Jens Langhammer
201bea6d30
internal: add X-authentik-logout signature to trigger logouts when URLs are not exposed
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-07 18:50:24 +02:00
Jens L
89fef0ae72
blueprints: docs ( #3376 )
...
* further blueprint cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* more
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* make group users and parent optional
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix api client usage
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-06 00:52:12 +02:00
Jens L
2ce8e18bab
internal: centralise config for listeners to use same config system everywhere ( #3367 )
...
* centralise config for listeners to use same config system everywhere
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#3360
* add docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-03 21:33:27 +02:00
Jens Langhammer
fcf4657833
providers/proxy: add is_superuser to ak_proxy object, only show full error when superuser
...
closes #3314
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-30 20:29:23 +02:00
Jens L
393d7ec486
providers/proxy: no exposed urls ( #3151 )
...
* test any callback
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* dont detect callback in per-server handler
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use full redirect uri with both path and query param
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* correctly route to embedded outpost for callback signature
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix allowed redirects
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-30 17:51:01 +02:00
Jens L
b41acebf5b
providers/proxy: add caddy endpoint ( #3330 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-29 10:58:53 +02:00
Jens Langhammer
10b48b27b0
internal: walk config in go, check, parse and load from scheme like in python
...
closes #2719
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-26 11:33:37 +02:00
Jens Langhammer
41eb44137e
internal: remove pkg/errors
2022-07-05 20:26:33 +00:00
Jens Langhammer
eb633c607e
internal: fix nil pointer reference
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-01 17:02:53 +02:00
Jens Langhammer
b6267fdf28
*: add versioned user agent to sentry
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-20 11:54:10 +02:00
Jens Langhammer
79bec6f6b2
providers/proxy: only send misconfiguration event once
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-16 10:32:34 +02:00
Jens Langhammer
bdf76bb4b7
internal: skip tracing for go healthcheck and metrics endpoints
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-10 22:21:11 +02:00
Jens Langhammer
8d3275817b
providers/ldap: fix existing binder not being carried forward correctly
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-05 18:51:01 +02:00
Jens Langhammer
e30103aa9f
providers/proxy: use same redirect-save code for all modes
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-04 23:25:47 +02:00
Jens Langhammer
bb244b8338
providers/ldap: fix session cache being lost on provider refresh
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-04 18:03:00 +02:00
Jens L
8447e9b9c2
providers/proxy: envoy v2 ( #3029 )
...
* add path prefix
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use prefix correctly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* only set redirect if session doesn't have a redirect yet
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-03 10:32:52 +02:00
Jens L
f9a419107a
outposts/proxyv2: add basic envoy support ( #3026 )
...
* outposts/proxyv2: add basic envoy support
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* don't crash when backend is not available
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add envoy tests and docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-03 00:06:09 +02:00
Jens L
8f0572d11e
outposts/ldap: add correct group objectClass ( #3023 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2861
2022-06-02 18:48:07 +02:00
Jens Langhammer
eba339ba27
core: improve loading speed of flow background
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-02 14:20:23 +02:00
Jens L
3eb466ff4b
lifecycle: cleanup prometheus ( #2972 )
...
* remove high cardinality labels
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* retry worker number for prometheus multiprocess id
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* revert to pid, use subdirectories
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup more
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use worker id based off of https://github.com/benoitc/gunicorn/issues/1352
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix missing app label
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* tests/e2e: remove static names
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-29 21:45:25 +02:00
Jens Langhammer
a03dde8a90
outposts/ldap: fix type assertion after upgrading to new API Client
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-27 16:36:15 +02:00
Jens L
a286f999e2
api: migrate to openapi generator v6 ( #2968 )
...
* migrate to openapi generator v6
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* bump api
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-26 15:15:30 +02:00
Jens Langhammer
646d174dd2
internal: revert cookie path on proxy causing redirect loops
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-21 16:26:12 +02:00
Jens Langhammer
5c91658484
internal: fix nil pointer dereference in ldap outpost
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-21 15:48:50 +02:00
Jens Langhammer
ebb44c992b
Revert "internal: set SameSite for outpost"
...
This reverts commit 7e95c756b9
.
