trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
7,324 Commits 95 Branches 330 Tags 336 MiB
Commit Graph

1856 Commits

Author SHA1 Message Date
Jens Langhammer 847cfed73f web/user: don't show managed tokens in user interface 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-10-05 11:11:34 +02:00
Jens Langhammer 05b587ae44 outposts: fix error when comparing ports in docker controller when port mapping is disabled 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-10-05 10:44:07 +02:00
Jens Langhammer a515afae0b recovery: handle error when user doesn't exist 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-10-05 10:40:59 +02:00
Jens Langhammer 1c340ddbbd Merge branch 'version-2021.9' 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	web/package-lock.json
#	web/package.json
 2021-10-04 22:02:56 +02:00
Jens Langhammer bcf7e162a4 release: 2021.9.5 2021-10-04 20:08:46 +02:00
Jens Langhammer cb37e5c10e stages/email: add activate_user_on_success flag, add for all example flows 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	web/src/locales/fr_FR.po
 2021-10-04 18:50:19 +02:00
Jens Langhammer 73bb778d62 stages/user_login: add check for user.is_active and tests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-10-04 18:50:00 +02:00
Jens Langhammer b612a82e16 outposts: don't always build permissions on outpost.user access, only in signals and tasks 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-10-04 18:49:57 +02:00
Jens Langhammer 09f43ca43b events: add missing migration 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-10-04 18:49:50 +02:00
Steven Armstrong 1c91835a26 providers/ldap: use RDN when using posixGroup's memberUid attribute (#1514) 
Use the RDN instead of the FDN when establishing group memberships based on posixGroup's 'memberUid' attribute.

fixes #1436

Signed-off-by: Steven Armstrong <steven@armstrong.cc>
 2021-10-04 18:49:45 +02:00
Jens Langhammer 3634bf4629 tests/integration: fix tests failing due to incorrect comparison 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-10-04 18:49:10 +02:00
Jens Langhammer 0692663537 stages/email: add activate_user_on_success flag, add for all example flows 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-10-04 18:47:51 +02:00
Jens Langhammer b5649bdcc4 stages/user_login: add check for user.is_active and tests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-10-04 18:37:05 +02:00
Jens Langhammer fab9a10487 outposts: don't always build permissions on outpost.user access, only in signals and tasks 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-10-04 18:04:19 +02:00
Jens Langhammer 0f00b27384 events: add missing migration 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-10-04 17:51:31 +02:00
Steven Armstrong ab5981836d
providers/ldap: use RDN when using posixGroup's memberUid attribute (#1514) 
Use the RDN instead of the FDN when establishing group memberships based on posixGroup's 'memberUid' attribute.

fixes #1436

Signed-off-by: Steven Armstrong <steven@armstrong.cc>
 2021-10-04 10:56:06 +02:00
Jens Langhammer 036a4e86e2 tests/integration: fix tests failing due to incorrect comparison 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-10-03 22:54:07 +02:00
Jens Langhammer 45f99fbaf0 outposts: fix circular import in kubernetes controller 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-10-03 19:25:26 +02:00
Jens Langhammer 83150d9920 outposts: fix circular import in kubernetes controller 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-10-03 19:25:18 +02:00
Jens Langhammer e31a3307b5 providers/proxy: always check ingress secret in kubernetes controller 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-10-03 19:14:42 +02:00
Jens Langhammer d28fcca344 outposts: check ports of deployment in kubernetes outpost controller 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-10-03 19:14:42 +02:00
Jens Langhammer c296e1214c web: fix package lock 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-10-03 19:14:37 +02:00
Jens Langhammer d30dcda814 providers/proxy: always check ingress secret in kubernetes controller 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-10-03 19:14:27 +02:00
Jens Langhammer c720c9f41b outposts: check ports of deployment in kubernetes outpost controller 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-10-03 19:09:52 +02:00
Jens Langhammer 39d87841d0 outposts/proxy: add new headers with unified naming 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-10-03 18:20:44 +02:00
Jens Langhammer b285814e24 sources/ldap: fix logic error in Active Directory account disabled status 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-10-03 18:19:07 +02:00
Jens Langhammer 1c52836060 web: fix package lock 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-10-03 01:17:41 +02:00
Jens Langhammer 8dd77793a0 sources/ldap: fix logic error in Active Directory account disabled status 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-10-03 00:30:35 +02:00
Jens Langhammer 3c1ac4c7ec outposts/proxy: add new headers with unified naming 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-10-02 22:00:23 +02:00
Jens Langhammer faca127217 Merge branch 'version-2021.9' 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	Pipfile.lock
 2021-10-01 12:19:11 +02:00
Jens Langhammer 1a6ea72c09 release: 2021.9.4 2021-10-01 09:51:51 +02:00
Jens Langhammer c251b87f8c sources/ldap: add support for Active Directory `userAccountControl` attribute 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-30 19:34:43 +02:00
Jens Langhammer 21a9aa229a sources/ldap: don't sync ldap source when no property mappings are set 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-30 19:34:43 +02:00
Jens Langhammer 53e15bfbca sources/ldap: add support for Active Directory `userAccountControl` attribute 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-30 19:13:48 +02:00
Jens Langhammer 8bce16e6b4 sources/ldap: don't sync ldap source when no property mappings are set 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-30 18:49:18 +02:00
Jens Langhammer 10b45d954e outposts: allow disabling of docker controller port mapping 
closes #1474

