Commit Graph

10886 Commits

Author SHA1 Message Date
Jens Langhammer ae13fc3b92
policies: make name required
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-25 14:46:48 +01:00
Jens Langhammer 7046944bf6
website: link CVE and attribute reporter
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-25 14:17:17 +01:00
Jens Langhammer 0423023d2e
web/elements: fix table select-all checkbox being checked with no elements
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-25 14:10:02 +01:00
Jens Langhammer 5132f0f876
web/admin: more consistent label usage, use compact labels
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-25 14:06:29 +01:00
Jens Langhammer 7e44de2da9
web: ignore d3 circular deps warning, treat unresolved import as error
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-25 13:44:09 +01:00
Jens Langhammer 08b0075335
web/admin: fix import error
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-25 13:18:56 +01:00
Jens Langhammer efbab9e37f
web: remove @types/mermaid
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-24 22:32:21 +01:00
Jens L 8195e6d4ff
website/integrations: add hcp docs (#4281)
add hcp docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-24 22:27:33 +01:00
Jens Langhammer 700a4cb72c
web/admin: fix application to provider links
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-24 21:55:29 +01:00
Jens Langhammer 94b9ebb0bb
blueprints: add Env tag
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-24 20:41:51 +01:00
Jens Langhammer fe1e2aa8af
website: fix missing integrations in sidebar
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-24 00:50:12 +01:00
Jens Langhammer 7835f3d873
root: update supported versions
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 16:08:50 +01:00
github-actions[bot] 4a50c65cad
web: bump API Client version (#4277)
Signed-off-by: GitHub <noreply@github.com>

Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
2022-12-23 15:30:38 +01:00
Jens Langhammer 283c93c57b
website: copy static files instead of linking them to prevent cache issues
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 15:18:21 +01:00
Jens Langhammer 1b86a3d5d6
Merge branch 'version-2022.11' 2022-12-23 14:39:52 +01:00
Jens Langhammer 8b710b57a5
root: don't send traces in testing
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 14:37:58 +01:00
Jens Langhammer 716584bbae
website: update release notes for CVEs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 14:21:02 +01:00
Jens Langhammer 9dc0bb2a77
release: 2022.11.4 2022-12-23 14:17:48 +01:00
Jens Langhammer debbcb125b
web: backport API update
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 14:17:32 +01:00
Jens L 2d827eaae1
security: fix CVE 2022 23555 (#4274)
* add flow to invitation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* show warning on invitation page

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add security advisory

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 14:16:30 +01:00
Jens L 47d79ac28c
security: fix CVE 2022 46172 (#4275)
* fallback to current user in user_write, add flag to disable user creation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update api and web ui

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update default flows

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add cve post to website

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 14:16:26 +01:00
github-actions[bot] 61f2b73255
web: bump API Client version (#4276)
Signed-off-by: GitHub <noreply@github.com>

Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
2022-12-23 14:15:57 +01:00
Jens L 9f846d94be
security: fix CVE 2022 23555 (#4274)
* add flow to invitation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* show warning on invitation page

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add security advisory

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 14:13:49 +01:00
Jens L 84fbeb5721
security: fix CVE 2022 46172 (#4275)
* fallback to current user in user_write, add flag to disable user creation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update api and web ui

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update default flows

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add cve post to website

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 14:12:58 +01:00
Jens Langhammer 01da8e1792
providers/oauth2: optimise and cache signing key, prevent key being loaded multiple times
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 12:04:31 +01:00
Jens Langhammer 6a3a3e5f8d
website: fix duplicate platforms in sidebar
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 11:23:41 +01:00
Jens Langhammer 42c278b4f8
root: migrate to hosted sentry with rate-limited DSN
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 11:18:26 +01:00
dependabot[bot] e49bc83266
web: bump @sentry/browser from 7.28.0 to 7.28.1 in /web (#4267)
Bumps [@sentry/browser](https://github.com/getsentry/sentry-javascript) from 7.28.0 to 7.28.1.
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-javascript/compare/7.28.0...7.28.1)

---
updated-dependencies:
- dependency-name: "@sentry/browser"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-23 10:29:03 +01:00
dependabot[bot] 98b7ebec74
web: bump @sentry/tracing from 7.28.0 to 7.28.1 in /web (#4268)
Bumps [@sentry/tracing](https://github.com/getsentry/sentry-javascript) from 7.28.0 to 7.28.1.
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-javascript/compare/7.28.0...7.28.1)

---
updated-dependencies:
- dependency-name: "@sentry/tracing"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-23 10:26:45 +01:00
dependabot[bot] ccb43a3dfb
web: bump @babel/plugin-proposal-decorators from 7.20.5 to 7.20.7 in /web (#4270)
web: bump @babel/plugin-proposal-decorators in /web

