Commit Graph

838 Commits

Author SHA1 Message Date
Jens Langhammer 17364c3bd8
website/docs: add 2023.2.2 release notes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-15 20:34:25 +01:00
Jens Langhammer 19f5e6e07e
website/docs: update events page
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-15 16:44:13 +01:00
Jens Langhammer 7d6b573f8b
website: migrate to mermaid charts, rework proxy page
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-15 12:14:17 +01:00
Jens Langhammer c340830b37
website/docs: prepare 2023.2.1
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-14 18:19:02 +01:00
Jens Langhammer cf36da2e5d
website/docs: prepare 2023.2 release notes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-12 17:44:53 +01:00
sdimovv b69e55eae9
core: Add support for auto generating unique avatars based on the user's initials (#4663) 2023-02-12 16:35:17 +01:00
Jens L af43330fd6
providers/oauth2: rework OAuth2 Provider (#4652)
* always treat flow as openid flow

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* improve issuer URL generation

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more refactoring

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update introspection

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more refinement

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* migrate more

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix more things, update api

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* regen migrations

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix a bunch of things

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* start updating tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix implicit flow, auto set exp

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix timeozone not used correctly

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix revoke

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more timezone shenanigans

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix userinfo tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update web

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix proxy outpost

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix api tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix missing at_hash for implicit flows

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* re-include at_hash in implicit auth flow

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use folder context for outpost build

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-09 20:19:48 +01:00
Jens Langhammer a7cf454760
web/admin: add notice for user_login stage session cookie behaviour
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-08 14:18:52 +01:00
Jens Langhammer 7a85038c11
website/docs: prepare 2023.2 release notes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-07 22:52:29 +01:00
Jens Langhammer 3170b2f92c
providers/proxy: add token support for basic auth
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-07 22:50:49 +01:00
Melvin Snijders 547c01f481
website/docs: update Caddy docs to include HTTPS proxying (#4316)
Update Caddy documentation to include HTTPS proxying

Signed-off-by: Melvin Snijders <mail@melvinsnijders.nl>
2023-02-03 14:43:13 +01:00
Jens L 7d4ce41e12
providers/proxy: outpost wide logout implementation (#4605)
* initial outpost wide logout implementation

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* handle deserialize error

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix file cleanup, add tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-02 21:18:59 +01:00
Jens Langhammer cadb710c38
website/docs: add troubleshooting for CSRF
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-02 11:09:03 +01:00
Skyler Mäntysaari c2b4d14af5
website/docs: Add note for firefox about FIDO and TouchID (#4552)
* docs(passwordless): Make sure to include a warning

Signed-off-by: Skyler Mäntysaari <samip5@users.noreply.github.com>

* add notice for firefox touchID

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Skyler Mäntysaari <samip5@users.noreply.github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-01-28 22:45:51 +01:00
Jens Langhammer b99afd82b2
stages/user_write: fix migration setting wrong value, fix form
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-23 14:38:26 +01:00
Jens Langhammer 446dc0a17b
website/docs: prepare 2023.1.1
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-20 14:25:20 +01:00
Jens Langhammer 3a59b75f4a
website/docs: update ldap provider docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-20 11:46:57 +01:00
Jens L 98485c528e
ci: build beta for amd64 and arm64 (#4468)
* ci: build for arm64, but independently

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add notice to beta

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-19 21:41:56 +01:00
Jens Langhammer 59be3c7746
website/docs: add docs for validating phone numbers before SMS enrollment
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-19 17:57:52 +01:00
Jens Langhammer 97acc77e0a
website/docs: update 2023.1 release notes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-18 15:25:58 +01:00
Jens Langhammer eb1e0427c1
website/docs: add missing user uid field
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-18 15:22:06 +01:00
Jens L 23c69c456a
providers/proxy: add setting to intercept authorization header (#4457)
* add setting to intercept authorization header

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* rename to intercept_header_auth

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-17 18:56:48 +01:00
Jens L c73fce4f58
sources/ldap: manual import (#4456)
* events: fix task UID

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add ldap sync command

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-17 12:21:33 +01:00
Jens Langhammer 19ee98b36d
outposts/proxy: allow setting no-redirect via header or query param
closes #4455

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-17 10:56:43 +01:00
Jens Langhammer 07767c9376
website/docs: add disclaimer to beta page that downgrade isn't supported
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-16 10:44:42 +01:00
Jens Langhammer d31e566873
outposts/proxy: add header to prevent redirects
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-14 22:18:25 +01:00
Jens Langhammer b6b97f4706
website/docs: update 2023.1 release notes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-13 16:32:34 +01:00
Jens L cd12e177ea
providers/proxy: add initial header token auth (#4421)
* initial implementation

