authentik

Commit Graph

Author	SHA1	Message	Date
Jens Langhammer	3344af72c2	outposts: cleanup user handling Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-07-05 22:41:19 +02:00
Jens Langhammer	f316a3000b	release: 2022.7.1	2022-07-04 21:10:20 +02:00
Jens Langhammer	6a497b32f6	core: use Exception for fallback case in flow_manager Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-07-04 20:05:03 +02:00
Jens Langhammer	4cd629b5fc	core: handle FlowNonApplicableException correctly in source flow_manager Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-07-03 22:03:03 +02:00
Jens Langhammer	14a4047bdd	flows: show messages from ak_message when flow is denied fallback to same generic message closes #3197 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-07-03 21:36:13 +02:00
Jens L	17d33f4b19	flows: denied action (#3194 )	2022-07-02 17:37:57 +02:00
Jens L	c39a5933e1	core: create FlowToken instead of regular token for generated recovery links (#3193 ) Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> #2749	2022-07-02 14:17:41 +02:00
Jens L	5e3f44dd87	flows: add shortcut to redirect current flow (#3192 )	2022-07-01 23:19:41 +02:00
Jens Langhammer	1c64616ebd	sources/ldap: add configuration for LDAP Source ciphers closes #3110 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-07-01 19:53:49 +02:00
Jens Langhammer	23273f53cc	providers/oauth2: if no scopes are sent in authorize request, select all configured scopes closes #3112 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-07-01 19:45:26 +02:00
Jens Langhammer	d11ce0a86e	providers/proxy: set default scopes based on managed attribute Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-07-01 18:26:49 +02:00
Jens Langhammer	766ceda57a	core: re-create anonymous user when repairing permissions Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-07-01 17:20:06 +02:00
Jens Langhammer	e758c434ea	web: ignore module load errors Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-07-01 16:49:37 +02:00
Jens Langhammer	90e3ae9457	*: define prometheus metrics in apps to prevent re-import Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-07-01 16:49:24 +02:00
Jens Langhammer	56fd436e5d	web: fix redirect when accessing authentik URLs authenticated closes #3174 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-06-30 23:04:39 +02:00
Jens Langhammer	ea60c389be	providers/saml: include SSO Binding URLs in Provider API closes #3179 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-06-30 22:18:21 +02:00
Jens Langhammer	983882f5a0	providers/oauth2: ensure refresh tokens are URL safe Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> #3185	2022-06-30 12:43:08 +02:00
Jens L	c5a2831665	api: add basic jwt support with required scope (#2624 ) * api: add basic jwt support with required scope Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: only set auth_via when actually authenticating via token Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * save consented permissions in user consent, re-prompt when new permissions are required Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * update locale Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * translate special scope map Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * more api auth tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add docs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * build web api in e2e tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * link generated client instead of copying Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-06-26 17:51:15 +02:00
Jens L	504338ea66	web/admin: application wizard (part 1) (#2745 ) * initial Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * remove log Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * start oauth Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * use form for all type wizard pages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * more oauth Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * basic wizard actions Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * make resets work Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add hint in provider wizard Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * render correct icon in empty state in table page Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * improve empty state Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * more Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add more pages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add group PK to service account creation response Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * use wizard-level isValid prop Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * re-add old buttons Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-06-26 00:46:40 +02:00
Jens Langhammer	f28509608b	core: mark session as modified instead of saving it directly to bump expiry Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-06-22 08:48:14 +02:00
Jens Langhammer	6c9dc7a15b	providers/oauth2: fix OAuth form_post response mode for code response_type Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> #3113	2022-06-20 21:52:36 +02:00
Jens Langhammer	b6267fdf28	*: add versioned user agent to sentry Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-06-20 11:54:10 +02:00
Jens Langhammer	1f0fc0a6a2	Merge branch 'version-2022.6'	2022-06-20 10:19:25 +02:00
Jens Langhammer	9201fc1834	release: 2022.6.3	2022-06-19 22:01:06 +02:00
Jens Langhammer	1faba11a57	providers/oauth2: add test to ensure capitalised redirect_uri isn't changed Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> #3114	2022-06-19 21:37:20 +02:00
9p4	f0c72e8536	providers/oauth2: dont lowercase URL for token requests (#3114 ) this was a leftover from before the migration regex checking for redirect URIs closes #3076 and #3083	2022-06-19 21:37:17 +02:00
Jens Langhammer	91f91b08e5	core: fix migrations when creating bootstrap token Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-06-19 21:37:14 +02:00
Jens L	caed306346	providers/oauth2: if a redirect_uri cannot be parsed as regex, compare strict (#3070 ) Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-06-19 21:36:19 +02:00
Jens Langhammer	59b899ddff	internal: skip tracing for go healthcheck and metrics endpoints Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-06-19 21:35:48 +02:00
Jens Langhammer	85784f796c	root: ignore healthcheck routes in sentry tracing Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-06-19 21:35:46 +02:00
Jens Langhammer	b42eb9464f	lifecycle: run bootstrap tasks inline when using automated install Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-06-19 21:35:33 +02:00
Jens L	6559fdee15	stages/authenticator_validate: add webauthn tests (#3069 ) Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-06-19 21:35:23 +02:00
Jens Langhammer	3455bf3d27	policies: consolidate log user and application Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-06-19 21:35:04 +02:00
Jens Langhammer	0d96e68c1e	core: add limit of 20 to group recursion closes #3116 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-06-19 21:24:57 +02:00