2022-05-21 14:08:40 +02:00
Jens Langhammer
7e95c756b9
internal: set SameSite for outpost
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-21 13:21:45 +02:00
Jens Langhammer
be26b92927
internal: cleanup outpost logs
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-21 13:18:06 +02:00
Jens Langhammer
6f56a61a64
website/docs: add docs for advanced SSH config
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2916
2022-05-21 13:06:54 +02:00
Jens Langhammer
a52638d898
internal: fix typo in session name constant
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-20 10:10:29 +02:00
Jens Langhammer
421b003218
internal: set path on cookie for proxy
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2305
2022-05-11 10:08:38 +02:00
Jens Langhammer
25a4310bb1
internal: use Expires not MaxAge for LDAP session
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-11 10:04:32 +02:00
dependabot[bot]
4d755dc0f6
build(deps): bump goauthentik.io/api/v3 from 3.2022041.4 to 3.2022041.5 ( #2843 )
...
* build(deps): bump goauthentik.io/api/v3 from 3.2022041.4 to 3.2022041.5
Bumps [goauthentik.io/api/v3](https://github.com/goauthentik/client-go ) from 3.2022041.4 to 3.2022041.5.
- [Release notes](https://github.com/goauthentik/client-go/releases )
- [Commits](https://github.com/goauthentik/client-go/compare/v3.2022041.4...v3.2022041.5 )
---
updated-dependencies:
- dependency-name: goauthentik.io/api/v3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* fix
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-10 20:33:19 +02:00
Jens L
ab2299ba1e
outposts/ldap: cached bind ( #2824 )
...
* initial cached ldap bind support
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add web
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* clean up api generation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use gh action for golangci-lint
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-08 16:48:53 +02:00
Jens Langhammer
9b6e47e6b8
outposts/ldap: fix panic in type conversion when value is nil
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-11 15:52:58 +02:00
Jens Langhammer
b46eb7198b
internal: handle log level not being set in config
...
closes #2650
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-03 13:23:55 +02:00
Jens Langhammer
51194cbf42
outposts/ldap: use backend group num_pk
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-22 23:54:50 +01:00
Jens Langhammer
b45a442447
outposts/ldap: fix contexts
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-19 18:28:27 +01:00
Simon Siebert
75a720ead1
outposts/ldap: prevent operations error from nil dereference ( #2447 )
...
closes #2526
2022-03-19 18:26:26 +01:00
Jens Langhammer
76660e4666
internal: add tests with querystring
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-07 22:03:36 +01:00
Jens Langhammer
62a939b91d
internal: bump api client to v3
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-03 10:40:07 +01:00
Jens Langhammer
6fdf3ad3e5
internal/outpost: improve logging and add tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2393
2022-02-26 22:29:56 +01:00
Jens Langhammer
fb33906637
internal/ldap: fix panic when parsing lists with mixed types
...
closes #2355
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-22 19:56:55 +01:00
Jens Langhammer
744f250d05
providers/proxy: always set rd param in addition to session to prevent wrong url in session
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-18 10:32:22 +01:00
Jens Langhammer
19b1f3a8c1
internal/outpost: fix logic error
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-17 20:50:47 +01:00
Jens Langhammer
45f2c5bae7
web/admin: fix invalid URLs in example proxy config
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-15 23:24:27 +01:00
Jens Langhammer
5d8c1aa0b0
outposts/proxy: correctly check host in forward domain redirect
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#1997
2022-02-15 14:58:19 +01:00
Jens Langhammer
0101368369
outposts/proxy: fix logic error in rd argument
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#1997
2022-02-15 13:43:55 +01:00
Jens Langhammer
4854f81592
outposts/proxy: correctly handle ?rd= param
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#1997
2022-02-15 11:05:03 +01:00
Jens Langhammer
908f123d0e
website/docs: update nginx config
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-15 10:24:08 +01:00
Jens Langhammer
3d577cf15e
*: add placeholder custom.css to easily allow user customisation
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-14 20:05:00 +01:00
Jens Langhammer
4915e980c5
providers/proxy: revert Host header behaviour
...
closes #2284
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-14 12:39:16 +01:00
Jens Langhammer
e5a393c534
internal: increase logging for no hostname found
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-13 14:36:56 +01:00
Jens Langhammer
1f838bb2aa
outposts/proxy: add X-Forwarded-Host since Host now gets changed by the proxy
...