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* check for openid/profile claims

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* include jwks sources in proxy provider

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add web ui for jwks

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* only show sources with JWKS data configured

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix introspection tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* start basic

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add basic auth

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add docs, update admonitions

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add client_id to api, add tab for auth

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update locale

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-13 16:22:03 +01:00
Jens Langhammer d3e2f41561
website/docs: fix typo
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-09 13:13:41 +01:00
Jens Langhammer bec538c543
sources/ldap: make task timeout adjustable
closes #4375

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-06 12:37:59 +01:00
Jens L 2604dc14fe
providers/ldap: add code-MFA support for ldap provider (#4354)
* add code support for ldap provider

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* only try to extract code when auth validator stage is encountered

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use parseint instead

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-05 18:32:06 +01:00
Jens L a960ce9454
stages/user_write: add more user creation options (#4367)
* add more user creation options

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update blueprints and docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-05 15:46:20 +01:00
Jens L e6b5810e03
polices/hibp: remove deprecated (#4363)
* remove hibp

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* don't save event matcher apps in migrations

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup migrations

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update docs, update some phrasing

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-05 13:19:26 +01:00
Jens Langhammer ed3f36e72a
website/docs: update redirect docs
closes #4248

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-05 12:38:38 +01:00
Jens Langhammer 1efc7eecbf
website/docs: add metrics for monitoring and metrics
closes #4308

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-04 20:49:35 +01:00
Jens L dc1359a763
providers/saml: initial SLO implementation (#2346)
* providers/saml: initial SLO implementation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/saml: add logout request tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/saml: add tests for POST SLO

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* matrix e2e tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix import

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* set e2e matrix name

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix imports

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* separate oidc and oauth tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add basic saml slo e2e tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add better metadata download url

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* kinda prepare release notes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* sort releases into folders

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add slo urls to website

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix linking

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add api tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-04 19:45:31 +01:00
Jens Langhammer c4bb51469b
website/docs: prepare 2022.12.2
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-04 10:15:15 +01:00
Jens Langhammer 82184b2882
web/flows: fix alternate captchas not loading
closes #4321

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-01 18:49:41 +01:00
Jens Langhammer c8bd0fbb1c
website/docs: prepare 2022.12.1 release
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-29 23:59:05 +01:00
Jens Langhammer c99798b1f2
website/docs: update release notes, remove duplicate files
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-29 23:28:15 +01:00
Jens Langhammer 0e6400bfea
web/admin: improve user/group UX for adding/removing users to and from groups
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-28 12:55:38 +01:00
Jens Langhammer b16d1134ea
core: add endpoints to add/remove users from group atomically
closes #4252

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-28 10:50:30 +01:00
Jens Langhammer 1615723f10
website/docs: update release notes for 2022.12
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-27 14:10:38 +01:00
sev f9b46145de
website/docs: Clarify request.user and add link to Django docs (#4287)
* Clarify request.user and add link to doc

Signed-off-by: sev <git@sev.monster>

* rephrase a bit

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: sev <git@sev.monster>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-27 14:10:30 +01:00
Jens Langhammer 7046944bf6
website: link CVE and attribute reporter
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-25 14:17:17 +01:00
Jens Langhammer 716584bbae
website: update release notes for CVEs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 14:21:02 +01:00
Jens L 9f846d94be
security: fix CVE 2022 23555 (#4274)
* add flow to invitation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* show warning on invitation page

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add security advisory

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 14:13:49 +01:00
Jens L 84fbeb5721
security: fix CVE 2022 46172 (#4275)
* fallback to current user in user_write, add flag to disable user creation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update api and web ui

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update default flows

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add cve post to website

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 14:12:58 +01:00
Jens Langhammer 42c278b4f8
root: migrate to hosted sentry with rate-limited DSN
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 11:18:26 +01:00
Jens L c635487210
blueprints: better OCI support in UI (#4263)
use oci:// prefix to detect oci blueprint, add UI support

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-22 18:49:25 +01:00
Jens Langhammer 28eb7c03fa
website/developer-docs: add templates for announcing fixed security release
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-22 16:13:21 +01:00
Jens Langhammer 423776c7a2 website/docs: prepare 2022.12 release
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-21 21:58:57 +01:00
Jens L 609f95ac97
providers: add preview for mappings (#4254)
* preview

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: show provider page on application page

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use oauth2 end session url instead of direct interface

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* dont show provider page on application page for now

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add UI for preview

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* translate and release notes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix lint

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* separate saml api files

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add api tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-21 12:13:11 +01:00
Jens L f4990bb5da
core: bundle geoip (#4250)
* bundle geoip

