trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
9,960 Commits 95 Branches 330 Tags 336 MiB
Commit Graph

2538 Commits

Author SHA1 Message Date
Jens L cd88b91686
security: fix CVE 2022 23555 (#4274) 
* add flow to invitation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* show warning on invitation page

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add security advisory

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-23 14:18:13 +01:00
Jens L 8eb73d3a16
security: fix CVE 2022 46172 (#4275) 
* fallback to current user in user_write, add flag to disable user creation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update api and web ui

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update default flows

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add cve post to website

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-23 14:18:09 +01:00
Jens Langhammer 83f46f6ff1 release: 2022.10.3 2022-12-02 23:01:17 +02:00
Jens Langhammer a262171671 release: 2022.10.2 2022-12-01 10:40:58 +02:00
Jens Langhammer 87b8ca7be4 *: backport CVE-2022-46145 fix 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-01 10:40:51 +02:00
Jens Langhammer f3a72761c0 release: 2022.10.1 2022-10-29 17:24:55 +02:00
Jens Langhammer 841c13ed77 core: set prehydrated locale based on active backend locale 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-28 19:43:24 +02:00
Jens L 30d708dd1f
core: explicitly enable locales (#3889) 
* activate locales

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* set locale for email templates

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-28 19:42:49 +02:00
Jens Langhammer 9d0a7578ec flows: fix error due to not validating error challenge 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-27 20:04:00 +02:00
Jens Langhammer f8fab14e1e core: refactor MessageStage to not use dynamic class 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-26 20:01:42 +02:00
Jens Langhammer 6b35d0c70b core: check if session is authenticated before showing linked message 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-26 00:30:42 +02:00
Jens Langhammer dd65862bf2 core: show success message when authenticating/enrolling after flow is finished 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-25 22:46:15 +02:00
Jens Langhammer 6ea57921f2 sources/saml: set username field to name_id attribute 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-24 21:53:37 +02:00
Jens Langhammer b0d4f035f1 blueprints: fix error when cleaning up unset attribute 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-21 22:12:59 +02:00
Jens Langhammer 661d2ec701 Merge branch 'version-2022.10' 2022-10-21 22:11:04 +02:00
Jens Langhammer 3f570bb96d blueprints: improve error handling 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-21 20:18:02 +02:00
Jens Langhammer 89dc46a7ff release: 2022.10.0 2022-10-21 19:42:38 +02:00
Jens Langhammer a1ce8100e9 stages/identification: log invalid_login similar to event for easier log parsing 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#3715
 2022-10-20 19:31:22 +02:00
Jens Langhammer 13d975a258 flows: fix error when opening inspector with no history 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-20 19:30:56 +02:00
Jens Langhammer 782fec0eb9 flows: use stripped down flow serializer for flow_set to optimise loading time 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-20 09:56:08 +02:00
Jens L cfad472e1b
flows: optimise queries (#3818) 
* flows: optimise flow queries

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* index source on slug and name

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* binding index

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add policy parent index

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix migrations

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup old migrations

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add release note to upgrade

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-19 22:53:07 +02:00
Jens Langhammer 6882445937 *: handle PermissionError when saving files, ensure permission bits are set correctly 
closes #3817

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-19 20:24:28 +02:00
Jens Langhammer 9e3bf94547 flows: optimise flow API loading speed 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-19 10:29:06 +02:00
Jens L b06a3a8f9f
admin: add authorisations metric (#3811) 
add authorizations metric

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-19 00:06:45 +02:00
dependabot[bot] 167695d4b1
core: bump channels from 3.0.5 to 4.0.0 (#3799) 
* core: bump channels from 3.0.5 to 4.0.0

Bumps [channels](https://github.com/django/channels) from 3.0.5 to 4.0.0.
- [Release notes](https://github.com/django/channels/releases)
- [Changelog](https://github.com/django/channels/blob/main/CHANGELOG.txt)
- [Commits](https://github.com/django/channels/compare/3.0.5...4.0.0)

---
updated-dependencies:
- dependency-name: channels
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* add daphne