closes #2284
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-10 23:09:55 +01:00
Jens Langhammer
affbf85699
internal: don't attempt to lookup SNI Certificate if no SNI is sent
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-09 12:33:25 +01:00
Jens L
4343246a41
*: rename akprox to outpost.goauthentik.io ( #2266 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-08 20:25:38 +01:00
Jens Langhammer
7088a6b0e6
providers/proxy: fix Host/:Authority not being modified
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-08 16:30:26 +01:00
Jens Langhammer
e758995458
providers/proxy: improve error handling for invalid backend_override
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-07 19:59:06 +01:00
Jens Langhammer
654e0d6245
providers/proxy: fix nil error in claims
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-03 17:58:38 +01:00
Jens Langhammer
f5cc6c67ec
providers/proxy: fix routing for external_host when using forward_auth_domain
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2180
2022-02-01 10:14:46 +01:00
Jens Langhammer
6021fc0f52
providers/proxy: fix backend override persisting for other users
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-30 22:29:34 +01:00
Jens Langhammer
7fd6be5abb
providers/proxy: add backend_override
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-30 21:35:08 +01:00
Jens Langhammer
67d550a80d
providers/proxy: don't include hostname and scheme in redirect when we only got a path and not a full URL
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-27 18:23:08 +01:00
Jens Langhammer
ebb5711c32
providers/proxy: add support for X-Original-URI in nginx, better handle missing headers and report errors to authentik
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-27 18:14:02 +01:00
Jens Langhammer
96ae68cf09
internal: make error message less confusing
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-25 15:45:21 +01:00
Jens Langhammer
63b3434b6f
website/docs: improve nginx examples
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-25 14:25:21 +01:00
Ilya Kogan
947ecec02b
outposts/ldap: Fix more case sensitivity issues. ( #2144 )
2022-01-25 11:27:27 +01:00
Jens Langhammer
1c2b452406
outposts/proxy: fix potential empty redirect, add tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2141
2022-01-25 10:57:53 +01:00
Jens Langhammer
650e2cbc38
internal: remove duplicate log messages
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-24 22:25:35 +01:00
Jens Langhammer
b32800ea71
outposts/proxy: trace full headers to debug
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-24 22:08:31 +01:00
Jens Langhammer
e1c0c0b20c
internal: don't override server header
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-24 22:05:11 +01:00
Jens Langhammer
ef335ec083
outposts/proxy: add more test cases for domain-level auth
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-24 21:41:15 +01:00
Jens Langhammer
07b09df3fe
internal: add more outpost tests, add support for X-Original-URL
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-24 20:50:13 +01:00
Jens Langhammer
e70e031a1f
internal: start adding tests to outpost
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-24 20:12:25 +01:00
Jens Langhammer
1dce408c72
internal/proxyv2: only allow access to /akprox in nginx mode when forward url could be extracted
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-24 09:30:33 +01:00
Jens Langhammer
af3fb5c2cd
internal: use math.MaxInt for compatibility
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#1819
2022-01-21 23:11:17 +01:00
Jens Langhammer
3bfb8b2cb2
outposts/proxyv2: allow access to /akprox urls in forward auth mode to make routing in nginx/traefik easier
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-21 13:43:16 +01:00
Jens Langhammer
9fc5ff4b77
outposts/proxyv2: fix JWKS url pointing to localhost on embedded outpost
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-21 13:29:51 +01:00
Jens Langhammer
41e7b9b73f
outposts/proxyv2: fix before-redirect url not being saved in proxy mode
...
