_validate: log duo error Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-24 11:36:43 +01:00
Jens Langhammer	6843c8389b	stages/authenticator_duo: fix imported duo devices not being confirmed Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-24 11:36:34 +01:00
Jens Langhammer	3a13d19695	release: 2022.11.1	2022-11-22 21:42:10 +01:00
Jens Langhammer	ed7bef9dbf	blueprints: open fixtures in read only mode Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-22 21:39:30 +01:00
Jens Langhammer	b9fdb63a57	core: fix lint Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-22 21:02:18 +01:00
Jens Langhammer	5262d89505	core: fix tab-complete in shell Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-22 20:30:00 +01:00
Jens L	ab3d47c437	blueprints: add desired state attribute to objects (#4061 ) * add state attribute to delete objects Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add tests, move yaml from block to files Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add state to docs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * only try to format Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-22 14:27:20 +01:00
Jens Langhammer	14cd52686d	stages/email: add test for email translation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> #3885	2022-11-22 14:14:42 +01:00
Jens Langhammer	1a39754fe9	*: don't return values in test suites Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-22 11:38:34 +01:00
Jens Langhammer	5b8223808e	Merge branch 'version-2022.11'	2022-11-21 22:14:33 +01:00
Jens Langhammer	14f341f504	web/admin: fix error when importing duo devices Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-21 21:36:10 +01:00
Jens Langhammer	20c1770ec4	release: 2022.11.0	2022-11-21 20:12:02 +01:00
Jens Langhammer	a2e512c36c	stages/authenticator_validate: add flag to configure user_verification for webauthn devices Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-21 17:52:37 +01:00
Jens Langhammer	3c2da8138d	stages/invitation: directly delete invitation now that flow plan is saved in email token Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-21 14:55:49 +01:00
Jens Langhammer	426f0bc9dd	events: deepcopy event kwargs to prevent objects being removed, remove workaround closes #4041 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-21 12:31:17 +01:00
Jens Langhammer	cc3ab141e5	policies: only cache policies for authenticated users closes #4033 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-18 21:06:53 +01:00
Jens Langhammer	c158ef80db	*: fix remaining old cache keys Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-18 16:18:32 +01:00
Jens L	9f5fb692ba	sources: add custom icon support (#4022 ) * add source icon Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add to oauth form Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add to other browser sources Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add migration, return icon in UI challenges Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * deduplicate file upload Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-16 14:10:10 +01:00
Jens Langhammer	d67ec1b62f	lib: fix complex objects being included in event context for ak_create_event Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-15 16:51:02 +01:00
Jens Langhammer	e5241ac574	core: fix error when propertymappings return complex value Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-15 16:28:15 +01:00
Jens L	276af8457d	root: make sentry DSN configurable (#4016 ) * make sentry DSN configurable Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * make proxy smarter Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix typo in config struct Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-15 16:05:29 +01:00
Jens L	55aa1897af	root: use single redis db (#4009 ) * use single redis db Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup prefixes Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ensure __str__ always returns string Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix remaining old prefixes Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add release notes Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-15 14:31:29 +01:00
Jens Langhammer	9f269faf53	stages/authenticator_*: cleanup Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-15 13:46:00 +01:00
Jens Langhammer	9bde7ef59e	Revert "stages/authenticator_*: directly save devices into db instead of session to prevent race conditions" closes #4008 This reverts commit `538c2ca4d3`. Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> # Conflicts: # authentik/stages/authenticator_static/stage.py # authentik/stages/authenticator_totp/stage.py	2022-11-15 11:35:53 +01:00
Jens L	88594075b2	policies/password: merge hibp add zxcvbn (#4001 ) * initial zxcvbn Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add api and port tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * more tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add ui Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * update docs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add api diff Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-14 14:42:43 +01:00
Jens L	ffe6f65af5	outposts/kubernetes: ingress class (#4002 ) * add support for ingressClassName Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add option to disable ssl verification for k8s controller Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * update website Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-14 14:24:11 +01:00
dependabot[bot]	4095c422df	core: bump python from 3.10.7-slim-bullseye to 3.11.0-slim-bullseye (#3864 ) * core: bump python from 3.10.7-slim-bullseye to 3.11.0-slim-bullseye Bumps python from 3.10.7-slim-bullseye to 3.11.0-slim-bullseye. --- updated-dependencies: - dependency-name: python dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * bump project Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * bump deps Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * bump ci to 3.11 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix formatting Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-13 14:20:55 +01:00