Bumps [@babel/plugin-proposal-decorators](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-proposal-decorators) from 7.20.5 to 7.20.7.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.20.7/packages/babel-plugin-proposal-decorators)

---
updated-dependencies:
- dependency-name: "@babel/plugin-proposal-decorators"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-23 10:26:32 +01:00
dependabot[bot] c92b2620f5
web: bump @babel/core from 7.20.5 to 7.20.7 in /web (#4269)
Bumps [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) from 7.20.5 to 7.20.7.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.20.7/packages/babel-core)

---
updated-dependencies:
- dependency-name: "@babel/core"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-23 10:25:20 +01:00
dependabot[bot] e2bfeefc8b
core: bump dacite from 1.6.0 to 1.7.0 (#4271)
Bumps [dacite](https://github.com/konradhalas/dacite) from 1.6.0 to 1.7.0.
- [Release notes](https://github.com/konradhalas/dacite/releases)
- [Changelog](https://github.com/konradhalas/dacite/blob/master/CHANGELOG.md)
- [Commits](https://github.com/konradhalas/dacite/compare/v1.6.0...v1.7.0)

---
updated-dependencies:
- dependency-name: dacite
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-23 10:19:57 +01:00
Jens Langhammer e52c964354
flows: fix redirect from plan context "redirect" not being wrapped in flow response
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-22 23:28:26 +01:00
Jens L c635487210
blueprints: better OCI support in UI (#4263)
use oci:// prefix to detect oci blueprint, add UI support

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-22 18:49:25 +01:00
Jens Langhammer ca6cd8a4d3
website/developer-docs: update release procedure to include CVEs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-22 18:07:59 +01:00
Jens Langhammer fb09df26c9
core: fix lint
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-22 17:56:05 +01:00
Jens Langhammer 30f4a09a88
web/elements: fix alignment for checkboxes in table
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-22 17:31:06 +01:00
Jens Langhammer 7143ea08e6
web/admin: improve i18n for documentation link in outpost form
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-22 17:30:54 +01:00
Jens Langhammer e4e7a112e3
web: use version family subdomain for in-app doc links
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-22 17:03:08 +01:00
Jens Langhammer 4c133b957c
web/user: fix styling for clear all button in notification drawer
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-22 16:37:49 +01:00
Jens Langhammer 28eb7c03fa
website/developer-docs: add templates for announcing fixed security release
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-22 16:13:21 +01:00
Jens Langhammer 7b01a208a2
web/elements: unselect top checkbox in table when not all elements are selected
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-22 16:02:04 +01:00
Jens Langhammer db0af3763b web/elements: fix alignment with checkbox in table
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-22 15:12:47 +01:00
Jens Langhammer ab9efcea77 web/elements: fix log level for diagram
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-22 15:12:30 +01:00
Jens Langhammer d280577830 website: migrate to hosted plausible
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-22 14:47:49 +01:00
Jens Langhammer 36da29aaa2 website/developer-docs: add release procedure
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-22 12:01:34 +01:00
Jens Langhammer 9e1204b645 root: add security mailing list
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-22 11:14:03 +01:00
dependabot[bot] ea2f69a8f8
web: bump yaml from 2.1.3 to 2.2.0 in /web (#4258)
Bumps [yaml](https://github.com/eemeli/yaml) from 2.1.3 to 2.2.0.
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](https://github.com/eemeli/yaml/compare/v2.1.3...v2.2.0)

---
updated-dependencies:
- dependency-name: yaml
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-22 11:01:29 +01:00
dependabot[bot] 55a705e777
web: bump pyright from 1.1.284 to 1.1.285 in /web (#4259)
Bumps [pyright](https://github.com/Microsoft/pyright/tree/HEAD/packages/pyright) from 1.1.284 to 1.1.285.
- [Release notes](https://github.com/Microsoft/pyright/releases)
- [Commits](https://github.com/Microsoft/pyright/commits/1.1.285/packages/pyright)

---
updated-dependencies:
- dependency-name: pyright
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-22 11:01:20 +01:00
dependabot[bot] cb10289b68
core: bump goauthentik.io/api/v3 from 3.2022113.2 to 3.2022113.3 (#4260)
Bumps [goauthentik.io/api/v3](https://github.com/goauthentik/client-go) from 3.2022113.2 to 3.2022113.3.
- [Release notes](https://github.com/goauthentik/client-go/releases)
- [Commits](https://github.com/goauthentik/client-go/compare/v3.2022113.2...v3.2022113.3)

---
updated-dependencies:
- dependency-name: goauthentik.io/api/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-22 11:01:10 +01:00