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-30 00:11:50 +02:00
Jens Langhammer 4cb8ae760a outposts: allow disabling of docker controller port mapping 
closes #1474

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-29 23:55:22 +02:00
Jens L f9ad102915
flows: inspector (#1469) 
* flows: add initial inspector

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: change naming a bit

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flow: add inspector frame

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: don't use shadydom when inspecting

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: add current stage to api

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* stages/*: fix imports

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: deep-copy plan instead of just adding

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flows: ui

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: restrict inspector to admin

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: add buttons to launch flow with inspector

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flows: don't automatically follow redirects when inspector is open

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: make current_plan optional, only require historry

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flows: handle error messages in inspector

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flows: improve UI when flow is done

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: add is_completed flag to inspector

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: fix monkeypatches for tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: add inspector tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* ci: re-enable cache

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-28 09:36:48 +02:00
Jens Langhammer 941bc61b31 release: 2021.9.3 2021-09-27 17:31:50 +02:00
Jens Langhammer 282b364606 stages/prompt: fix inconsistent policy context for validation policies 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-27 17:05:26 +02:00
pemontto 674bd9e05c
web/admin: Fix typo 'username address' -> 'username' (#1473) 2021-09-26 12:53:37 +02:00
Jens Langhammer b248f450dd outposts: make AUTHENTIK_HOST_BROWSER configurable from central config 
closes #1471

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-26 12:00:51 +02:00
pemontto aea1736f70
outposts/proxy: Fix failing traefik healtcheck (#1470) 2021-09-26 11:33:18 +02:00
Jens Langhammer 4f3583cd7e providers/proxy: make token_validity float and optional for backwards compat 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-25 15:54:32 +02:00
Jens Langhammer f7408626a8 providers/proxy: return token_validity as total seconds instead of expression 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-25 15:44:16 +02:00
Jens Langhammer 28eeb4798e providers/proxy: add token_validity field for outpost configuration 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#1462
 2021-09-25 15:00:06 +02:00
Jens Langhammer 79b92e764e *: fix typos in code 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-25 00:01:11 +02:00
Jens Langhammer 919336a519 outposts: ensure service is always re-created with mismatching ports 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-24 23:45:15 +02:00
Jens Langhammer 93bdea3769 core: fix api return code for user self-update 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-24 11:51:03 +02:00
Jens Langhammer 64b4e851ce events: add additional validation for event transport 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-23 16:29:58 +02:00
Jens Langhammer eddca478dc release: 2021.9.2 2021-09-23 12:34:02 +02:00
Jens Langhammer 74169860cf api: add logging to sentry proxy 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-23 09:57:42 +02:00
Jens Langhammer 2fe6de0505 release: 2021.9.1 2021-09-22 19:11:20 +02:00
Jens Langhammer ae07f13a87 outposts: don't map port 9300 on docker, only expose port 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-21 21:40:08 +02:00
Jens Langhammer e6b275add3 stages/invitation: fix linting 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-20 20:41:05 +02:00
Jens Langhammer 27016a5527 stages/invitation: fix tests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-20 20:30:51 +02:00
Jens Langhammer 4c29d517f0 stages/email: use different query arguments for email and invitation tokens 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-20 19:55:53 +02:00
Jens Langhammer 180d27cc37 outposts: don't restart container when health checks are starting 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-20 19:46:05 +02:00
Jens Langhammer 3195640776 stages/email: slugify token identifier 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-20 19:26:25 +02:00
Jens Langhammer d900a2b6a9 *: fix lookup_fields 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-20 19:19:36 +02:00
Jens Langhammer 95a2fddfa8 policies/expression: add ak_user_has_authenticator 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-20 19:13:41 +02:00
Jens Langhammer 8f7d21b692 stages/email: don't throw 404 when token can't be found 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-20 19:01:25 +02:00
Jens Langhammer 3f84abec2f core: fix token identifier not being slugified when created with user-controller input 
closes #1390