Jens Langhammer	7caac1d0c7	providers/oauth2: add test to ensure capitalised redirect_uri isn't changed Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> #3114	2022-06-18 13:13:36 +02:00
9p4	45364d6553	providers/oauth2: dont lowercase URL for token requests (#3114 ) this was a leftover from before the migration regex checking for redirect URIs closes #3076 and #3083	2022-06-18 13:08:15 +02:00
Jens Langhammer	2298eb124f	core: fix migrations when creating bootstrap token Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-06-17 10:10:04 +02:00
Jens Langhammer	e892ed14da	providers/oauth2: include source's user path in M2M created users Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-06-15 14:07:28 +02:00
Jens L	1c62a3db6e	core: user paths (#3085 ) * init Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add user_path_template Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add to sources and flow Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add outposts & api Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * dark theme for treeview Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add search Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add docs and tests for validation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add to user write stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add web ui Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: improve error handling Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-06-15 12:12:26 +02:00
Jens L	6821402fef	providers/oauth2: remove deprecated verification_keys (#3071 ) remove verification_keys Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-06-11 19:48:07 +02:00
Jens L	8dbb0bd2c6	providers/oauth2: token revoke (#3077 )	2022-06-11 18:49:16 +02:00
Jens L	0cad56ec73	providers/oauth2: if a redirect_uri cannot be parsed as regex, compare strict (#3070 ) Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-06-10 23:32:57 +02:00
Jens Langhammer	bdf76bb4b7	internal: skip tracing for go healthcheck and metrics endpoints Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-06-10 22:21:11 +02:00
Jens Langhammer	74ce9cc6fd	root: ignore healthcheck routes in sentry tracing Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-06-10 20:10:27 +02:00
Jens Langhammer	5e2d647a6c	core: trigger bootstrap tasks in server if we're debugging closes #3040 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-06-09 20:21:31 +02:00
Jens Langhammer	7beebe030d	lifecycle: run bootstrap tasks inline when using automated install Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-06-09 20:09:55 +02:00
Jens L	66f4a31b4c	stages/authenticator_validate: add webauthn tests (#3069 ) Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-06-08 20:50:48 +02:00
Jens Langhammer	039d896dee	policies: consolidate log user and application Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-06-07 22:26:01 +02:00
Jens Langhammer	ff2baf502b	release: 2022.6.2	2022-06-07 21:36:18 +02:00
Jens Langhammer	23023ec727	providers/oauth2: add JWKS URL to OAuth2ProviderSetupURLs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-06-07 20:17:06 +02:00
Jens Langhammer	7d84a71a01	stages/authenticator_validate: fix double-negation of password-less check Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-06-07 09:52:10 +02:00
Jens Langhammer	9add8479ca	stages/authenticator_validate: fix error in passwordless webauthn closes #3050 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-06-06 13:50:11 +02:00
Jens Langhammer	ca40d31dac	*: make user logging more consistent Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-06-05 18:50:44 +02:00
Frédérick Permantier	2dfa6c2c82	core: add setting to open application launch URL in a new browser tab (#3037 ) * core: add setting to open application launch URL in a new browser tab * core: fix failing applications unit tests * core: fix formatting * core: include models only generated when debug mode is enabled	2022-06-05 14:32:22 +02:00
Jens Langhammer	c11435780d	sources/oauth: fix twitter client missing basic auth closes #3038 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-06-05 14:21:32 +02:00
Jens Langhammer	817d538b8f	core: add additional filters to source viewset https://github.com/goauthentik/terraform-provider-authentik/issues/184 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-06-05 00:56:46 +02:00
Jens Langhammer	210775776f	core: add slug to built-in source https://github.com/goauthentik/terraform-provider-authentik/issues/184 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-06-05 00:50:10 +02:00
Jens Langhammer	b26111fb42	events: fix error when attempting to create event with GeoIP City in context closes #2709 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-06-05 00:16:07 +02:00
Jens Langhammer	67d54c5209	release: 2022.6.1	2022-06-04 21:23:33 +02:00
Jens L	fa04883ac1	events: use custom login failed signal, also send for mfa errors, add stage and more to context (#3039 ) * use custom login failed signal, also send for mfa errors, add stage and more to context closes #3027 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * include device class in event Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * update tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-06-04 15:30:56 +02:00
Jens L	36cbc44ed6	migrate to main (#3035 ) closes #3032 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-06-03 19:40:09 +02:00
Jens L	0c591a50e3	*: don't dispatch tasks on startup of server (#3033 ) Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-06-03 18:29:24 +02:00
Jens L	7ee655a318	core: add bootstrap variables with authentik prefix for helm charts (#3031 ) https://github.com/goauthentik/helm/pull/72 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-06-03 15:22:56 +02:00
Jens Langhammer	eba339ba27	core: improve loading speed of flow background Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-06-02 14:20:23 +02:00
Jens Langhammer	558c7bba2a	lib: add lxml wrapper Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-06-02 13:25:24 +02:00
Jens Langhammer	8cd1a42fb9	*: fix linting Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-06-02 11:50:10 +02:00
Jens L	c0cb891078	stages/authenticator_sms: verify-only (#3011 )	2022-06-01 23:16:28 +02:00
Jens L	fc1c1a849a	stages/*: use bound logger (#3012 ) Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-06-01 23:01:58 +02:00
Jens L	2c6d82593e	root: cleanup session keys to use common format (#3003 ) cleanup session keys to use common format Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-31 21:53:23 +02:00
Jens Langhammer	34bcc2df1a	root: disable session_save_every_request as it overwrites the session with old data Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> #2991	2022-05-31 20:46:27 +02:00
Jens Langhammer	b4d528a789	policies: fix incorrect bound_to count Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-31 10:16:09 +02:00