closes #2109
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-19 19:16:30 +01:00
Jens Langhammer
7f47f93e4e
internal: cleanup log messages
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-19 19:01:24 +01:00
Jens Langhammer
14c7d8c4f4
internal: route traffic to proxy providers based on cookie domain when multiple domain-level providers exist
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2079
2022-01-18 23:19:43 +01:00
Jens Langhammer
819af78e2b
internal: make internal go version match python version
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-14 10:45:37 +01:00
Jens Langhammer
c07b8d95d0
outposts/proxy: remove deprecated headers
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-07 17:01:23 +01:00
Jens Langhammer
bf347730b3
outposts/ldap: remove deprecated fields
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-07 09:52:19 +01:00
Jens Langhammer
ececfc3a30
internal: fix comment formatting for TODOs
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-07 09:51:41 +01:00
Jens Langhammer
c741c13132
internal: fix listen attempt on shutdown
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-03 12:36:11 +01:00
Jens Langhammer
f246da6b73
outposts/proxy: fix error checking for type assertion
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-26 14:57:32 +01:00
Jens Langhammer
410d1b97cd
outposts/proxy: add support for multiple states, when multiple requests are redirect at once
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-26 14:16:02 +01:00
Jens Langhammer
884c546f32
outposts: clean up flow executor
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-24 19:52:19 +01:00
Jens Langhammer
47356915b1
outposts: fix outpost's sentry not sending release
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-23 19:01:32 +01:00
Jens Langhammer
87e99625e6
internal: update tenant certificates on outpost refresh
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-23 00:38:49 +01:00
Jens Langhammer
34b11524f1
tenants: add web certificate field, make authentik's core certificate configurable based on keypair
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 11:43:45 +01:00
Jens Langhammer
b3ba083ff0
internal: cleanup logging, remove duplicate code
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 10:33:21 +01:00
Jens Langhammer
22a8603892
internal: add custom proxy certificates support to embedded outpost
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 10:16:01 +01:00
Jens Langhammer
ba55538a34
outposts/proxy: cleanup
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-21 19:16:06 +01:00
Jens Langhammer
f742c73e24
outposts/proxy: fix allowlist for forward_auth
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#1970
2021-12-21 15:49:25 +01:00
Jens Langhammer
b932b6c963
website/docs: update log levels
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-21 13:15:17 +01:00
Jens Langhammer
3c048a1921
outposts/proxy: fix session not expiring correctly due to miscalculation
...
closes #1976
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-21 13:10:57 +01:00
Jens Langhammer
f10b57ba0b
outposts/proxy: handle redirect loop in start handler, show error message
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-21 10:07:08 +01:00
Jens Langhammer
92b4244e81
providers/proxy: update traefik regex
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#1969
2021-12-20 22:43:58 +01:00
Jens Langhammer
eca2ef20d0
outposts/proxy: add initial redirect-loop prevention
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 22:21:53 +01:00
Jens Langhammer
cac5c7b3ea
outposts/proxy: make templates more re-usable
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 22:20:23 +01:00
Jens Langhammer
37ee555c8e
outposts/proxy: fix ping URI not being routed
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 22:12:02 +01:00
Jens Langhammer
f910da0f8a
outposts: fix initial refresh not calling Server.Refresh()
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 21:47:32 +01:00
Jens Langhammer
fc9d270992
outposts/ldap: fix log formatter and level not being set correctly
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 21:46:01 +01:00
Jens Langhammer
621773c1ea
internal: rework global logging settings, embedded outpost no longer overwrites core, clean up double init
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 21:23:19 +01:00
Jens Langhammer
052e465041
outpost: re-run globalSetup when updating config
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 21:08:03 +01:00
Jens Langhammer
c843f18743
lib: add additional celery logger to sentry ignore
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 21:04:45 +01:00
Jens Langhammer
68637cf7cf
outposts: handle/ignore http Abort handler
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 19:42:45 +01:00
Jens Langhammer
7a73ddfb60
outposts/proxy: match skipPathRegex against full URL on domain auth
...
closes #1955
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-18 15:50:42 +01:00
Jens L
95bce9c9e7
outposts: release binary outposts ( #1954 )
...
* outposts/proxy: always embed static assets, still check local
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* ci: add initial ci to build outpost as binary
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* ci: fix typo, build web
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* ci: upload to release on publish, only run linux on ci
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* ci: ensure latest go is used
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* ci: split e2e tests into two halves
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-17 19:49:32 +00:00
Jens Langhammer
03da87991f
outposts: don't use custom environment
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-16 19:12:05 +01:00
Jens Langhammer
7d6e88061f
outposts: check if hub from context is set and fallback
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-16 11:19:57 +01:00
Jens Langhammer
f8aab40e3e
internal: cleanup duplicate and redundant code, properly set sentry SDK scope settings
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-16 11:00:19 +01:00
Jens Langhammer
b5685ec072
outposts: set sentry-trace on API requests to match them to the outer transaction
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-14 11:50:31 +01:00
Jens Langhammer
cf5ff6e160
outposts: reset backoff after successful connect
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-13 16:38:48 +01:00
Jens Langhammer
ac9cf590bc
*: use prefixed span names
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-13 16:18:42 +01:00
Jens Langhammer
10b16bc36a
outposts: add description to span
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-13 16:12:14 +01:00
Jens Langhammer
5f0f4284a2
web/admin: fix rendering for applications on view page
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-13 15:27:28 +01:00
Jens Langhammer
c11be2284d
outposts/proxy: also set max length for redis backend
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-13 15:05:55 +01:00
Jens Langhammer
aa321196d7
outposts/proxy: fix securecookie: the value is too long again, since it can happen even with filesystem storage
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-13 13:33:20 +01:00
Jens Langhammer
4e2457560d
outposts/proxy: use filesystem storage for non-embedded outposts
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-12 17:59:31 +01:00
Jens Langhammer
2ddf122d27
Revert "outposts/proxy: don't save raw jwt in cookie to prevent securecookie: the value is too long"
...