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-20 13:43:25 +02:00
Jens Langhammer b5c857aff4 api: add explicit lookup_value_regex, disable include_format_suffixes 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-20 13:42:56 +02:00
Jens Langhammer ac52667327 release: 2021.9.1-rc3 2021-09-19 21:52:49 +02:00
Jens Langhammer f6e0f0282d core: fix tokens not being viewable but superusers 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-19 16:11:20 +02:00
Jens Langhammer 3f42067a8f web: improve display of action buttons with non-primary classes 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-19 15:57:12 +02:00
Jens Langhammer ed6f5b98df sources/ldap: improve messages of sync tasks in UI 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-19 15:54:22 +02:00
Jens Langhammer c85484fc00 core: allow admins to create tokens with all parameters, re-add user to token form 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-19 15:25:48 +02:00
Jens Langhammer 8279690a8f sources/ldap: prevent error when retrying old system task with no arguments 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-17 16:49:26 +02:00
Jens Langhammer 3d8d93ece5 root: log failed celery tasks to event log 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-17 12:42:42 +02:00
Jens Langhammer 06af306e8a sources/ldap: bump timeout, run each sync component in its own task 
closes #1411

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-17 12:42:20 +02:00
dependabot[bot] 3e4ce62dfe
build(deps-dev): bump pylint from 2.10.2 to 2.11.1 (#1409) 
* build(deps-dev): bump pylint from 2.10.2 to 2.11.1

Bumps [pylint](https://github.com/PyCQA/pylint) from 2.10.2 to 2.11.1.
- [Release notes](https://github.com/PyCQA/pylint/releases)
- [Changelog](https://github.com/PyCQA/pylint/blob/main/ChangeLog)
- [Commits](https://github.com/PyCQA/pylint/compare/v2.10.2...v2.11.1)

---
updated-dependencies:
- dependency-name: pylint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* root: update pylint config

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-17 09:46:39 +02:00
Jens Langhammer 28189bdddf release: 2021.9.1-rc2 2021-09-16 23:23:36 +02:00
Jens L 13e2eea72f
web/user: new end-user interface (#1404) 
* web/user: migrate to top navbar

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/user: prepare config from server

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* re-sort

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* remove old interface

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update issue template

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use notification badge

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/user: re-add go-to-admin button

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* *: fix remaining redirects directly to admin

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* make settings better

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* api: ensure sources and stages are sorted

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/user: add sessions and consent

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/oauth2: add post wrapper to stage

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* website/docs: add new interface to release notes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-16 22:17:05 +02:00
Jens L 9441be1ee2
interface split (#943) 2021-09-16 17:30:16 +02:00
Jens Langhammer 17503365f7 policies: improve error handling when using bindings without policy 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-16 11:04:31 +02:00
Jens Langhammer ebf9f0ca63 stages/email: don't crash when testing stage does not exist 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-16 11:04:08 +02:00
Jens Langhammer ae26d2756f providers/saml: improved error handling 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-16 10:58:51 +02:00
Jens Langhammer 124071f9be root: remove python requirement from pipfile 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-16 10:37:43 +02:00
Jens Langhammer 341c58a722 core: fix token expiry for service accounts being only 30 minutes 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-16 09:57:34 +02:00
Jens Langhammer bdd5e16db1 release: 2021.9.1-rc1 2021-09-15 20:20:54 +02:00
Jens Langhammer d4672bfe79 events: log parsed query string instead of just full path 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-15 20:15:04 +02:00
Jens Langhammer abd9fab41a api: fix call of sentry proxy task 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-15 19:39:58 +02:00
Jens Langhammer 7c8bf42ef9 api: send proxied sentry events in background 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-15 19:12:20 +02:00
Jens Langhammer 274b555912 api: add timeout for sentry proxy 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-15 18:59:27 +02:00
Jens Langhammer 916530f0d8 providers/oauth2: use access_code_validity for id_tokens generated when using an implicit flow, improve wording in web ui 
closes #1369