Jens Langhammer	a0397fdcf4	events: set default transport mode Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-30 21:32:48 +02:00
Jens L	8faa1bf865	events: add local transport mode (#2992 ) * events: add local transport mode Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add default local transport Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-30 20:55:05 +02:00
Jens Langhammer	fc75867218	events: ignore session model Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-30 20:23:07 +02:00
Jens L	3eb466ff4b	lifecycle: cleanup prometheus (#2972 ) * remove high cardinality labels Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * retry worker number for prometheus multiprocess id Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * revert to pid, use subdirectories Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup more Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * use worker id based off of https://github.com/benoitc/gunicorn/issues/1352 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix missing app label Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tests/e2e: remove static names Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-29 21:45:25 +02:00
Jens L	9f2529c886	stages/authentiactor_validate: cookies (#2978 ) * stages/authenticator_validate: rewrite to use signed jwt cookie + expiry as MFA threshold Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add more tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add more tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-29 19:47:34 +02:00
Jens L	fb25b28976	core: db sessions (#2979 ) * use db session backend Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * root: wrap session cookie in JWT and add useful claims Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix compatibility with tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * use standard session key for writing in sessions too Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-29 18:58:54 +02:00
Jens Langhammer	fb69f67f47	*: cleanup vendor Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-28 21:26:33 +02:00
Jens Langhammer	18b48684eb	providers/oauth2: add configuration error event when wrong redirect uri is used in token request Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-28 21:15:58 +02:00
Jens Langhammer	098b0aef6e	*: use create_test_admin_user for all unittests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-28 21:13:16 +02:00
Jens Langhammer	082df0ec51	Merge branch 'version-2022.5' Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> # Conflicts: # authentik/providers/oauth2/views/token.py # web/src/locales/zh-Hans.po	2022-05-28 13:19:58 +02:00
Jens Langhammer	1883402b3d	release: 2022.5.3	2022-05-28 12:04:26 +02:00
Jens Langhammer	1b3aacfa1d	providers/oauth2: add migration from "" to "." closes #2970 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-27 21:43:51 +02:00
Jens Langhammer	2b68363452	providers/oauth2: add migration from "" to "." closes #2970 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-27 10:23:13 +02:00
Jens Langhammer	6105956847	providers/oauth2: regex-escape URLs when set to blank Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-26 22:17:34 +02:00
Jens Langhammer	4ff32af343	flows: fix flakiness in tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-26 22:17:03 +02:00
Jens Langhammer	972868c15c	providers/oauth2: only set expiry on user when it was freshly created Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-26 22:16:55 +02:00
Jens Langhammer	0bc57f571b	api: update API browser to match admin UI and auto-switch theme Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-26 22:16:34 +02:00
Jens Langhammer	a81d5a3d41	providers/oauth2: regex-escape URLs when set to blank Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-26 12:52:56 +02:00
Jens Langhammer	34ef4af799	flows: fix flakiness in tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-26 09:53:40 +02:00
Jens Langhammer	5da47b69dd	providers/oauth2: only set expiry on user when it was freshly created Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-25 23:02:33 +02:00
Jens Langhammer	0e0dd2437b	providers/oauth2: handle attribute errors when validation JWK contains private key Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-25 22:23:05 +02:00
Jens Langhammer	e42386b150	api: update API browser to match admin UI and auto-switch theme Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-25 20:09:29 +02:00
Jens Langhammer	ef219198d4	flows: fix lint Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-25 00:05:04 +02:00
Jens Langhammer	cc744dc581	flows: fix lint Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-25 00:04:58 +02:00
Jens Langhammer	816b0c7d83	flows: fix re-imports of entries with identical PK re-creating objects closes #2941 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-24 23:35:06 +02:00
Jens Langhammer	56babb2649	flows: fix re-imports of entries with identical PK re-creating objects closes #2941 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-24 23:32:08 +02:00
Jens L	b8fdda50ec	ensure all viewsets have filter and search and add tests (#2946 ) Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-24 22:13:59 +02:00
Jens Langhammer	4a9b788703	providers/oauth2: set related_name for many-to-many so used by detects the connection Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-24 22:12:35 +02:00
Jens L	80c1dbdfbb	ensure all viewsets have filter and search and add tests (#2946 ) Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-24 22:01:18 +02:00
Jens L	b4e75218f5	sources/oauth: OIDC well-known and JWKS (#2936 ) * add initial Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add provider Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * include source and jwk key id in event Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add more docs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add tests for source Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix web formatting Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add provider tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix lint error Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-24 21:02:50 +02:00
Jens Langhammer	482491e93c	core: fix username validator not allowing changes that can be done via flows closes #2755 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-24 19:40:54 +02:00
Jens Langhammer	61a876b582	providers/saml: handle parse error AUTHENTIK-1K5 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-23 22:03:12 +02:00
Jens Langhammer	8c9748e4a0	providers/oauth2: improve error handling for invalid regular expressions Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-23 20:47:36 +02:00
Jens Langhammer	b7979ad48e	Revert "events: ignore silk SQLQuery object" This reverts commit `a26f25ccd6`. Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-23 20:29:05 +02:00
Jens Langhammer	4704de937a	stages/user_write: fix typo in request context variable Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-23 20:18:37 +02:00