This reverts commit b3e40c6aed
.
2021-12-12 17:58:19 +01:00
Jens Langhammer
deebdf2bcc
outposts: fix unlabeled transaction
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-12 13:46:31 +01:00
Jens Langhammer
4982c4abcb
outpost: add additional checks for websocket connection
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-12 00:11:17 +01:00
Jens Langhammer
f4988bc45e
outpost: rewrite re-connect logic without recws
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-11 22:53:59 +01:00
Jens Langhammer
8abc9cc031
outposts: cleanup logs for failed binds
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-11 22:09:18 +01:00
Jens Langhammer
63a19a1381
outposts/ldap: fix searches with mixed casing
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-09 20:55:51 +01:00
Ilya Kogan
bd2e453218
outposts/ldap: Fix search case sensitivity. ( #1897 )
2021-12-08 20:11:56 +01:00
Jens Langhammer
b3e40c6aed
outposts/proxy: don't save raw jwt in cookie to prevent securecookie: the value is too long
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-06 13:54:59 +01:00
Jens Langhammer
ea097afeae
outposts/proxy: fix path prefix in static handler
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-02 19:21:40 +01:00
Jens Langhammer
f8dc7f48f2
outposts/proxy: fix path for media
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-02 18:47:36 +01:00
Ilya Kogan
40404ff41d
outposts/ldap: Rework/improve LDAP search logic. ( #1687 )
...
* outposts/ldap: Refactor searching so we key primarily off base dn
* docs: Updating guides on sssd and the ldap outpost.
2021-12-02 15:28:58 +01:00
Jens Langhammer
85a417d22e
outposts/proxy: re-add rs256 support
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-02 15:17:32 +01:00
Jens Langhammer
347c3793fc
outposts/proxy: add additional headers
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-02 14:19:57 +01:00
Jens Langhammer
e42ad8db93
outposts/proxy: copy user-agent header from upstream request
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-02 10:01:54 +01:00
Jens Langhammer
e917e756cc
outposts/proxy: make logging fields more consistent
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-02 09:58:50 +01:00
Jens Langhammer
d0ceafe79e
outposts/proxy: add X-authentik-meta-version
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-01 20:59:45 +01:00
Jens Langhammer
f2023a7af2
*: don't use go embed to make using custom files easier
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-01 20:35:28 +01:00
Jens Langhammer
60b95271eb
outposts/proxy: add additional headers
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-01 20:19:09 +01:00
Jens Langhammer
3b068610b9
outposts/proxy: clean up header setting (don't copy all headers)
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-01 20:05:56 +01:00
Jens Langhammer
9a393848b2
outpost: configure error reporting based off of main instance config
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-29 14:42:19 +01:00
Jens Langhammer
8b7f698c7b
outposts/proxy: continue compiling additional regexes even when one fails
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-28 15:06:26 +01:00
Jens Langhammer
c7681dde32
outposts: reload on signal USR1, fix display of reload offset
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-24 22:45:27 +01:00
Jens Langhammer
d1bd8f333b
outposts/proxy: use disableIndex for static files
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-19 10:50:56 +01:00
Jens Langhammer
2ac9f5426d
outposts: don't panic when listening for metrics fails
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-19 10:37:13 +01:00
Jens Langhammer
ae9f1c1063
outpost/ldap: fix panic when attempting to update without locked users mutex
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-18 19:36:27 +01:00
Jens Langhammer
97b814ab33
outpost/proxy: show better error when hostname isn't configured
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-13 22:45:37 +01:00
Jens Langhammer
f069cfb643
outposts/ldap: copy boundUsers map when running refresh instead of using blank map
...
closes #1651
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-13 00:26:01 +01:00
Jens Langhammer
e7b4363d21
outposts/ldap: fix logic error in cached ldap searcher
...
closes #1779
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-11 23:18:32 +01:00
Jens Langhammer
00324f922d
outposts: send SelectedChallenge when using MFA with Go FlowExecutor
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-11 21:27:06 +01:00