sdimovv	5d8dd9cf3f	blueprints: Fixed bug causing blueprint instance context be discarded (#3990 ) Fixed bug causing blueprint instance context be discarded when applying a blueprint.	2022-11-12 13:23:33 +01:00
Jens Langhammer	3306003f0e	providers/oauth2: fix inconsistent expiry encoded in JWT - access token validity is used for JWTs issues in implicit flows - general cleanup of how times are set closes #2581 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-10 20:23:24 +01:00
Daniel	85c790728f	core: simplify group serializer for user API endpoint (#3899 ) * core/api: Adding simple group serializer to improve user retrieval performance Due to the exhaustive use of the user_obj the performance suffers greatly if the users are assigned to large groups. This simple fix adds a new serializer that does not expose the user_obj within a group. * core/api: Update schema Update to the schema based on the new SimpleGroupSerializer * core/api: Fix black and pylint * make naming consistent, remove unnecessary fields Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-09 11:19:40 +01:00
Jens Langhammer	47132faffb	root: relicense and launch blog post Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-03 16:00:00 +01:00
Jens Langhammer	cd0d898a4b	events: sanitize generator for json safety closes #3903 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-31 20:30:11 +01:00
Jens Langhammer	400751ed3c	api: fix missing scheme in securitySchemes closes #3883 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-29 18:50:34 +02:00
Jens Langhammer	f3a72761c0	release: 2022.10.1	2022-10-29 17:24:55 +02:00
Jens Langhammer	841c13ed77	core: set prehydrated locale based on active backend locale Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-28 19:43:24 +02:00
Jens L	30d708dd1f	core: explicitly enable locales (#3889 ) * activate locales Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * set locale for email templates Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-28 19:42:49 +02:00
Jens Langhammer	9d0a7578ec	flows: fix error due to not validating error challenge Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-27 20:04:00 +02:00
Jens Langhammer	f8fab14e1e	core: refactor MessageStage to not use dynamic class Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-26 20:01:42 +02:00
Jens Langhammer	6b35d0c70b	core: check if session is authenticated before showing linked message Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-26 00:30:42 +02:00
Jens Langhammer	dd65862bf2	core: show success message when authenticating/enrolling after flow is finished Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-25 22:46:15 +02:00
Jens Langhammer	6ea57921f2	sources/saml: set username field to name_id attribute Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-24 21:53:37 +02:00
Jens Langhammer	b0d4f035f1	blueprints: fix error when cleaning up unset attribute Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-21 22:12:59 +02:00
Jens Langhammer	661d2ec701	Merge branch 'version-2022.10'	2022-10-21 22:11:04 +02:00
Jens Langhammer	3f570bb96d	blueprints: improve error handling Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-21 20:18:02 +02:00
Jens Langhammer	89dc46a7ff	release: 2022.10.0	2022-10-21 19:42:38 +02:00
Jens Langhammer	a1ce8100e9	stages/identification: log invalid_login similar to event for easier log parsing Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> #3715	2022-10-20 19:31:22 +02:00
Jens Langhammer	13d975a258	flows: fix error when opening inspector with no history Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-20 19:30:56 +02:00
Jens Langhammer	782fec0eb9	flows: use stripped down flow serializer for flow_set to optimise loading time Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-20 09:56:08 +02:00
Jens L	cfad472e1b	flows: optimise queries (#3818 ) * flows: optimise flow queries Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * index source on slug and name Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * binding index Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add policy parent index Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix migrations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup old migrations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add release note to upgrade Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-19 22:53:07 +02:00
Jens Langhammer	6882445937	*: handle PermissionError when saving files, ensure permission bits are set correctly closes #3817 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-19 20:24:28 +02:00
Jens Langhammer	9e3bf94547	flows: optimise flow API loading speed Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-19 10:29:06 +02:00
Jens L	b06a3a8f9f	admin: add authorisations metric (#3811 ) add authorizations metric Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-19 00:06:45 +02:00
dependabot[bot]	167695d4b1	core: bump channels from 3.0.5 to 4.0.0 (#3799 ) * core: bump channels from 3.0.5 to 4.0.0 Bumps [channels](https://github.com/django/channels) from 3.0.5 to 4.0.0. - [Release notes](https://github.com/django/channels/releases) - [Changelog](https://github.com/django/channels/blob/main/CHANGELOG.txt) - [Commits](https://github.com/django/channels/compare/3.0.5...4.0.0) --- updated-dependencies: - dependency-name: channels dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * add daphne Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-18 22:34:27 +02:00
Jens Langhammer	3e1490dcac	providers/saml: don't attempt verification of SAML request when no verification certificate is configured Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-18 22:26:04 +02:00
Jens Langhammer	6bff6a2a1a	core: fallback to empty user object for PropertyMappingEvaluator Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-18 22:03:26 +02:00
Jens L	0efee2a660	flows: improved import (#3807 ) * return logs when importing flow Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * improve error handling, show logs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-18 22:01:42 +02:00