Jens Langhammer	394d8e99a4	policies: improve error logging Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-23 20:18:00 +02:00
Jens Langhammer	a26f25ccd6	events: ignore silk SQLQuery object Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-23 20:17:52 +02:00
Jens Langhammer	63dc8fe7dc	crypto: set SAN in default generated Certificate to semi-random domain Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> #2462	2022-05-22 23:22:06 +02:00
Jens Langhammer	cfe2648b62	events: fix transport not allowing blank values Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-22 19:32:58 +02:00
Jens Langhammer	3d4a45c93f	release: 2022.5.2	2022-05-21 17:17:21 +02:00
Jens Langhammer	75d6cd1674	outposts: ensure the user and token are created on initial outpost save Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-21 15:55:19 +02:00
Jens L	2dee8034d3	outposts: allow externally managed SSH Config for outposts (#2917 )	2022-05-21 12:10:08 +02:00
Jens Langhammer	220d21c3e0	release: 2022.5.1	2022-05-20 19:34:45 +02:00
Jens L	b43df2ae27	stages/identification: redirect with QS to keep next parameters (#2909 ) Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-20 16:10:10 +02:00
Jens L	d570feffac	flows: add types to diagrams (#2902 ) * add policy and stage types to diagram Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * show policies bound to the root flow Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix get_build_hash being empty Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * update tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-19 20:50:28 +02:00
Jens Langhammer	3d52266773	flows: handle missing `initial_data` in challenge AUTHENTIK-1HK Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-19 20:31:28 +02:00
Jens L	7bdecd2ee6	stages/user_write: dynamic groups (#2901 ) * stages/user_write: add dynamic groups Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * simplify functions Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-19 20:28:16 +02:00
Jens Langhammer	11f7935155	providers/oauth2: use regex to check redirect URI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> #2799	2022-05-18 21:22:27 +02:00
Jens L	75b0fb3393	sources/oauth: migrate twitter to oauth2 (#2893 )	2022-05-18 00:03:02 +02:00
Jens Langhammer	538c2ca4d3	stages/authenticator_*: directly save devices into db instead of session to prevent race conditions Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-17 10:02:30 +02:00
Jens Langhammer	5080840ed9	admin: ensure disable_update_check is set to false for tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-17 10:00:26 +02:00
Jens L	333e58ce2f	flows/layouts (#2867 )	2022-05-16 01:10:23 +02:00
Jens Langhammer	4de2ac3248	events: add task to expire seen notifications Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-14 22:41:50 +02:00
Jens Langhammer	eb4dce91c3	events: add user filter to notifications as superuser all notifications are returned regardless of permission so we need to filter Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-14 22:31:13 +02:00
Jens Langhammer	d4fd6153c8	api: fix OwnerFilter filtering out objects for superusers Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-14 21:36:00 +02:00
Jens Langhammer	85b6bfbe5f	sources: fix parent serializer for user connections Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-14 21:26:02 +02:00
Jens Langhammer	5644d5f3f7	stages/authenticator_totp: fix key error Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-14 19:57:00 +02:00
Jens Langhammer	f391c33bdf	providers/oauth2: fix tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-14 12:41:40 +02:00
Jens Langhammer	18f450bd49	root: enable sentry for tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-14 12:29:30 +02:00
Jens Langhammer	ee36b7f3eb	flows: move autosubmit stage into flows package Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-14 12:06:19 +02:00
Jens Langhammer	a9a62bbfc8	providers/oauth2: use correct title based on flow context and translated Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-14 00:08:29 +02:00
Jens Langhammer	ddd785898b	providers/saml: add title attribute to autosubmit stage and render correctly Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-14 00:08:14 +02:00
Jens Langhammer	8ba45a5f6a	providers/oauth2: don't create events before client_id can be verified to prevent spam Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-14 00:02:01 +02:00
Jens Langhammer	7d41e6227b	providers/oauth2: add tests for form_post, fix attrs not being flattened Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-13 23:52:50 +02:00
Jens Langhammer	1363226697	providers/saml: make SAML metadata generation consistent Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-13 17:40:18 +02:00
scheibling	d4abf5621e	providers/oauth2: add support for form_post response mode (#2818 ) * Added request verification and parameter generation * response_mode added to OAuthAuthorizationParams return * Added class OauthPostFulfillmentStage Check response_mode in initialization * Corrected typo * Removed separate class Added handling for FORM_POST in create_response_uri Added handling for FORM_POST in return class * Fixed pylint error (trailing-whitespace) Removed comment * Reformatted authorize.py with black	2022-05-12 21:36:31 +02:00
Jens L	ec67b60219	policies/hibp: check in prompt data (#2845 ) Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-10 23:47:36 +02:00
Jens L	fd1d38f844	stages/authenticator_validate: remember (#2828 ) * initial Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: cleanup timedelta help Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add tooltip Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * assert response code in self.assertStageResponse Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add more tests, add duo Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add docs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-10 21:05:22 +02:00
Jens Langhammer	3554406aa5	root: fix duplicate enum in api scheme Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-10 10:24:18 +02:00
Jens L	ab2299ba1e	outposts/ldap: cached bind (#2824 ) * initial cached ldap bind support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add web Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add docs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * clean up api generation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * use gh action for golangci-lint Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-08 16:48:53 +02:00
Jens Langhammer	860269acf0	root: set SESSION_SAVE_EVERY_REQUEST to enable sliding sessions Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> #1878	2022-05-07 22:32:56 +02:00
scheibling	30c7e6c94c	providers/oauth2: fixed typo (PROMPT_CONSNET => PROMPT_CONSENT) (#2819 )	2022-05-06 10:09:09 +02:00
Jens Langhammer	59df02b3b8	root: disable stdout capturing for tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-05 23:08:36 +02:00
Jens Langhammer	ddbe0aaf13	stages/user_delete: fix delete stage failing when pending user is not explicitly set Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-05-01 13:59:33 +02:00
