c9075551a8
lint
...
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2023-12-04 10:20:41 +01:00
79fc46372c
management commands: add --schema option where relevant
...
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2023-12-04 09:26:13 +01:00
77d8877efe
tenants -> brands, init new tenant model, migrate some config to tenants
...
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2023-11-21 18:23:58 +01:00
b88e39411c
security: fix CVE-2023-48228 ( #7666 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-11-21 18:10:07 +01:00
51d3511f8b
providers/scim: fix missing schemas attribute for User and Group ( #7477 )
...
* providers/scim: fix missing schemas attribute for User and Group
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make things actually work
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-11-16 11:36:49 +01:00
3d9f7ee27e
providers/oauth2: set auth_via for token and other endpoints ( #7417 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-11-03 00:11:30 +01:00
8aafa06259
providers/radius: TOTP MFA support ( #7217 )
...
* move CheckPasswordMFA to flow executor
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add mfa support field to radius
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-10-18 19:43:36 +02:00
25d4905d6c
outposts: use channel groups instead of saving channel names ( #7183 )
...
* outposts: use channel groups instead of saving channel names
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use pubsub
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* support storing other args with state
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-10-16 17:01:44 +02:00
4db365c947
providers/proxy: improve SLO by backchannel logging out sessions ( #7099 )
...
* outposts: add support for provider-specific websocket messages
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* providers/proxy: add custom signal on logout to logout in provider
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-10-09 01:06:52 +02:00
6f3fc22c9b
providers/saml: add default RelayState value for IDP-initiated requests ( #7100 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-10-09 00:08:16 +02:00
4c823b7428
providers/saml: set WantAuthnRequestsSigned in metadata ( #6851 )
2023-09-12 09:10:06 +02:00
74ee97b472
providers/scim: check that a provider exists before starting scim task ( #6841 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-09-11 18:12:04 +02:00
a39fef11b8
providers/saml: fix SAML metadata import API requiring flow slug inst… ( #6729 )
...
* providers/saml: fix SAML metadata import API requiring flow slug instead of pk
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* replace format_exc_info with dict_tracebacks, and only for json logger
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-09-01 12:59:25 +02:00
3afff1bae9
providers/oauth2: fix incorrect scope permissions shown ( #6696 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-08-30 17:27:40 +02:00
ccfd45774e
*: fix api errors raised in general validate() to specify a field ( #6663 )
...
* *: fix api errors raised in general validate() to specify a field
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove required flag for tls server name for ldap provider
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* attempt to make timing test less flaky
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-08-29 14:41:48 +02:00
85bc35eb41
providers/oauth2: fix id_token being saved incorrectly leading to lost claims ( #6645 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-08-28 00:51:48 +02:00
bc6706016b
core: bump pydantic from 1.10.12 to 2.3.0 ( #6613 )
...
* core: bump pydantic from 1.10.12 to 2.3.0
Bumps [pydantic](https://github.com/pydantic/pydantic ) from 1.10.12 to 2.3.0.
- [Release notes](https://github.com/pydantic/pydantic/releases )
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md )
- [Commits](https://github.com/pydantic/pydantic/compare/v1.10.12...v2.3.0 )
---
updated-dependencies:
- dependency-name: pydantic
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* fix webauthn stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix scim
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* "fix" lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-08-24 12:25:17 +02:00
e191cd6e7f
provider/oauth2: fix aud (Audience) field type which can be a list of… ( #6447 )
...
provider/oauth2: fix aud (Audience) field type which can be a list of strings
2023-08-01 23:16:26 +02:00
346c6e6a85
outposts: Fix infinite self-recursion in traefik reconciler. ( #6336 )
...
Fix infinite self-recursion in traefik reconciler.
2023-07-24 10:25:29 +00:00
d435a65cfd
outposts: support json patch for Kubernetes ( #6319 )
2023-07-22 02:29:28 +02:00
a728dad166
providers/oauth2: fix grant_type password raising an exception ( #6333 )
2023-07-22 01:36:55 +02:00
2f469d2709
root: partial Live-updating config ( #5959 )
...
* stages/email: directly use email credentials from config
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use custom database backend that supports dynamic credentials
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add crude config reloader
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make method names for CONFIG clearer
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* replace config.set with environ
Not sure if this is the cleanest way, but it persists through a config reload
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* re-add set for @patch
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* even more crudeness
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* clean up some old stuff?
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* somewhat rewrite config loader to keep track of a source of an attribute so we can refresh it
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* cleanup old things
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix flow e2e
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-07-19 23:13:22 +02:00
41af486006
enterprise: initial enterprise ( #5721 )
...
* initial
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add user type
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add external users
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add ui, add more logic, add public JWT validation key
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* revert to not use install_id as session jwt signing key
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix more
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* switch to PKI
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add more licensing stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add install ID to form
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix bugs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start adding tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fixes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use x5c correctly
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* license checks
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use production CA
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more UI stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* rename to summary
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update locale, improve ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add direct button
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update link
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* format and such
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove old attributes from ldap
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove is_enterprise_licensed
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix admin interface styling issue
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* Update authentik/core/models.py
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>
* fix default case
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2023-07-17 17:57:08 +02:00
01311929d1
providers/ldap: improve password totp detection ( #6006 )
...