Jens L	b85be12567	providers/oauth2: fix issues with es256 and add tests (#3808 ) fix issues with es256 and add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-18 22:01:29 +02:00
Jens Langhammer	96a30af0eb	sources/oauth: allow overriding of all scopes closes #3747 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-16 21:21:43 +02:00
Jens Langhammer	76531589dd	core: fix title in generic error template Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-16 13:55:22 +02:00
Jens Langhammer	2112b5b26b	root: add global fallback throttle Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-15 23:51:36 +02:00
Jens Langhammer	a3cc844e25	crypto: fix cert_expiry not having the correct format Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-15 23:32:02 +02:00
Jens Langhammer	53aef73f58	flows: optimise queries for flow and stage API endpoints Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-15 11:54:31 +02:00
Jens L	363872715d	sources/saml: revamp SAML Source (#3785 ) * update saml source to use user connections, add all attributes to flow context Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * check for SAML Status in response, add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * package apple icon Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add webui for connections Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-14 17:04:47 +02:00
Jens L	79e8b72569	flows: always show flow inspector in debug mode, don't require admin in debug (#3786 ) Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-14 15:44:59 +02:00
Jens Langhammer	74a0e27a8c	blueprints: fix error when exporting objects with lazily translated strings closes #3482 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-14 14:31:44 +02:00
Jens Langhammer	0ca1368dcc	sources/saml: improve error handling for missing assertion and missing subject closes #3784 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-14 13:56:39 +02:00
Philipp Kolberg	2980c5884f	root: Add setting to adjust database config for pgbouncer (#3769 ) * Add setting to adjust database config for pgbouncer * docker-compose.yml cleanup Delete pgbouncer setting as false is the default value * Cleanup docker-compose.yml Also remove use_pgbouncer option in server section	2022-10-14 11:53:24 +02:00
Jens L	217e145d23	stages/authenticator_sms: make sms stage payload customisable (#3780 ) * make sms stage payload customisable Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * update phrasing for webhook mapping Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-14 11:53:01 +02:00
Jens Langhammer	e5e6c33b2d	providers/oauth2: fix expires_in not being an int Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-11 14:25:30 +03:00
Jens L	8ed2f7fe9e	providers/oauth2: add device flow (#3334 ) * start device flow Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix inconsistent app filtering Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add tenant device code flow Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add throttling to device code view Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * somewhat unrelated changes Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add initial device code entry flow Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add finish stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * it works Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add support for verification_uri_complete Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add some tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add more tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add docs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-11 12:42:10 +02:00
Jens Langhammer	00a6c2a40b	sources/oauth: improve error messages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-10 13:28:25 +03:00
Jens Langhammer	239092b872	core: fix messages not being shown when no client is connected Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-10 13:27:41 +03:00
dependabot[bot]	34d520a3fb	core: bump channels-redis from 3.4.1 to 4.0.0 (#3752 )	2022-10-10 11:26:49 +02:00
lvoegl	3ecc715e91	sources/oauth: add Twitch OAuth source (#3746 ) * sources/oauth: add Twitch OAuth source Signed-off-by: Lukas Vögl <lukas@voegl.org> * website/integrations: add Twitch OAuth source documentation Signed-off-by: Lukas Vögl <lukas@voegl.org> Signed-off-by: Lukas Vögl <lukas@voegl.org>	2022-10-10 10:59:07 +02:00
Jens Langhammer	9bbe8e6c57	providers/oauth2: save full IDToken to database, only use to_dict for encoding final token Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-08 15:06:17 +03:00
Jens Langhammer	b2a658d091	providers/oauth2: remove c_hash and nonce claim if they're not set Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-07 17:07:33 +03:00
Jens Langhammer	ce085a029d	providers/oauth2: exclude at_hash claim if not set instead of being null closes #3739 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-07 10:10:53 +03:00
Jens Langhammer	93e90f8f50	crypto: fix import_certificate checking private key as certificate closes #3713 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-02 00:31:14 +02:00
Jens L	44e4f2e561	crypto: make certificate parsing optional for crypto api (#3711 )	2022-10-01 00:06:00 +02:00
Jens L	cca0f60bda	root: decrease default token size to 60 chars for compatibility (#3710 ) Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> #2614	2022-09-30 23:12:51 +02:00
Jens Langhammer	d8a98e71bd	outposts: fix indentation in generated SSH Config	2022-09-29 09:23:27 +00:00
Jens Langhammer	7c0754000c	providers/oauth2: add all hardcoded claims to claims_supported list closes #3702 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-09-29 10:27:46 +02:00
Jens Langhammer	43a5aaa9df	stages/email: don't check that email templates exist on startup #3692 this runs on both server and worker where only the worker needs to have the email templates Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-09-28 18:52:54 +02:00
Jens Langhammer	cd1a36fec4	root: save email template directory in config Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-09-28 18:51:34 +02:00