Jens Langhammer	84930b4924	Revert "internal: fix high cpu when backend isnt healthy" This reverts commit `eb6cfd22a7`. Revert "root: handle JSON error in metrics too" This reverts commit `1ede972222`. Revert "root: don't force multiprocess prometheus registry" This reverts commit `cd1d1b4402`. Revert "root: add error handling for prometheus view" This reverts commit `c0a883f76f`.	2022-04-29 18:13:26 +02:00
Jens Langhammer	1ede972222	root: handle JSON error in metrics too this can happen when the worker is killed while writing metrics	2022-04-29 11:01:04 +00:00
Jens Langhammer	cd1d1b4402	root: don't force multiprocess prometheus registry Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-04-29 10:53:47 +02:00
Jens Langhammer	c0a883f76f	root: add error handling for prometheus view Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-04-29 10:17:53 +02:00
Jens Langhammer	ab8b37a899	events: fix ignored instances not being a tuple Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-04-25 11:19:58 +02:00
Jens Langhammer	9077eff34d	root: add silk and debugging views Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-04-21 22:38:32 +02:00
Jens Langhammer	2399fa456b	policies: fix current user not being set in server-side policy deny closes #2039 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-04-21 22:30:27 +02:00
Jens Langhammer	0b4ac54363	*: default to max 60 for fqdn_rand Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-04-20 20:07:25 +02:00
Jens Langhammer	1a1434bfda	*: decrease frequency of background tasks, smear tasks based on name and fqdn Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> #2159	2022-04-20 18:43:40 +02:00
Jens Langhammer	d283a5236c	core: add custom shell command which imports all models and creates events for model events Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-04-17 18:14:57 +02:00
github-actions[bot]	e4486b98fc	web: Update Web API Client version (#2733 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: BeryJu <BeryJu@users.noreply.github.com> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-04-17 17:05:43 +02:00
Jens Langhammer	778065f468	core: add flag to globally disable impersonation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-04-17 16:52:55 +02:00
Behn	70794d79dd	sources/oauth: Fix wording for OAuth source names (#2732 )	2022-04-17 16:40:10 +02:00
Jens Langhammer	a3bb5d89cc	events: fix created events only being logged as debug level Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-04-14 22:37:30 +02:00
Jens Langhammer	f4f9f525d7	providers/oauth2: include application in login event Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-04-14 22:36:45 +02:00
Jens Langhammer	4c14e88a25	flows: pin dependency in migration Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-04-14 22:28:26 +02:00
Jens Langhammer	7561ea15de	providers/oauth2: add additional tracing to token view	2022-04-14 16:48:17 +00:00
Jens Langhammer	8242b09394	flows: handle flow title formatting error better, add user to flow title context	2022-04-14 13:56:20 +00:00
Jens Langhammer	9b9c0fe663	release: 2022.4.1	2022-04-12 22:07:34 +02:00
Jens Langhammer	5a58f6ee64	providers/oauth2: remove test for non sa user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-04-12 20:35:13 +02:00
Jens Langhammer	e84b17d550	providers/oauth2: don't force service accounts for client_credentials flow Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-04-12 10:23:25 +02:00
Jens Langhammer	9da439623b	stages/authenticator_duo: fix bad request being sent to duo when calling enrollment_status outside a flow Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> #2666	2022-04-11 21:02:32 +02:00
Jens Langhammer	957bb1c5ef	core: make generated token length configurable closes #2574 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-04-11 20:57:16 +02:00
Jens Langhammer	2303a97bb9	core: add method to set key of token Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> #2574	2022-04-11 20:43:39 +02:00
Jens Langhammer	8be04cc013	providers/oauth2: fix elliptic curve keys attempting to use EC256 instead of ES256 closes #2703 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-04-11 20:05:58 +02:00
Jens Langhammer	cca33a74b6	core: fix error when checking generated users with no expiry Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-04-10 17:53:46 +02:00
Jens Langhammer	f977bf61eb	providers/oauth2: make exp optional on jwt client_credentials flow Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-04-10 17:25:35 +02:00
Jens Langhammer	f8f8a9bbb9	providers/oauth2: give keypairs private key preference over certificate in client_credentials jwt flow Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-04-10 16:27:53 +02:00
Jens Langhammer	e64ca4ab04	core: fix lint error Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-04-08 10:10:30 +02:00
Jens Langhammer	e2f0a76309	outposts: check if docker ports should be mapped before comparing ports Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-04-07 17:30:33 +02:00
Jens Langhammer	5861d41ad3	tenants: add tenant-level attributes, applied to users based on request Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-04-06 10:41:35 +02:00
Jens Langhammer	20262f3f4b	core: mark provider_obj as read_only closes #2637 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-04-04 10:17:59 +02:00
Jens L	633296503d	core: add grouping to applications (#2648 ) * core: add grouping to applications Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * core: add new field to tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-04-02 23:08:58 +02:00
Jens L	508cec2fd5	web: migrate dropdowns to wizards (#2633 ) * web/admin: add basic wizards for providers Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: add dark mode for wizard Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: migrate policies to wizard Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * start source Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * policies: sanitze_dict when returning log messages during tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * Revert "web/admin: migrate policies to wizard" This reverts commit `d8b7f62d3e`. Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> # Conflicts: # web/src/locales/zh-Hans.po # web/src/locales/zh-Hant.po # web/src/locales/zh_TW.po * web: rewrite wizard to be element based Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * further cleanup Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * update sources Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: migrate property mappings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * migrate stages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * migrate misc dropdowns Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * migrate outpost integrations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-04-02 19:48:17 +02:00
Jens Langhammer	7a93614e4b	policies: fix tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-04-02 18:31:02 +02:00