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-15 17:14:53 +02:00
Jens Langhammer 95efd47f65 root: remove asgi error handler 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-15 12:23:14 +02:00
Jens Langhammer 90ecb1af7f outposts: fix service account's permissions being checked twice 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-15 09:55:27 +02:00
Jens Langhammer d7fdca1b44 stages/email: fix error when retrying email delivery after stage has been deleted 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-15 09:50:11 +02:00
Denis Teyssier 37346763dc
sources/oauth: Updating token url to new google url (#1397) 
the present url goes to a 404
google openid (https://accounts.google.com/.well-known/openid-configuration) says the new url is `https://oauth2.googleapis.com/token`

not using the new url makes authentik fallback on the default auth flow
 2021-09-15 09:15:19 +02:00
Jens Langhammer ef341dd405 stages/user_write: add option to add newly created users to a group 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-14 21:45:34 +02:00
Jens Langhammer 3ddf2d6f85 sources/oauth: fix type lookup for openid not matching 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-14 14:38:35 +02:00
Jens Langhammer ba6849f29c *: remove string.format() 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-14 12:06:47 +02:00
Jens Langhammer 942170f902 Revert "sources/oauth: fix access_token being sent as query param and not authorization header" 
This reverts commit 248f993541.
 2021-09-14 11:59:32 +02:00
Jens Langhammer 248f993541 sources/oauth: fix access_token being sent as query param and not authorization header 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-14 11:07:36 +02:00
Jens Langhammer 3a700a449a sources/oauth: don't try to load azure AD user ID as UUID 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-14 09:33:44 +02:00
Jens Langhammer 23444f4df0 core: fix lint error 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-13 18:19:28 +02:00
Jens Langhammer 71e68b498e core: optimise groups api by removing member superuser status 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-13 18:06:37 +02:00
Jens Langhammer fb267ee223 tenants: optimise db queries in middleware 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-13 17:54:37 +02:00
Jens Langhammer a4b3519428 api: fix possible error in sentry proxy 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-13 16:36:04 +02:00
Jens Langhammer 9a7fa39de4 events: allow setting a mapping for webhook transport to customise request payloads 
closes #1383

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-12 01:05:42 +02:00
Jens Langhammer c779ad2e3b *: use common user agent for all outgoing requests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-11 21:08:26 +02:00
Jens Langhammer 7e7ef289ba admin: migrate to new update check, add option to disable update check 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-11 20:35:23 +02:00
Jens Langhammer bf771f8b6c release: 2021.8.5 2021-09-11 19:20:13 +02:00
Jens Langhammer df4c8003b8 api: fix items of list fields having nullable set 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-10 18:15:59 +02:00
Jens Langhammer 39b365c6ae sources/oauth: don't cancel flow when redirecting 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-10 16:36:10 +02:00
Jens Langhammer e229eda96e outposts/controllers/kubernetes: don't create service monitor for embedded outpost 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-10 15:59:39 +02:00
Jens Langhammer 4448145aa9 providers/proxy: use auth/traefik subpath 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-10 13:53:04 +02:00
Jens Langhammer 7dfbcdbb81 stages/authenticator_duo: add API to "import" devices from duo 
closes #1371

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-10 11:35:09 +02:00
Jens Langhammer 2862b4ecfb core: remove ?v from static files 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-09 20:09:12 +02:00
Jens Langhammer 13d17dc729 lib: fix default listening port for metrics 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-09 16:40:39 +02:00
Jens Langhammer 5cf3a13ca8 flows: fix invalid parameter in tests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-09 16:36:51 +02:00
Jens Langhammer d0898a3869 flows: ensure all StageViews accept post, add tests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-09 16:30:14 +02:00
Jens L 7158c9d2ea
core: metrics v2 (#1370) 
* outposts: add ldap metrics, move ping to 9100

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outpost: add flow_executor metrics

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use port 9300 for metrics, add core metrics port

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outposts/controllers/k8s: add service monitor creation support

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-09 15:52:24 +02:00
Jens Langhammer da58796768 providers/proxy: fix defaults for old proxy providers (load providers directly) 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-09 13:54:24 +02:00
Jens Langhammer d98499a3fa providers/proxy: fix defaults for old proxy providers 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-09 13:26:36 +02:00
Jens Langhammer f3ff398a44 providers/proxy: add metrics port to controllers 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-08 23:01:22 +02:00
Jens Langhammer 533eb59a04 outposts/controllers: re-create service when mismatched ports to prevent errors 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-08 23:00:53 +02:00
Jens Langhammer 502393ee56 outpost/proxyv2: allow port offset via yaml 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-08 21:07:06 +02:00
Jens L 3c1b70c355
outposts/proxyv2 (#1365) 
* outposts/proxyv2: initial commit