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* correctly pass secrets

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add geoip docs and release notes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-20 22:09:30 +01:00
Jens Langhammer 9d5b9204fc web/admin: rework markdown, correctly render Admonitions, fix links
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-19 12:48:02 +01:00
Jens Langhammer 3418943949 root: allow custom settings via python module
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-15 10:59:14 +01:00
Jens Langhammer 1dfc0b2e93 website/docs: update flow context variables
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-13 14:37:37 +00:00
Jens Langhammer 0995658ca6 website/docs: add note for possibly blocked SMTP ports
closes #4192

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-13 11:13:52 +00:00
Jens Langhammer 49bd028363 website/docs: update release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-03 13:10:16 +02:00
Jens L db95dfe38d
security: fix CVE 2022 46145 (#4140)
* add flow authentication requirement

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add website for cve

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: handle FlowNonApplicableException without policy result

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add release notes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-02 16:14:25 +01:00
Alex Wigen 4e04461820
website/docs: Change Kubernetes ingress apiVersion out of beta (#4099)
* Change Kubernetes ingress apiVersion out of beta

* fix lint

Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-28 16:42:59 +01:00
Jens Langhammer 147ebf1a5e root: rework and expand security policy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-28 12:10:53 +01:00
John Arrandale 501d63b3aa
website/docs: add notice for unique Base DN (#4073)
* providers/ldap: updates documentation related to issue #4038

Signed-off-by: John Arrandale <bootsie227@gmail.com>

* providers/ldap: adheres to the CI prettier-check

Signed-off-by: John Arrandale <bootsie227@gmail.com>
2022-11-24 20:52:13 +01:00
Jens Langhammer ab0f8d027d website/docs: add 2022.11.1 release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-22 21:17:05 +01:00
Jens Langhammer 1efc0c1242 website/docs: update changelog
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-21 19:37:28 +01:00
Jens L 276af8457d
root: make sentry DSN configurable (#4016)
* make sentry DSN configurable

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* make proxy smarter

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix typo in config struct

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-15 16:05:29 +01:00
Jens L 55aa1897af
root: use single redis db (#4009)
* use single redis db

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup prefixes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* ensure __str__ always returns string

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix remaining old prefixes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add release notes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-15 14:31:29 +01:00
Jens L 88594075b2
policies/password: merge hibp add zxcvbn (#4001)
* initial zxcvbn

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add api and port tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* more tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add ui

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add api diff

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-14 14:42:43 +01:00
Jens L ffe6f65af5
outposts/kubernetes: ingress class (#4002)
* add support for ingressClassName

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add option to disable ssl verification for k8s controller

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update website

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-14 14:24:11 +01:00
sdimovv d2bbcc0e1e
website/docs: Fix small error in Invitation stage docs (#3997)
The `.get` is there to ensure the policy won't throw an error if the key is not there (which can happen if the policy is executed before an Invitation stage).

Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>

Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
2022-11-14 09:54:25 +01:00
dependabot[bot] 4095c422df
core: bump python from 3.10.7-slim-bullseye to 3.11.0-slim-bullseye (#3864)
* core: bump python from 3.10.7-slim-bullseye to 3.11.0-slim-bullseye

Bumps python from 3.10.7-slim-bullseye to 3.11.0-slim-bullseye.

---
updated-dependencies:
- dependency-name: python
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* bump project

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* bump deps

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* bump ci to 3.11

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix formatting

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-13 14:20:55 +01:00
Jens Langhammer ac2e85c003 website/docs: fix 404s on ldap provider docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-06 00:01:38 +01:00
Jens Langhammer c157030905 website/docs: remove old banner, fix nginx formatting
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-01 17:12:16 +01:00
Jens Langhammer 77a67dcbc1 website/docs: prepare 2022.10.1
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-28 23:08:55 +02:00
Jens Langhammer 8d7ce49101 website/docs: add docs for using email templates with helm chart
closes #3891

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-28 23:06:10 +02:00
Jens Langhammer 7004cb1c91 website/docs: add notice for TOTP issuer
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-22 17:11:20 +02:00
Jens Langhammer fa08e2c7bf website/docs: update 2022.10 release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-21 18:24:25 +02:00
Jens L cfad472e1b
flows: optimise queries (#3818)
* flows: optimise flow queries

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* index source on slug and name

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* binding index

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add policy parent index

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix migrations

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup old migrations

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add release note to upgrade

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-19 22:53:07 +02:00
Jens Langhammer 6882445937 *: handle PermissionError when saving files, ensure permission bits are set correctly
closes #3817

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-19 20:24:28 +02:00
Jens Langhammer c22dae868c website/docs: update 2022.10 release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-19 10:44:28 +02:00
Rob 895658e7a3
website/integrations: add Organizr integration (#3802)
* Add new integration application category for Dashboard and initialize organizr service template