Jens Langhammer	4f319eaa4f	policies/dummy: bump to info to always get message Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-04-02 17:28:51 +02:00
Jens Langhammer	86a8d00b3f	policies: sanitze_dict when returning log messages during tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-04-02 17:15:44 +02:00
Jens Langhammer	5fe8c1f3d7	policies: fix missing default for log_messages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-04-02 16:44:49 +02:00
Jens Langhammer	d84ff2bbca	policies: add policy log messages to test endpoints Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-04-01 22:07:35 +02:00
Jens Langhammer	4be238018b	providers/oauth2: pass scope and other parameters to access policy request context Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> #2641	2022-04-01 21:39:05 +02:00
Jens Langhammer	99008252f8	providers/oauth2: fix verification_keys being required Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-03-31 20:19:13 +02:00
Jens Langhammer	8689444954	providers/oauth2: add password grant support (treated as client_credentials) Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-03-31 18:02:17 +02:00
Jens L	bb8af2f19b	providers/oauth2: add client_assertion_type jwt bearer support (#2618 )	2022-03-31 00:30:55 +02:00
Jens Langhammer	996bd05ba6	api: fix API header auth not passing to next auth method Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-03-31 00:06:01 +02:00
Jens Langhammer	a1a64e25ee	api: remove legacy http basic auth Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-03-30 23:39:08 +02:00
Jens Langhammer	993c6472db	crypto: only count discovered when cert was loaded successfully	2022-03-28 08:58:23 +00:00
Jens Langhammer	123b0b2f05	core: fix pylint renamed variable	2022-03-28 08:58:13 +00:00
Jens Langhammer	7cbd5174f0	stages/invitation: fix tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-03-26 19:12:22 +01:00
Jens Langhammer	c7a83e6182	stages/invitation: add invitation name closes #2583 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-03-26 18:32:59 +01:00
Jens Langhammer	74ff9d04dd	stages/prompt: set field default based on placeholder, fix duplicate fields closes #2572 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-03-23 22:26:06 +01:00
Jens Langhammer	969902f503	stages/prompt: filter rest_framework.fields.empty when field is not required closes #2572 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-03-23 20:21:12 +01:00
Jens Langhammer	04372e21dd	events: handle types in event contexts Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> #2572	2022-03-23 19:49:55 +01:00
Adam G	d75a864f0e	providers/oauth2: map internal groups to GitHub teams in GHE OAuth emulation (#2497 ) * providers/oauth2: impl `/user/teams` endpoint for Github OAuth2 This commit adds a functional `/user/teams` endpoint for the emulated Github OAuth2 service. The teams a user is part of are based on the user's groups in Authentik. * providers/oauth2: Move org template inside loop; Change slug to use Django slugify * providers/oauth2: Remove placeholder replacement * Possibly fix complaints from the linters * Update github.py * Change organization name * Update github.py	2022-03-23 12:05:20 +01:00
Jens Langhammer	0c2b32da31	core: add num_pk to group for applications that need a numerical group id Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> #2497	2022-03-22 21:37:11 +01:00
Jens Langhammer	9ad4c736f1	stages/email: allow overriding of destination email in plan context closes #2445 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-03-22 21:19:34 +01:00
Jens Langhammer	4154b62565	stages/prompt: fix non-required fields not allowing blank values, add more tests closes #2544 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-03-22 20:38:04 +01:00
Jens Langhammer	86a4a7dcee	release: 2022.3.3	2022-03-21 22:37:13 +01:00
Angel Nunez Mencias	8b95e9f97a	crypto: open files in read-only mode for importing (#2536 ) closes #2535	2022-03-21 10:46:09 +01:00
Jens Langhammer	be232e2b77	core: fix provider launch URL being prioritised over manually configured launch URL closes #2493 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-03-16 10:26:55 +01:00
Jens Langhammer	53d0205e86	outposts/proxy: use Prefix in ingress for k8s Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-03-15 19:01:08 +01:00
Jens Langhammer	260a7aac63	release: 2022.3.2	2022-03-15 00:01:01 +01:00
Jens Langhammer	a3df414f24	sources/ldap: fix parent_group not being applied closes #2464 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-03-14 22:13:20 +01:00
Jens Langhammer	dcaa8d6322	flows: revert default flow user change closes #2483 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-03-14 22:05:30 +01:00
Jens Langhammer	ceb894039e	stages/authenticator_validate: fix passwordless flows not working closes #2484 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-03-14 21:15:47 +01:00
Jens Langhammer	c7a825c393	lib: lower default sample rate	2022-03-14 12:38:14 +00:00
Jens Langhammer	54f170650a	core: replace uid with uuid search uid can't be searched it as its a computed field closes #2480 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-03-14 10:35:55 +01:00
Jens Langhammer	fedb81571d	release: 2022.3.1	2022-03-10 19:12:29 +01:00
Jens Langhammer	37528e1bba	stages/authenticator_validate: fix lint Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-03-10 09:56:04 +01:00
Jens Langhammer	cc1509cf57	stages/authenticator_validate: fix logic error when multiple authenticator devices can be selected closes #2290 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-03-10 00:46:42 +01:00
Jens Langhammer	0dfecc6ae2	stages/authenticator_*: fix device.confirmed being set incorrectly closes #2330 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-03-10 00:19:49 +01:00
Jens Langhammer	de17207c68	lib: fix default geoip path Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> #2453	2022-03-09 21:57:29 +01:00
Jens L	920d1f1b0e	providers/oauth2: initial client_credentials grant support (#2437 ) Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-03-05 23:24:55 +01:00
Jens Langhammer	b1fd801ceb	tenants: fix syntax error in expression for locale	2022-03-03 11:50:46 +00:00
Jens Langhammer	1e1d9f1bdd	core/api: allow filtering users by uid, add uid to search closes #2428 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-03-03 10:19:56 +01:00