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add rs256

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

more stuff

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add forward auth an sign_out

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

match cookie name

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

re-add support for rs256 for backwards compat

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add error handler

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

ensure unique user-agent is used

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

set cookie duration based on id_token expiry

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

build proxy v2

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add ssl

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add basic auth and custom header support

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add application cert loading

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

implement whitelist

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add redis

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

migrate embedded outpost to v2

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

remove old proxy

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

providers/proxy: make token expiration configurable

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add metrics

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

fix tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/proxy: only allow one redirect URI

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix docker build for proxy

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* remove default port offset

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add AUTHENTIK_HOST_BROWSER

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* tests: fix e2e/integration tests not using proper tags

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* remove references of old port

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix user_attributes not being loaded correctly

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup dependencies

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-08 18:04:56 +00:00
Jens Langhammer de3e1c3dbc sources/oauth: fix FlowExecutor view call 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-07 11:39:03 +02:00
Jens Langhammer 3c6aac5435 sources/oauth: prevent potentially confidential data from being logged 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-07 11:05:18 +02:00
Jens Langhammer eeb755ab7d root: show location header in logs when redirecting 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-07 11:04:00 +02:00
Jens Langhammer 70d0dd51a5 sources/oauth: cancel currently active flows before redirecting out 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-07 11:03:45 +02:00
Jens Langhammer 0bae550520 root: include authentik version in backup naming 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-05 20:25:02 +02:00
github-actions[bot] 9dbafaaea2 web: Update Web API Client version (#1348) 
Signed-off-by: GitHub <noreply@github.com>

Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-04 22:49:16 +02:00
Jens Langhammer 2db8b07578 events: add mark_all_seen 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-04 22:08:12 +02:00
Jens Langhammer b7ef076798 outposts: add expected outpost replica count to metrics 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-04 15:56:57 +02:00
Jens Langhammer 37c29a073e policies/password: fix symbols not being checked correctly 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-04 15:21:48 +02:00
Jens Langhammer 6ec8432217 policies/password: don't use regex for symbol detection 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-04 14:36:01 +02:00
Jens Langhammer 3ba84a8e8b stages/identification: fix empty user_fields query returning first user 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-04 14:07:14 +02:00
Jens Langhammer 3378e82ec7 root: fix is_secure with safari on debug environments 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-04 13:45:50 +02:00
Jens Langhammer e09a27cf87 events: remove authentik_events gauge 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-03 18:04:26 +02:00
Jens Langhammer 200e409d91 core: minor query optimization 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-03 14:02:57 +02:00
Jens Langhammer d92d8e6dbb api: add additional filters for ldap and proxy providers 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-03 10:43:09 +02:00
Jens Langhammer c2b9dc5c75 api: cache schema, fix server urls 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-03 10:23:14 +02:00
Jens Langhammer 276d8fe5cf release: 2021.8.4 2021-09-02 20:21:21 +02:00
Jens Langhammer 7fea20375f *: fix tests not using APITestCase 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-02 19:14:21 +02:00
Jens Langhammer f0db408699 api: add v3 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-02 17:40:02 +02:00
Jens Langhammer cc5cc43baa api: fix sentry endpoint not working due to mime-media 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-02 16:56:53 +02:00
Jens Langhammer e512f085db root: allow enabling s3 backup ssl verification 
closes #1332

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-02 09:41:55 +02:00
Jens Langhammer 26fd66d831 stages/authenticator_validate: fix variable shadowing, optimization 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-01 19:54:54 +02:00
Jens Langhammer 4fc8e61f8c stages/authenticator_validate: show single button for multiple webauthn authenticators 
tested with browser + yubikey 5

closes #1096

The order of allowCredentials doesn't seem to matter, chrome seems to always choose the internal authenticator first.