* added images and additional info for organizr integration

* alphabetized application integration categories

* alphabetized integration federation and social login categories

* forgot to make website-lint-fix :/

* revert mention of organizr in generic setup

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-19 10:28:48 +02:00
Jens Langhammer bb43c49b1e website/docs: fix passwordless docs, cross-link both
closes #3803

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-18 21:38:01 +02:00
Rob 10cfccd999
website/docs: add General Setup instructions for LDAP Provider (#3680)
* Added General Setup instructions for LDAP Provider

* Added General Setup instructions for LDAP Provider and updated relative links

* updated LDAP Outpost note verbiage

* Corrected the case for LDAP and renamed to Generic Setup

* removed ldapsearch example from index page

* updated verbiage around multifactor authentication

* removed note about local LDAP provider

* updated sidebar to reflect generic_setup

* updated logging info

* corrected typo

* updated stage creation instructions and screenshot

* corrected another typo

* corrected another typo

* reword some things

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-16 14:57:57 +00:00
Jens Langhammer 77f6926a41 website/docs: prepare 2022.10 release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-14 17:23:23 +02:00
Jens L 79e8b72569
flows: always show flow inspector in debug mode, don't require admin in debug (#3786)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-14 15:44:59 +02:00
Philipp Kolberg 2980c5884f
root: Add setting to adjust database config for pgbouncer (#3769)
* Add setting to adjust database config for pgbouncer

* docker-compose.yml cleanup

Delete pgbouncer setting as false is the default value

* Cleanup docker-compose.yml

Also remove use_pgbouncer option in server section
2022-10-14 11:53:24 +02:00
Jens L 217e145d23
stages/authenticator_sms: make sms stage payload customisable (#3780)
* make sms stage payload customisable

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update phrasing for webhook mapping

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-14 11:53:01 +02:00
Jens L 8ed2f7fe9e
providers/oauth2: add device flow (#3334)
* start device flow

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: fix inconsistent app filtering

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tenant device code flow

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add throttling to device code view

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* somewhat unrelated changes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add initial device code entry flow

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add finish stage

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* it works

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add support for verification_uri_complete

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add some tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add more tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-11 12:42:10 +02:00
Jens L cca0f60bda
root: decrease default token size to 60 chars for compatibility (#3710)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2614
2022-09-30 23:12:51 +02:00
Jens Langhammer 32c80467b6 website/docs: update log level warning phrasing 2022-09-29 09:52:48 +00:00
Jens Langhammer 74c5a5b4c1 website/docs: add warning to trace log level 2022-09-29 09:27:35 +00:00
Philipp Rintz 6135990762
website/docs: Fix letsencrypt folder (#3643)
When the docs were changed to the docker-compose.override.yaml version, the change wasnt 100% completed, by still including the "..authentik" folder part in the volumes.

Addtionally, it doesnt work to only mount the /live letsencrypt folder in the worker, as it will be a symlink that the worker wont have access to (as its outside the container context).
So this reverts the change to the previous version where the complete /etc/letsencrypt folder gets mounted in /certs

Signed-off-by: Philipp Rintz <13933258+p-rintz@users.noreply.github.com>

Signed-off-by: Philipp Rintz <13933258+p-rintz@users.noreply.github.com>
2022-09-26 16:32:14 +02:00
Riccardo Di Maio bba21d2b85
website/docs: Fix typo (#3641)
Signed-off-by: Riccardo Di Maio <35903974+rdimaio@users.noreply.github.com>

Signed-off-by: Riccardo Di Maio <35903974+rdimaio@users.noreply.github.com>
2022-09-25 11:44:41 +02:00
Jens Langhammer f8502edd2b website: update 2022.9 release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-22 10:46:29 +02:00
Jens L b16a3d5697
internal: use config system for workers/threads, document the settings (#3626)
use config system for workers/threads, document the settings

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-21 09:59:03 +02:00
Jens Langhammer daa0417c38 website: fix broken link
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-18 17:57:19 +02:00
Jens Langhammer 067166d420 website: update 2022.9 release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-17 14:28:04 +02:00
Jens L be64296494
stages/authenticator_duo: improved import (#3601)
* prepare for duo admin integration

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* make duo import params required

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add UI to import devices

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* rework form, automatic import

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* limit amount of concurrent tasks on worker

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* load tasks

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix API codes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix tests and such

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* sigh

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* make stage better

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* basic stage test

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-17 12:10:47 +02:00
Jens Langhammer 3e0778fe31 website: add API diff to 2022.9 release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-16 10:20:26 +02:00
Jens Langhammer 9f5c019daa core: add helper function to create events from expressions, move ak_user_has_authenticator to base evaluator
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-14 21:52:41 +02:00