Jens L	df4200992c	outposts: remote docker ssh fixes (#3691 ) * improve error logging for SSH connections Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * "fix" host key checking Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-09-28 12:10:40 +02:00
Jens Langhammer	50819ae0f0	*: improve error handling in ldap outpost, ignore additional errors Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-09-23 22:11:47 +02:00
Jens Langhammer	2cfba36cb7	release: 2022.9.0	2022-09-23 12:33:01 +02:00
Jens Langhammer	81e820b6e6	flows: fix invalid graph generation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-09-21 10:53:29 +02:00
Jens L	b16a3d5697	internal: use config system for workers/threads, document the settings (#3626 ) use config system for workers/threads, document the settings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-09-21 09:59:03 +02:00
Jens L	1583d53e54	web: use mermaidjs (#3623 ) * flows: move flow diagram logic to separate file Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * idk Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * make web component work Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * remove subgraph for now Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add denied connection Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * wrong list Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * use custom styles Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * i18n Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix typing issues, make diagram centered Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix lint Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-09-21 09:58:23 +02:00
Jens L	2bd10dbdee	tests: use create_test_flow where possible (#3606 ) * use create_test_flow where possible Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix and add more tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * remove unused websocket stuff Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * Revert "remove unused websocket stuff" This reverts commit `fc05f80951`. * keepdb for make test Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix more Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add tests for notification transports Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-09-17 13:16:53 +02:00
Jens L	be64296494	stages/authenticator_duo: improved import (#3601 ) * prepare for duo admin integration Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * make duo import params required Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add UI to import devices Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * rework form, automatic import Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * limit amount of concurrent tasks on worker Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * load tasks Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix API codes Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix tests and such Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * sigh Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * make stage better Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * basic stage test Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-09-17 12:10:47 +02:00
Jens L	4a91a7d2e2	web: re-organise frontend and cleanup common code (#3572 ) * fix repo in api client Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: re-organise files to match their interface Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * core: include version in script tags Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup maybe broken Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * revert rename Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: get rid of Client.ts Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * move more to common Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * more moving Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * format Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * unfuck files that vscode fucked, thanks Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * move more Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * finish moving (maybe) Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ok more moving Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix more stuff that vs code destroyed Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * get rid "web" prefix for virtual package Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix locales Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * use custom base element Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix css file Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * don't run autoDetectLanguage when importing locale Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix circular dependencies Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix build Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-09-15 00:05:21 +02:00
Jens Langhammer	9f5c019daa	core: add helper function to create events from expressions, move ak_user_has_authenticator to base evaluator Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-09-14 21:52:41 +02:00
Jens Langhammer	84c08dca41	stages/user_write: log discarded keys as warning Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-09-14 20:21:37 +02:00
Jens Langhammer	6b8b596c92	stages/identification: set primary_action based on flow designation closes #3589 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-09-14 10:30:49 +02:00
Jens Langhammer	359da6db81	Revert "flows: always mark component field as required in Challenge and ChallengeResponses" This reverts commit `b35b225453`.	2022-09-11 23:13:51 +02:00
Jens Langhammer	7f8afad528	*: fix API Schema generation warnings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-09-11 23:08:31 +02:00
Jens Langhammer	b35b225453	flows: always mark component field as required in Challenge and ChallengeResponses Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-09-11 23:01:59 +02:00
Jens Langhammer	0ff2ac7dc2	api: fix schema not referencing errors correctly Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-09-11 23:01:26 +02:00