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-01 19:28:52 +02:00
Jens Langhammer 17cb76c334 stages/invitation: fix invitation not inheriting ExpiringModel 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-01 14:25:19 +02:00
Jens Langhammer 5745ffa0a8 ci: don't login to docker on forks 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-31 09:31:10 +02:00
Jens Langhammer 1b8271d767 flows: disable compatibility_mode by default 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-30 17:18:43 +02:00
Jens Langhammer 3e9f5ec5ef providers/proxy: improve error handling for non-tls ingresses 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-30 14:43:57 +02:00
Jens Langhammer 63f57b6a77 events: improve logging for task exceptions 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-30 14:43:44 +02:00
Jens Langhammer a016f99450 core: fix user_obj being empty on token API 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-30 12:51:17 +02:00
Jens Langhammer 0c6e781e5b providers/proxy: fix traefik middleware being generated with wrong ports for embedded outposts 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-29 20:49:11 +02:00
Jens Langhammer 523b96a6d2 api: add basic rate limiting for sentry endpoint 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-29 19:33:18 +02:00
Jens Langhammer b1ed2154ac policies/password: fix PasswordStage not being usable with prompt stages, rework validation logic 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-29 00:40:36 +02:00
Jens Langhammer 160139813d release: 2021.8.3 2021-08-28 16:58:44 +02:00
Jens Langhammer 582ad92c76 outposts/k8s: improve error handling 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-28 14:58:26 +02:00
Jens Langhammer f61736e3d1 stages/identification: add error handling when password isn't set 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-28 12:54:10 +02:00
Jens Langhammer 2d8b4f543b providers/proxy: fix url parsing for traefik labels on docker containers 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-27 22:21:16 +02:00
Jens Langhammer 8542dc10ab providers/proxy: fix docker container labels not being inherited correctly 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-27 20:20:34 +02:00
Jens Langhammer 12ddee3bb6 outpost: add additional labels to docker container 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-27 19:26:27 +02:00
Jens Langhammer dc41d0af27 outposts: add configurable docker_network for outpost 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-27 19:26:11 +02:00
Jens Langhammer c4f72c2bc1 release: 2021.8.2 2021-08-26 17:58:20 +02:00
Jens Langhammer e92f9836e3 root: allow django auth backend for upgrading users with cache 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-26 17:57:25 +02:00
Jens Langhammer 897f6f3473 release: 2021.8.1 2021-08-26 16:03:45 +02:00
Jens Langhammer 2ae164df78 *: cleanup api schema warnings 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-26 09:36:41 +02:00
Jens Langhammer 0ccec96490 core: make user optional in token creation 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-25 21:21:51 +02:00
Jens Langhammer d79975c409 core: fix user object for token not be setable 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-25 20:43:34 +02:00
Jens Langhammer 20d65035d5 core: fix error when user updates themselves 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-25 17:52:50 +02:00
Jens Langhammer 8d6227377f core: fix error for asgi error handler with websockets 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-25 10:24:01 +02:00
Jens Langhammer 4d27694706 release: 2021.8.1-rc2 2021-08-24 21:29:29 +02:00
Jens Langhammer d7ad5f6a16 core: add API to create service account with token for app password 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-24 20:09:22 +02:00
Jens Langhammer 5af9a3d3be sources/saml: fix error when getting metadata 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-24 16:51:08 +02:00
Jens Langhammer dec34bc948 stages/password: fix replace_inbuilt not being called 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-24 16:37:39 +02:00
Jens Langhammer cc6d5765f2 web/admin: fix inconsistent ordering for ldap property mappings 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-24 13:04:19 +02:00
Jens Langhammer 2ec1ff2ebb sources/ldap: fix error when modifying ldap source with password write-back 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-24 13:03:41 +02:00
Jens Langhammer 884c2bd0e9 root: fix missing ldap backend 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-24 13:03:19 +02:00
Jens Langhammer 2c938ec9dc stages/password: sort backends in migration 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-24 12:44:45 +02:00
Jens Langhammer 9733caf3b7 admin: use copy for environ api 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-24 11:39:49 +02:00
Jens Langhammer 10e50bc77f stages/user_login: improve logging 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-24 10:58:50 +02:00
Jens Langhammer 5be152e12d stages/password: fix migration error 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-24 10:57:20 +02:00
Jens Langhammer b0efab6d6d admin: add env to API 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-24 10:55:46 +02:00
Jens Langhammer c60ba91fee core: fix auth saving entire models into session 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-23 23:59:43 +02:00
Jens Langhammer cba255eaaa Merge branch 'master' into app-passwords 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	authentik/core/tests/test_source_flow_manager.py
#	authentik/stages/authenticator_validate/tests.py
#	authentik/stages/password/tests.py
#	scripts/generate_ci_config.py
 2021-08-23 21:21:12 +02:00
Jens L 859cf2bd8f
lib: move id and key generators to lib (#1286) 
* lib: move generators to lib