* providers/ldap: improve password totp detection
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add flag for totp mfa support
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* keep support for static tokens
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix migrations
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-06-20 12:09:13 +02:00
f6181ceb70
providers/oauth2: correctly advertise code_challenge_methods_supported ( #6007 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-06-19 21:26:33 +02:00
a5db60129d
*: use dataclass slots wherever applicable ( #6005 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-06-19 18:31:07 +02:00
51f4d4646c
providers/ldap: fix Outpost provider listing excluding backchannel providers ( #5933 )
...
* providers/ldap: fix Outpost provider listing excluding backchannel providers
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-06-12 11:28:00 +02:00
0041cf88f4
providers/oauth2: launch url: if URL parsing fails, return no launch URL ( #5918 )
...
* providers/oauth2: launch url: if URL parsing fails, return no launch URL
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* add test
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* only get provider launch URL when no url is set
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* only catch value error
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-06-09 21:56:34 +02:00
69f0460f69
website: update translation docs ( #5875 )
...
* website/docs: remove lingui references
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* replace deprecated cryptography types
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* tell eslint to avoid escapes in strings when possible
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* ignore generated locale code
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-06-06 12:32:32 +02:00
fd4c5f5ce7
providers/ldap: fix LDAP Outpost application selection ( #5812 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-31 14:14:25 +02:00
d09bee7bf9
providers/proxy: add support for traefik.io API and CRD ( #5801 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-29 21:12:59 +02:00
5d5938c412
sources/saml: separate verification cert ( #5699 )
...
* sources/saml: allow separate verification certificate to be specified
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add migration to keep current behaviour
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update strings
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* keep testing verification
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-21 14:42:17 +02:00
79dcc30778
providers/radius: add warning message when radius provider is not used with outpost ( #5656 )
...
* providers/radius: add warning message when radius provider is not used with outpost
same message as Proxy and LDAP provider have
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-17 16:19:33 +02:00
68a1bcf233
providers/SCIM: improve backchannel signalling ( #5657 )
...
* providers/scim: add warning when provider is not used as backchannel provider
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* providers/scim: don't sync SCIM provider that isn't used as backchannel at all
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-17 16:19:18 +02:00
f4b0d6e85c
providers/scim: default to None for fields instead of empty list ( #5642 )
...
* providers/scim: default to None for fields instead of empty list
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make name of delete_none_keys clearer
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-17 00:25:28 +02:00
47f09ac285
providers/scim: improve SCIM error messages ( #5600 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-15 14:39:27 +02:00
ec78e56fbd
providers/scim: fix group patch schema ( #5596 )
...
the original request was made based on the sentry docs, which aren't actually correct
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-12 20:03:43 +02:00
906faf9cce
providers/proxy: fix panic when claims in session were nil ( #5569 )
...
* providers/proxy: fix panic when claims in session were nil
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add new options
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-10 20:58:44 +02:00
eb071d4d90
providers/oauth2: add user UUID as subject option ( #5556 )
...
* providers/oauth2: add user UUID as subject option
* Added translations for new OAuth2 subject option
2023-05-10 17:50:13 +02:00
1c04dc0986
providers/SCIM: patch group name ( #5564 )
...
* providers/scim: patch name when group put fails
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* re-raise ResourceMissing in group update to trigger recreation
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-10 12:29:39 +02:00
eaa3d11df8
api: modular urls ( #5551 )
...
* api: make API urls modular
load API urls from app module's urls file instead of a single static file
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* refactor websocket url mounting
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-09 14:46:47 +02:00
9c25d72d61
providers/scim: fix scim_sync_all error ( #5539 )
...
* providers/scim: fix scim_sync_all error
closes #5538
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* don't use static names in tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-08 22:39:48 +02:00
5ea54e8f7e
*: improve configuration error events ( #5523 )
...
* *: improve configuration error events
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* delete test-db when resetting
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-08 15:34:43 +02:00
8215ee19c6
events: include event user in webhook notification ( #5524 )
...
* events: include event user in webhook notification
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update other transports
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-08 15:34:21 +02:00
7acd0558f5
core: applications backchannel provider ( #5449 )
...
* backchannel applications
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add webui
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* include assigned app in provider
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* improve backchannel provider list display
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make ldap provider compatible
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* show backchannel providers in app view
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make backchannel required for SCIM
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* cleanup api
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* Apply suggestions from code review
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2023-05-08 15:29:12 +02:00
564b2874a9
providers/oauth2: use simpler charset for refresh tokens ( #5502 )
...
various implementations might have issues with the special chars
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-07 00:19:11 +02:00
b99ce890ef
providers/scim: fix missing user/group filtering on SCIM direct save signals ( #5473 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-04 02:28:58 +03:00
bb8b87fcb3
providers/scim: improve compatibility ( #5425 )
...
* providers/scim: improve compatibility
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix lint and tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-30 19:43:24 +03:00
ecce31ee87
providers/scim: correctly handle 404 by re-creating object ( #5405 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-28 14:36:21 +03:00
54d508ae8c
ci: fix pyright errors ( #5392 )
...
* ci: fix pyright errors
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix error in oauth 1 source
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove redundant blueprint fixtures
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-27 17:33:47 +03:00
Marc 'risson' Schmitt
Jens L
dependabot[bot]
Jean-Michel DILLY
Yip Rui Fung
ChandonPierre
risson
Michael OBrien