Jens L
cd88b91686
security: fix CVE 2022 23555 ( #4274 )
...
* add flow to invitation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* show warning on invitation page
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add security advisory
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 14:18:13 +01:00
Jens L
8eb73d3a16
security: fix CVE 2022 46172 ( #4275 )
...
* fallback to current user in user_write, add flag to disable user creation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update api and web ui
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update default flows
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add cve post to website
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 14:18:09 +01:00
Jens Langhammer
83f46f6ff1
release: 2022.10.3
2022-12-02 23:01:17 +02:00
Jens Langhammer
0e7cc6da4c
web: bump API version
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-02 22:51:09 +02:00
Jens Langhammer
a262171671
release: 2022.10.2
2022-12-01 10:40:58 +02:00
Jens Langhammer
87b8ca7be4
*: backport CVE-2022-46145 fix
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-01 10:40:51 +02:00
Jens Langhammer
cc8dc1403f
root: include security policy in website container
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-30 13:05:02 +02:00
Jens Langhammer
f21a196a3b
root: rework and expand security policy
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
# Conflicts:
# SECURITY.md
2022-11-30 13:04:50 +02:00
Jens Langhammer
f3a72761c0
release: 2022.10.1
2022-10-29 17:24:55 +02:00
Jens Langhammer
77a67dcbc1
website/docs: prepare 2022.10.1
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-28 23:08:55 +02:00
Jens Langhammer
8d7ce49101
website/docs: add docs for using email templates with helm chart
...
closes #3891
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-28 23:06:10 +02:00
Jens Langhammer
841c13ed77
core: set prehydrated locale based on active backend locale
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-28 19:43:24 +02:00
Jens L
30d708dd1f
core: explicitly enable locales ( #3889 )
...
* activate locales
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* set locale for email templates
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-28 19:42:49 +02:00
dependabot[bot]
8a50279142
web: bump @sentry/browser from 7.16.0 to 7.17.2 in /web ( #3897 )
2022-10-28 15:03:40 +02:00
dependabot[bot]
f1e1911788
web: bump @babel/plugin-proposal-decorators from 7.19.6 to 7.20.0 in /web ( #3893 )
2022-10-28 14:53:22 +02:00
dependabot[bot]
0b712d22a8
web: bump @sentry/tracing from 7.16.0 to 7.17.1 in /web ( #3894 )
2022-10-28 14:53:05 +02:00
Jens Langhammer
9d0a7578ec
flows: fix error due to not validating error challenge
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-27 20:04:00 +02:00
Jens Langhammer
f8fab14e1e
core: refactor MessageStage to not use dynamic class
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-26 20:01:42 +02:00
dependabot[bot]
9b6e07de17
core: bump kubernetes from 24.2.0 to 25.3.0 ( #3882 )
...
Bumps [kubernetes](https://github.com/kubernetes-client/python ) from 24.2.0 to 25.3.0.
- [Release notes](https://github.com/kubernetes-client/python/releases )
- [Changelog](https://github.com/kubernetes-client/python/blob/master/CHANGELOG.md )
- [Commits](https://github.com/kubernetes-client/python/compare/v24.2.0...v25.3.0 )
---
updated-dependencies:
- dependency-name: kubernetes
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-26 19:21:47 +02:00
dependabot[bot]
4e2ba8c916
web: bump pyright from 1.1.276 to 1.1.277 in /web ( #3881 )
2022-10-26 08:46:23 +02:00
Jens Langhammer
6b35d0c70b
core: check if session is authenticated before showing linked message
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-26 00:30:42 +02:00
Jens Langhammer
dd65862bf2
core: show success message when authenticating/enrolling after flow is finished
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-25 22:46:15 +02:00
Jens Langhammer
2206b71f6f
website/integrations: add missing read:org scope for github org check and improve error handling
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-25 21:17:08 +02:00
dependabot[bot]
24e02c82dc
core: bump deepmerge from 1.0.1 to 1.1.0 ( #3877 )
...
Bumps [deepmerge](https://github.com/toumorokoshi/deepmerge ) from 1.0.1 to 1.1.0.
- [Release notes](https://github.com/toumorokoshi/deepmerge/releases )
- [Commits](https://github.com/toumorokoshi/deepmerge/compare/v1.0.1...v1.1.0 )
---
updated-dependencies:
- dependency-name: deepmerge
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-25 16:32:12 +02:00
dependabot[bot]
2b6213c3ce
core: bump psycopg2-binary from 2.9.4 to 2.9.5 ( #3876 )
...