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: bump default token key size

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* *: fix split being used for http basic auth instead of partition

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/elements: don't rethrow error in ActionButton

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-23 20:27:38 +02:00
Jens Langhammer a2578ffaad core: add token tests for invalid intent and token auth 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-23 20:21:54 +02:00
Jens Langhammer 888526a2a7 stages/user_write: fix wrong fallback authentication backend 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-23 19:31:23 +02:00
Jens Langhammer 27cc5d7138 core: fix authentication error when no request is given 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-23 19:09:53 +02:00
Jens Langhammer 5face5410f web/admin: select all password stage backends by default 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-23 18:08:29 +02:00
Jens Langhammer e27a6fdeeb events: fix linting 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-23 17:48:28 +02:00
Jens Langhammer 033c9a3bd3 core: fix token intent not defaulting correctly 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-23 17:33:35 +02:00
Jens Langhammer 0b280c0a47 website: fix example flows using incorrect backend 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-23 17:26:07 +02:00
Jens Langhammer 07a4f474f4 website/docs: add docs for `auth_method` and `auth_method_args` fields 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-23 17:23:55 +02:00
Jens Langhammer 244dc671db Merge branch 'master' into app-passwords 2021-08-23 17:12:17 +02:00
Jens Langhammer 4308136108 root: fix error_handler for websocket 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-23 17:12:11 +02:00
Jens Langhammer 69a0153619 core: use custom inbuilt backend, set backend login information in flow plan for events 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-23 17:09:53 +02:00
Jens Langhammer 00e9b91f56 web/admin: fix missing app passwords backend 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-23 16:47:38 +02:00
Jens Langhammer 4cf76fdcda stages/password: auto-enable app password backend 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-23 16:39:39 +02:00
Jens Langhammer f217d34a98 web/admin: allow users to create app password tokens 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-23 16:27:39 +02:00
Jens Langhammer 9a6a3e66b8 root: update schema 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-23 16:14:33 +02:00
Jens Langhammer 20572c728d core: add new token intent and auth backend 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-23 16:05:29 +02:00
Jens Langhammer f6953296d8 outposts: add recursion limit for docker controller 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-23 15:25:28 +02:00
Jens Langhammer e4790f9060 core: handle error when ?for_user is not numberical 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-23 15:25:18 +02:00
Jens Langhammer 58712047e1 root: add ASGI Error handler 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-23 15:15:12 +02:00
Jens Langhammer 85915905dc web/flows: fix error during error handling 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-23 15:11:30 +02:00
Jens Langhammer 12e2f7b945 outposts: add repair_permissions command 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-23 14:53:53 +02:00
Jens Langhammer 45d47f828a outpost: handle non-existant permission 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-23 14:39:47 +02:00
dependabot[bot] 7efec281be
build(deps-dev): bump pylint from 2.9.6 to 2.10.2 (#1280) 
* build(deps-dev): bump pylint from 2.9.6 to 2.10.2

Bumps [pylint](https://github.com/PyCQA/pylint) from 2.9.6 to 2.10.2.
- [Release notes](https://github.com/PyCQA/pylint/releases)
- [Changelog](https://github.com/PyCQA/pylint/blob/main/ChangeLog)
- [Commits](https://github.com/PyCQA/pylint/compare/v2.9.6...v2.10.2)

---
updated-dependencies:
- dependency-name: pylint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* *: add missing encoding to open() calls