Jens L	4f4f954693	core: customisable user settings (#2397 ) * tenants: add user_settings flow, add basic flow and basic new executor Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: use flow PromptStage instead of custom stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: add tenant to StageHost interface Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: fix form missing component Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: re-add success message Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: improve support for multiple error messages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/prompt: allow expressions in prompt placeholders Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/prompt: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * flows: always set pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * flows: never cache stage configuration flow plans Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/user_write: fix error when pending user is anonymous user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add checkbox for prompt placeholder expression Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * website/docs: add prompt expression docs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/prompt: add ak-locale field type Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tenants: fix default policy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add function to do global refresh Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: fix rendering of ak-locale Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tenants: fix default policy, add error handling to placeholder, fix locale attribute Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-03-03 00:13:06 +01:00
Jens Langhammer	c57fbcfd89	sources/oauth: log body when get_profile fails Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-03-02 20:37:42 +01:00
Jens Langhammer	08acc7ba41	providers/oauth2: fix invalid launch URL being generated	2022-03-01 15:29:21 +00:00
Jens Langhammer	7bdd32506e	web: cleanup default footer links	2022-03-01 15:27:21 +00:00
dependabot[bot]	f98a9bed9f	build(deps-dev): bump bandit from 1.7.2 to 1.7.3 (#2403 ) * build(deps-dev): bump bandit from 1.7.2 to 1.7.3 Bumps [bandit](https://github.com/PyCQA/bandit) from 1.7.2 to 1.7.3. - [Release notes](https://github.com/PyCQA/bandit/releases) - [Commits](https://github.com/PyCQA/bandit/compare/1.7.2...1.7.3) --- updated-dependencies: - dependency-name: bandit dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * sigh Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-02-28 10:13:51 +01:00
Dorian Zedler	e9064509fe	sources/oauth: Add Mailcow oauth source (#2380 ) * Feat: Add Mailcow oauth source * Feat: Add mailcow icon * Run make * Feat: Add tests * Fix: Remainder from discord test * Docs: Add mailcow oauth source docs * Docs: add mailcow source to menu * Fix: Mailcow provider type in test * Fix: Formatting * Fix: Doc file name	2022-02-27 15:06:02 +01:00
Jens Langhammer	7e5d8624c8	web: fix locale change not updating all elements closes #2365 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-02-26 16:29:12 +01:00
Jens Langhammer	2f8dbe9b97	core: handle all exceptions for applications listing closes #2382 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-02-26 16:08:38 +01:00
Jens L	677bcaadd7	core: add initial app launch url (#2367 ) Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-02-23 22:48:55 +01:00
Jens Langhammer	80f218a6bf	core: also handle TypeError for invalid app URL formatting Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-02-17 18:23:11 +01:00
Jens Langhammer	4a1acd377b	release: 2022.2.1	2022-02-16 10:51:55 +01:00
Jens Langhammer	72259f6479	events: fix lint Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-02-14 23:15:45 +01:00
Jens Langhammer	0973c74b9d	providers/oauth2: fix redirect_uri being lowercased on successful validation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-02-14 23:04:00 +01:00
Jens Langhammer	c7ed4f7ac1	events: check mtime on geoip database Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-02-14 22:42:46 +01:00
Jens Langhammer	3d577cf15e	*: add placeholder custom.css to easily allow user customisation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-02-14 20:05:00 +01:00
Jens Langhammer	c040b13b29	providers/proxy: remove leading slash to allow subdirectories in proxy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> #2305	2022-02-14 12:51:04 +01:00
Jens L	df362dd9ea	core: handle error when formatting launch URL fails closes #2304	2022-02-14 12:02:51 +01:00
Jens Langhammer	3af0de6a00	Revert "root: disable sentry's auto_session_tracking" This reverts commit `4f24d61290`.	2022-02-14 09:55:35 +01:00
Jens Langhammer	4f24d61290	root: disable sentry's auto_session_tracking Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-02-14 09:44:12 +01:00
Jens Langhammer	3b6497cd51	outposts: ensure keypair is set for SSH connections Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-02-13 15:39:37 +01:00
Jens Langhammer	bb4be944dc	sources/ldap: use merger that only appends unique items to list closes #2211 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-02-13 14:20:13 +01:00
Jens Langhammer	21efee8f44	admin: add additional logging when restarting a task Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-02-12 18:40:21 +01:00
Jens Langhammer	f61549a60f	providers/proxy: enable TLS in ingress via traefik annotation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> #1997	2022-02-12 18:35:24 +01:00
Jens Langhammer	0da043a9fe	outposts: make local discovery configurable Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-02-12 17:27:41 +01:00
Jens Langhammer	f336f204cb	stages/authenticator_validate: fix handling when single configuration stage is selected Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-02-12 17:27:33 +01:00
Jens Langhammer	b5d43b15f8	providers/oauth2: add support for explicit response_mode closes #1953 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-02-12 16:56:47 +01:00
Jens Langhammer	2ccab75021	stages/authenticator_validate: add ability to select multiple configuration stages which the user can choose closes #1843 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-02-12 16:55:50 +01:00
Jens Langhammer	8bc3db7c90	release: 2022.1.5	2022-02-09 22:42:34 +01:00
Jens Langhammer	e741caa6b3	core: allow formatting strings to be used for applications' launch URLs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-02-08 23:46:23 +01:00
Jens L	4343246a41	*: rename akprox to outpost.goauthentik.io (#2266 ) Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-02-08 20:25:38 +01:00
Jens Langhammer	c63e1c9b87	outposts: fix compare_ports to support both service and container ports Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-02-08 17:40:49 +01:00
Jens Langhammer	f44cf06d22	outposts: fix service reconciler re-creating services closes #2095 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-02-08 17:23:00 +01:00
Jens Langhammer	15e2032493	stages/authenticator_validate: handle non-existent device_challenges Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-02-07 20:31:49 +01:00
Jens Langhammer	c87f6cd9d9	outposts: remove node_port on V1ServicePort checks to prevent service creation loops Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> #2095	2022-02-07 20:26:14 +01:00
Jens Langhammer	b0936ea8f3	sources/ldap: log entire exception Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-02-07 19:37:39 +01:00