Bumps [psycopg2-binary](https://github.com/psycopg/psycopg2 ) from 2.9.4 to 2.9.5.
- [Release notes](https://github.com/psycopg/psycopg2/releases )
- [Changelog](https://github.com/psycopg/psycopg2/blob/master/NEWS )
- [Commits](https://github.com/psycopg/psycopg2/commits )
---
updated-dependencies:
- dependency-name: psycopg2-binary
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-25 16:31:59 +02:00
dependabot[bot]
d51d14fd32
core: bump pytest from 7.1.3 to 7.2.0 ( #3875 )
...
Bumps [pytest](https://github.com/pytest-dev/pytest ) from 7.1.3 to 7.2.0.
- [Release notes](https://github.com/pytest-dev/pytest/releases )
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pytest-dev/pytest/compare/7.1.3...7.2.0 )
---
updated-dependencies:
- dependency-name: pytest
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-25 16:31:53 +02:00
Darrin
35679f5abb
website/integrations: Add TrueCommand integration ( #3819 )
...
* Create index.md
Initial checkin of truecommand integration
Signed-off-by: Darrin <54423468+obsidiangroup@users.noreply.github.com>
* Update index.md
First draft
Signed-off-by: Darrin <54423468+obsidiangroup@users.noreply.github.com>
* Add TrueCommand Integration
Signed-off-by: Darrin <54423468+obsidiangroup@users.noreply.github.com>
* website: run prettier on truecommand integration.
* Update website/integrations/services/truecommand/index.md
Co-authored-by: Jens L. <jens@beryju.org>
Signed-off-by: Darrin <54423468+obsidiangroup@users.noreply.github.com>
* Update website/integrations/services/truecommand/index.md
Co-authored-by: Jens L. <jens@beryju.org>
Signed-off-by: Darrin <54423468+obsidiangroup@users.noreply.github.com>
* Update website/integrations/services/truecommand/index.md
Co-authored-by: Jens L. <jens@beryju.org>
Signed-off-by: Darrin <54423468+obsidiangroup@users.noreply.github.com>
* Change name to TrueNAS TrueCommand, update SAML Attribute.
Signed-off-by: Darrin <54423468+obsidiangroup@users.noreply.github.com>
Signed-off-by: Darrin <54423468+obsidiangroup@users.noreply.github.com>
Co-authored-by: Darrin Walton <darrinw@obsidian-group.co>
Co-authored-by: Jens L. <jens@beryju.org>
2022-10-25 12:12:57 +02:00
dependabot[bot]
98666cc5e9
web: bump @codemirror/lang-python from 6.0.3 to 6.0.4 in /web ( #3867 )
...
Bumps [@codemirror/lang-python](https://github.com/codemirror/lang-python ) from 6.0.3 to 6.0.4.
- [Release notes](https://github.com/codemirror/lang-python/releases )
- [Changelog](https://github.com/codemirror/lang-python/blob/main/CHANGELOG.md )
- [Commits](https://github.com/codemirror/lang-python/compare/6.0.3...6.0.4 )
---
updated-dependencies:
- dependency-name: "@codemirror/lang-python"
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-25 10:02:30 +02:00
dependabot[bot]
dbaad90c3e
web: bump @typescript-eslint/eslint-plugin from 5.40.1 to 5.41.0 in /web ( #3866 )
...
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin ) from 5.40.1 to 5.41.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases )
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md )
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.41.0/packages/eslint-plugin )
---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-25 10:00:50 +02:00
dependabot[bot]
63b5656cca
web: bump @codemirror/lang-javascript from 6.1.0 to 6.1.1 in /web ( #3871 )
...
Bumps [@codemirror/lang-javascript](https://github.com/codemirror/lang-javascript ) from 6.1.0 to 6.1.1.
- [Release notes](https://github.com/codemirror/lang-javascript/releases )
- [Changelog](https://github.com/codemirror/lang-javascript/blob/main/CHANGELOG.md )
- [Commits](https://github.com/codemirror/lang-javascript/compare/6.1.0...6.1.1 )
---
updated-dependencies:
- dependency-name: "@codemirror/lang-javascript"
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-25 10:00:37 +02:00
dependabot[bot]
96713a82dd
web: bump @typescript-eslint/parser from 5.40.1 to 5.41.0 in /web ( #3869 )
...