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-23 10:10:31 +02:00
Jens Langhammer 7639cdad0a release: 2021.8.1-rc1 2021-08-22 20:17:35 +02:00
Jens Langhammer b003e8e1e8 sources/oauth: fix openidconnect provider name 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-21 18:36:06 +02:00
Jens Langhammer 294d70ae4d outposts/ldap: move virtual groups to other OU for lookups, conditionally skip requests based on search filter 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-21 17:53:09 +02:00
Jens Langhammer 3e909ae6bb core: allow filtering users by the groups they are in 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-21 16:27:48 +02:00
Jens Langhammer b4f738492d sources/oauth: improve UI with prefilled urls (when customizable) and hiding provider type 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-21 15:52:41 +02:00
Jens Langhammer bff7addb55 stages/password: adjust name of default prompt stage 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-21 15:16:18 +02:00
Jens Langhammer 2a90c0b35e sources/oauth2: migrate to microsoft graph instead of azure graph 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-21 15:15:29 +02:00
Jens Langhammer 93e27d1959 web: improve failed request handling 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-21 14:40:45 +02:00
Jens Langhammer 02c736d784 lib: ignore installation specific errors 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-21 14:14:18 +02:00
Jens Langhammer 6433b5982e api: add cache timeouts to config API for outposts 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-21 14:14:18 +02:00
Jens Langhammer 18eccd995d sources/plex: fix linting error 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-17 13:44:54 +02:00
Jens Langhammer 495b068be5 web: add plex connection deletion support 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-17 13:02:40 +02:00
Jens Langhammer 84c4547005 sources/plex: add API for user connections 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-17 13:02:40 +02:00
Jens Langhammer 8fe38b528b outposts: fix managed check 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-16 09:36:01 +02:00
Jens Langhammer 0a6efab7cb outposts: fix syntax 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-15 20:59:37 +02:00
Jens Langhammer b35e62e5ae outposts: don't start docker container for embedded outpost 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-15 18:10:49 +02:00
Jens Langhammer 2592fc3826 sources/ldap: allow for anonymous binds, fix sync_users_password not working correctly 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-12 19:09:29 +02:00
Jens Langhammer d9ece98bbc core: fix token expiration not being updated upon key rotation 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-12 17:22:42 +02:00
Jens Langhammer 1524efcf51 core: fix expired tokens not being returned by API 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-12 17:21:53 +02:00
Jens Langhammer c92c0102ca website/docs: add database port parameter 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-12 02:24:36 +02:00
Jens Langhammer c6dddc97f0 core: fix error when migrating with AK_ADMIN_TOKEN set 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-11 22:36:52 +02:00
Jens Langhammer 38292a588b website/docs: add docs for automated installs 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-11 21:57:58 +02:00
Jens Langhammer e90da9283e core: add support to bootstrap token on initial install using AK_ADMIN_TOKEN in environment 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-11 21:45:49 +02:00
Jens Langhammer e0e0f4fa6c core: fix users's group list not allowing blank values 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-11 20:16:45 +02:00
Jens Langhammer ec95a2bddc core: allow changing of groups a user is in from user api 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-10 19:31:30 +02:00
Jens Langhammer de9d483b9f admin: add API to show embedded outpost status, add notice when its not configured properly 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-10 19:16:11 +02:00
Jens Langhammer 557724768a core: add API to directly send recovery link to user 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-10 13:54:59 +02:00
Jens Langhammer d18e829d80 providers/ldap: fix error in outpost when certificate is configured 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-09 20:47:26 +02:00
Jens Langhammer 7a836e0d7e api: fix backup capability not being detected correctly 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-09 00:32:29 +02:00
Jens Langhammer f496b8b5d7 providers/oauth2: add more test cases for token view 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-09 00:20:32 +02:00
Jens Langhammer 837fa23af0 outpost: only set embedded outpost config on creation 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-08 22:23:33 +02:00
Jens Langhammer 665c1aa81b providers/proxy: don't create ingress when no hosts are defined 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-08 21:46:05 +02:00
Jens Langhammer ebc6afe015 outpost: fix detection of embedded outpost 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-08 21:39:08 +02:00
Jens Langhammer 45bee4b4dc outposts: fix test for config validation 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-08 17:14:05 +02:00
Jens Langhammer c025d64ba3 outpost: revert managed config, make authentik_host field optional 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-08 16:58:01 +02:00
Jens Langhammer 2a53bc4330 outpost: add fallback for authentik_host when its not set in config 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-08 16:32:26 +02:00
Jens Langhammer 8180d6f9e8 outposts: don't override authentik_host for embedded outpost authentik_host 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-08 16:29:33 +02:00
Jens Langhammer ccfc1dbcc2 *: make all PropertyMappings filterable by multiple managed attributes 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-08 16:06:44 +02:00
Jens Langhammer 3367b83368 providers/saml: use idp-initiated sso flow as launch url 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-08 15:01:52 +02:00
Jens Langhammer f0a8c30ce9 outposts: create different service when using embedded outpost 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-08 14:01:39 +02:00
Jens Langhammer b36a3100e6 outposts: allow empty provider list for embedded provider 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-07 22:32:44 +02:00
Jens Langhammer e02207f38d outpost/embedded: use redis session backend 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-07 22:12:22 +02:00
Jens Langhammer 9a8240bdd1 proviers/saml: fix validation error not being raised 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-07 21:39:30 +02:00
Jens Langhammer f6ab241219 providers/oauth2: fix accessing undefined variable 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-07 21:35:17 +02:00