Jens L	d5e04a2301	: remove deprecated backup (#2129 ) : remove backup Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> fix lint Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * website/docs: add docs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * : final cleanup Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> ci: use correct pyproject when migrating from stable Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * website/docs: fix broken docs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-02-05 18:54:15 +01:00
Jens Langhammer	4e4e2b36b6	sources/saml: fix server error Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-02-05 15:41:26 +01:00
Jens Langhammer	eaba8006e6	sources/saml: fix incorrect ProtocolBinding being sent closes #2213 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-02-03 18:20:06 +01:00
Jens Langhammer	39ff202f8c	outposts: fix channel not always having a logger attribute Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-02-03 17:58:54 +01:00
Jens Langhammer	49dfb4756e	release: 2022.1.4	2022-02-01 20:12:55 +01:00
Jens Langhammer	88603fa4f7	providers/proxy: set traefik labels using object_naming_template instead of UUID	2022-02-01 17:13:27 +00:00
Jens Langhammer	0232c4e162	lifecycle: send analytics in gunicorn config to decrease outgoing requests when workers get restarted Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-02-01 15:01:43 +01:00
Jens Langhammer	e93be0de9a	sources/ldap: add list_flatten function to property mappings, enable on managed LDAP mappings closes #2199 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-01-31 23:07:32 +01:00
Jens Langhammer	a5adc4f8ed	core: fix view_token permission not being assigned on token creation for non-admin user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-01-31 20:00:30 +01:00
Jens Langhammer	ceaf832e63	root: remove boto integration in sentry to ease backup removal	2022-01-31 13:47:18 +00:00
Jens Langhammer	c55f503b9b	release: 2022.1.3	2022-01-26 22:15:28 +01:00
Jens Langhammer	c2586557d8	root: fix redis passwords not being encoded correctly closes #2130 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-01-26 20:45:45 +01:00
Jens Langhammer	0d47654651	root: add max-requests for gunicorn and max tasks for celery Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-01-26 10:04:58 +01:00
Jens Langhammer	2f4c92deb9	Merge branch 'version-2022.1'	2022-01-24 21:42:12 +01:00
Jens Langhammer	c7ba183dc0	providers/proxy: fix traefik label closes #2128 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-01-24 17:45:09 +01:00
Jens Langhammer	3d724db0e3	release: 2022.1.2	2022-01-24 11:28:00 +01:00
Jens Langhammer	2997542114	lib: disable backup by default, add note to configuration	2022-01-24 10:00:15 +00:00
Jens Langhammer	42f5cf8c93	outposts: allow custom label for docker containers closes #2128 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-01-23 21:55:58 +01:00
Jens Langhammer	82cc1d536a	providers/proxy: add PathPrefix to auto-traefik labels Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> #2128	2022-01-23 21:55:46 +01:00
Jens Langhammer	6a411d7960	policies/hibp: ensure password is encodable closes AUTHENTIK-1SA Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-01-23 21:23:24 +01:00
Jens Langhammer	f4a6c70e98	release: 2022.1.1	2022-01-22 18:28:40 +01:00
Jens Langhammer	dd8b579dd6	lib: ignore paramiko logger Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-01-21 10:46:33 +01:00
Jens Langhammer	994c5882ab	root: fix error if secret_key is purely numerical closes #2099 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-01-18 09:17:33 +01:00
Jens Langhammer	0db0a12ef3	root: rename csrf header Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-01-16 16:17:44 +01:00
Jens Langhammer	eaeab27004	lib: add support for custom env Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-01-16 14:56:02 +01:00
Jens Langhammer	111fbf119b	*: refactor prometheus gauges to directly updating metrics view Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-01-16 13:57:07 +01:00
Jens Langhammer	92cc0c9c64	root: decrease to 10 backup history Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-01-14 19:59:50 +01:00
Jens Langhammer	18ff803370	outposts: trigger service update on k8s when selector doesnt match Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-01-14 11:42:57 +01:00
Jens Langhammer	6338785ce1	outposts: change label app.kubernetes.io/name to include outpost type Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-01-14 10:34:54 +01:00
Jens Langhammer	973e151dff	outposts: add Additional version labels to managed k8s deployments Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-01-13 17:48:01 +01:00
Jens Langhammer	fae6d83f27	*: simplify extracting current version info Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-01-13 17:47:31 +01:00
Jens Langhammer	ed84fe0b8d	root: set samesite for csrf cookie Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-01-12 23:14:14 +01:00
Jens Langhammer	7db7b7cc4d	stages/authenticator_validate: fix lint Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-01-12 23:00:28 +01:00
Jens Langhammer	e758db5727	stages/authenticator_webauthn: make more WebAuthn options configurable Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-01-12 22:57:49 +01:00
Jens Langhammer	4d7d700afa	providers/oauth2: change default redirect uri behaviour; set first used url when blank and use star for wildcard Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-01-12 22:44:57 +01:00
Jens Langhammer	f9a5add01d	root: include build in analytics Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-01-12 22:18:52 +01:00
Jens Langhammer	2986b56389	root: fix backups running every minute instead of once Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-01-12 22:09:44 +01:00
Jens Langhammer	11e25617bd	crypto: fully parse certificate on validation in serializer to prevent invalid certificates from being saved closes #2082 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-01-10 20:36:50 +01:00
Jens Langhammer	19d5902a92	flows: handle error if flow title contains invalid format string Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-01-10 19:49:27 +01:00
Jens Langhammer	71dffb21a9	outposts: improve error handling for outpost service connection state Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-01-10 19:44:13 +01:00
Jens Langhammer	2543224c7c	core: dont return 404 when trying to view key of expired token Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-01-10 17:53:09 +01:00
Jens Langhammer	6b6702521f	api: don't return error reporting enabled when debug is enabled Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-01-07 21:53:22 +01:00
Jens Langhammer	c07b8d95d0	outposts/proxy: remove deprecated headers Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-01-07 17:01:23 +01:00
Jens Langhammer	0027dbc0e5	root: remove old api path Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-01-06 22:21:21 +01:00
Jens Langhammer	c15e4b24a1	release: 2021.12.5	2022-01-06 21:29:12 +01:00
Jens Langhammer	03503363e5	core: fix UserSelfSerializer's save() overwriting other user attributes closes #2070 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-01-06 18:23:06 +01:00

... 4 5 6 7 8 ...

2598 Commits