Jens Langhammer	8b4a7666f0	stages/authenticator_duo: fix 404 when current user does not have permissions to view stage closes #3288 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-09-11 21:43:29 +02:00
Jens Langhammer	ae9dbf3014	blueprints: fix error caused by overriding rest_framework's instance attribute Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-09-10 14:34:43 +02:00
Jens Langhammer	4c4d87d3bd	blueprints: validate instance before creating in metaapplyblueprint Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-09-10 13:58:54 +02:00
Jens Langhammer	a407334d3b	providers/oauth2: use @method_decorator instead of decorating in urls Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-09-10 13:26:17 +02:00
Jens Langhammer	5026cebf02	stages/consent: default to expiring consent instead of always_require Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-09-10 13:25:28 +02:00
Jens Langhammer	2e2ab55f9e	*: cleanup stray print calls Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-09-10 13:24:53 +02:00
Jens Langhammer	28835fbca7	root: re-use custom log helper from config and cleanup duplicate functions Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-09-10 13:24:31 +02:00
Jens Langhammer	aabb8af486	tenants: handle all errors in default_locale closes #3457 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-09-10 00:56:12 +02:00
Jens L	7517d612d0	providers/oauth2: add x5c (#3556 ) * add x5c, x5t and x5t#S256 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * strip trailing = to fix encoding issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-09-08 23:30:05 +02:00
Jens L	62f93c83d4	ci: update pyright (#3546 )	2022-09-07 00:23:25 +02:00
Jens Langhammer	03a3f1bd6f	crypto: add command to import certificates Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> #3544	2022-09-06 19:39:10 +02:00
Jens Langhammer	60266b3345	flows: migrate FlowExecutor error handler to native challenge instead of shell Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-09-06 18:48:15 +02:00
Jens Langhammer	2a4679e390	flows: fix incorrect diagram for policies bound to flows closes #3534 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-09-06 10:24:13 +02:00
Jens Langhammer	eed958b132	stages/authenticator_duo: fix schema not declaring request body correctly Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-09-05 22:00:02 +02:00
Jens Langhammer	12c318f0b1	sources/ldap: start_tls before binding but without reading server info with read_server_info=True (default), this errors out on active directory closes #3509 #1049 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-09-04 14:04:08 +02:00
Jens Langhammer	f68ed3562e	core: fix custom favicon not being set correctly on load Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-09-04 00:24:51 +02:00
Jens L	f2f22719f8	core: improve error template (#3521 )	2022-09-03 19:46:37 +02:00
Jens Langhammer	242423cf3c	internal: remove sentryhttp from main server mux to prevent double traces Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-09-03 16:41:47 +02:00
Jens Langhammer	d9775f2822	blueprints: don't export events by default and exclude anonymous user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-08-31 23:32:02 +02:00
Jens Langhammer	398eb23d31	blueprint: fix EntryInvalidError not being handled in tasks Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-08-31 23:08:38 +02:00
Jens L	abca435337	blueprints: OCI registry support (#3500 ) * blueprints: add ability to load blueprints via OCI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add docs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix inheritance check for meta models Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add oci tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-08-30 14:08:26 +02:00
Jens L	54ba3e9616	blueprints: add meta model to apply blueprint within blueprint for dependencies (#3486 ) * add meta model to apply blueprint within blueprint for dependencies Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * use custom registry Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix again Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * move ManagedAppConfig to apps.py Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * rename manager to registry Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: use full tag in comment Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-08-29 21:20:58 +02:00
Jens Langhammer	d3466ceef8	blueprints: use correct log level when re-logging import validation logs closes #3483 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-08-28 16:07:48 +02:00
Jens Langhammer	5886688fae	core: make request in context optional for Applications API Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> #3482	2022-08-28 15:59:34 +02:00
Jens Langhammer	c3c8cbf7ef	events: save event to test notification transport closes #3485 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-08-28 15:39:42 +02:00
Jens Langhammer	83eaac375d	sources/oauth: use GitHub's dedicated email API when no public email address is configured closes #3472 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-08-26 21:21:41 +02:00
Jens Langhammer	3eb3a9eab9	*: remove remaining default creation code in squashed migrations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-08-24 23:02:34 +02:00
Jens Langhammer	a099b21671	lib: reset settings when error is raised in patch Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-08-23 21:21:28 +02:00
Jens Langhammer	b9294fd9ad	blueprints: fix unbound error Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-08-23 21:15:48 +02:00
Jens Langhammer	13a302cdad	sources/oauth: use UPN for username with azure AD source closes #3468 breaking Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-08-23 20:55:25 +02:00
Jens Langhammer	e994a01e80	blueprints: handle blueprints without metadata Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-08-23 20:54:56 +02:00
Jens Langhammer	d49431cfc7	events: reset task info when not saving on success Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-08-23 19:22:14 +02:00

... 5 6 7 8 9 ...

3084 Commits