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser ) from 5.40.1 to 5.41.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases )
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md )
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.41.0/packages/parser )
---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-25 09:59:35 +02:00
dependabot[bot]
2b20b89c80
web: bump @codemirror/legacy-modes from 6.1.0 to 6.2.0 in /web ( #3870 )
...
Bumps [@codemirror/legacy-modes](https://github.com/codemirror/legacy-modes ) from 6.1.0 to 6.2.0.
- [Release notes](https://github.com/codemirror/legacy-modes/releases )
- [Changelog](https://github.com/codemirror/legacy-modes/blob/main/CHANGELOG.md )
- [Commits](https://github.com/codemirror/legacy-modes/compare/6.1.0...6.2.0 )
---
updated-dependencies:
- dependency-name: "@codemirror/legacy-modes"
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-25 09:59:13 +02:00
dependabot[bot]
cbb24dfddd
web: bump @codemirror/lang-html from 6.1.2 to 6.1.3 in /web ( #3868 )
...
Bumps [@codemirror/lang-html](https://github.com/codemirror/lang-html ) from 6.1.2 to 6.1.3.
- [Release notes](https://github.com/codemirror/lang-html/releases )
- [Changelog](https://github.com/codemirror/lang-html/blob/main/CHANGELOG.md )
- [Commits](https://github.com/codemirror/lang-html/compare/6.1.2...6.1.3 )
---
updated-dependencies:
- dependency-name: "@codemirror/lang-html"
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-25 09:59:03 +02:00
dependabot[bot]
056ff5ff59
web: bump @codemirror/lang-xml from 6.0.0 to 6.0.1 in /web ( #3865 )
2022-10-25 09:35:29 +02:00
dependabot[bot]
4da2f44f8e
core: bump colorama from 0.4.5 to 0.4.6 ( #3872 )
2022-10-25 09:35:11 +02:00
Jens Langhammer
3da7fcfc1d
web/common: disable API Drawer by default in user interface
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-24 22:08:47 +02:00
Jens Langhammer
6ea57921f2
sources/saml: set username field to name_id attribute
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-24 21:53:37 +02:00
dependabot[bot]
c7ea4b5a7f
web: bump @rollup/plugin-node-resolve from 15.0.0 to 15.0.1 in /web ( #3855 )
2022-10-24 10:05:18 +02:00
dependabot[bot]
c2933f0681
web: bump @rollup/plugin-typescript from 9.0.1 to 9.0.2 in /web ( #3854 )
2022-10-24 10:05:10 +02:00
dependabot[bot]
27636cc49f
web: bump @rollup/plugin-commonjs from 23.0.1 to 23.0.2 in /web ( #3856 )
2022-10-24 09:56:55 +02:00
dependabot[bot]
42196f554e
web: bump @rollup/plugin-replace from 5.0.0 to 5.0.1 in /web ( #3853 )
2022-10-24 09:56:24 +02:00
dependabot[bot]
ad5fc139eb
web: bump eslint from 8.25.0 to 8.26.0 in /web ( #3857 )
2022-10-24 09:54:43 +02:00
dependabot[bot]
3a68de0d38
core: bump goauthentik.io/api/v3 from 3.2022090.10 to 3.2022100.1 ( #3861 )
2022-10-24 09:54:33 +02:00
dependabot[bot]
93984b35b3
web: bump @rollup/plugin-babel from 6.0.0 to 6.0.2 in /web ( #3858 )
2022-10-24 09:53:36 +02:00
dependabot[bot]
d25d547486
core: bump sentry-sdk from 1.10.0 to 1.10.1 ( #3859 )
2022-10-24 09:53:22 +02:00
dependabot[bot]
b84bc418af
core: bump duo-client from 4.4.0 to 4.5.0 ( #3860 )
2022-10-24 09:53:14 +02:00
dependabot[bot]
ea94750ea8
core: bump github.com/stretchr/testify from 1.8.0 to 1.8.1 ( #3862 )
2022-10-24 09:52:51 +02:00
dependabot[bot]
a3aa7a8d4f
core: bump pylint from 2.15.4 to 2.15.5 ( #3863 )
2022-10-24 09:52:43 +02:00
Jens Langhammer
7004cb1c91
website/docs: add notice for TOTP issuer
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-22 17:11:20 +02:00
github-actions[bot]
e67464b8a0
web: bump API Client version ( #3846 )
...
Signed-off-by: GitHub <noreply@github.com>
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
2022-10-21 22:35:21 +02:00