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-18 22:34:27 +02:00
Jens Langhammer 3e1490dcac providers/saml: don't attempt verification of SAML request when no verification certificate is configured 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-18 22:26:04 +02:00
Jens Langhammer 6bff6a2a1a core: fallback to empty user object for PropertyMappingEvaluator 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-18 22:03:26 +02:00
Jens L 0efee2a660
flows: improved import (#3807) 
* return logs when importing flow

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* improve error handling, show logs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-18 22:01:42 +02:00
Jens L b85be12567
providers/oauth2: fix issues with es256 and add tests (#3808) 
fix issues with es256 and add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-18 22:01:29 +02:00
Jens Langhammer 96a30af0eb sources/oauth: allow overriding of all scopes 
closes #3747

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-16 21:21:43 +02:00
Jens Langhammer 76531589dd core: fix title in generic error template 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-16 13:55:22 +02:00
Jens Langhammer 2112b5b26b root: add global fallback throttle 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-15 23:51:36 +02:00
Jens Langhammer a3cc844e25 crypto: fix cert_expiry not having the correct format 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-15 23:32:02 +02:00
Jens Langhammer 53aef73f58 flows: optimise queries for flow and stage API endpoints 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-15 11:54:31 +02:00
Jens L 363872715d
sources/saml: revamp SAML Source (#3785) 
* update saml source to use user connections, add all attributes to flow context

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* check for SAML Status in response, add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* package apple icon

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add webui for connections

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-14 17:04:47 +02:00
Jens L 79e8b72569
flows: always show flow inspector in debug mode, don't require admin in debug (#3786) 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-14 15:44:59 +02:00
Jens Langhammer 74a0e27a8c blueprints: fix error when exporting objects with lazily translated strings 
closes #3482

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-14 14:31:44 +02:00
Jens Langhammer 0ca1368dcc sources/saml: improve error handling for missing assertion and missing subject 
closes #3784

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-14 13:56:39 +02:00
Philipp Kolberg 2980c5884f
root: Add setting to adjust database config for pgbouncer (#3769) 
* Add setting to adjust database config for pgbouncer

* docker-compose.yml cleanup

Delete pgbouncer setting as false is the default value

* Cleanup docker-compose.yml

Also remove use_pgbouncer option in server section
 2022-10-14 11:53:24 +02:00
Jens L 217e145d23
stages/authenticator_sms: make sms stage payload customisable (#3780) 
* make sms stage payload customisable

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update phrasing for webhook mapping

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-14 11:53:01 +02:00
Jens Langhammer e5e6c33b2d providers/oauth2: fix expires_in not being an int 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-11 14:25:30 +03:00
Jens L 8ed2f7fe9e
providers/oauth2: add device flow (#3334) 
* start device flow

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: fix inconsistent app filtering

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tenant device code flow

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add throttling to device code view

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* somewhat unrelated changes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add initial device code entry flow

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add finish stage

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* it works

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add support for verification_uri_complete

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add some tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add more tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-11 12:42:10 +02:00
Jens Langhammer 00a6c2a40b sources/oauth: improve error messages 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-10 13:28:25 +03:00
Jens Langhammer 239092b872 core: fix messages not being shown when no client is connected 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-10 13:27:41 +03:00
dependabot[bot] 34d520a3fb
core: bump channels-redis from 3.4.1 to 4.0.0 (#3752) 2022-10-10 11:26:49 +02:00
lvoegl 3ecc715e91
sources/oauth: add Twitch OAuth source (#3746) 
* sources/oauth: add Twitch OAuth source

Signed-off-by: Lukas Vögl <lukas@voegl.org>

* website/integrations: add Twitch OAuth source documentation

Signed-off-by: Lukas Vögl <lukas@voegl.org>

Signed-off-by: Lukas Vögl <lukas@voegl.org>
 2022-10-10 10:59:07 +02:00
Jens Langhammer 9bbe8e6c57 providers/oauth2: save full IDToken to database, only use to_dict for encoding final token 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-08 15:06:17 +03:00
Jens Langhammer b2a658d091 providers/oauth2: remove c_hash and nonce claim if they're not set 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-07 17:07:33 +03:00
Jens Langhammer ce085a029d providers/oauth2: exclude at_hash claim if not set instead of being null 
closes #3739

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-07 10:10:53 +03:00
Jens Langhammer 93e90f8f50 crypto: fix import_certificate checking private key as certificate 
closes #3713

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-02 00:31:14 +02:00