website/docs: maintenance, re-add system settings (#9026)

* update screenshots Signed-off-by: Jens Langhammer <jens@goauthentik.io> * unrelated: fix api schema Signed-off-by: Jens Langhammer <jens@goauthentik.io> * required working anchors Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add system settings page Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix broken anchors Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use client-side-redirects plugin Signed-off-by: Jens Langhammer <jens@goauthentik.io> * Optimised images with calibre/image-actions * Revert "use client-side-redirects plugin" This reverts commit 3103433617. Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2024-03-26 14:42:07 +01:00
parent fcb82c243f
commit 0b4822c1e3
19 changed files with 68 additions and 6 deletions
--- a/authentik/admin/api/version.py
+++ b/authentik/admin/api/version.py
@ -39,7 +39,7 @@ class VersionSerializer(PassiveSerializer):
            return __version__
        return version_in_cache
-    def get_version_latest_valid(self, _) -> str:
+    def get_version_latest_valid(self, _) -> bool:
        """Check if latest version is valid"""
        return cache.get(VERSION_CACHE_KEY) != VERSION_NULL
--- a/schema.yml
+++ b/schema.yml
@ -45615,7 +45615,7 @@ components:
          description: Get latest version from cache
          readOnly: true
        version_latest_valid:
-          type: string
+          type: boolean
          description: Check if latest version is valid
          readOnly: true
        build_hash:
--- a/website/docs/core/settings.md
+++ b/website/docs/core/settings.md
@ -0,0 +1,60 @@
 ---
 title: System Settings
 ---
 These settings are similar to the configuration options listed [here](../installation/configuration.mdx), however they can only be adjusted through the authentik Admin interface or API.
 ### Avatars
 Configure how authentik should show avatars for users. Following values can be set:
 Default: `gravatar,initials`
 -   `none`: Disables per-user avatars and just shows a 1x1 pixel transparent picture
 -   `gravatar`: Uses gravatar with the user's email address
 -   `initials`: Generated avatars based on the user's name
 -   Any URL: If you want to use images hosted on another server, you can set any URL.
    Additionally, these placeholders can be used:
    -   `%(username)s`: The user's username
    -   `%(mail_hash)s`: The email address, md5 hashed
    -   `%(upn)s`: The user's UPN, if set (otherwise an empty string)
 You can also use an attribute path like `attributes.something.avatar`, which can be used in combination with the file field to allow users to upload custom avatars for themselves.
 Multiple modes can be set, and authentik will fallback to the next mode when no avatar could be found. For example, setting this to `gravatar,initials` will attempt to get an avatar from Gravatar, and if the user has not configured on there, it will fallback to a generated avatar.
 ### Allow users to change name
 Enable the ability for users to change their name, defaults to `true`.
 ### Allow users to change email
 Enable the ability for users to change their Email address, defaults to `false`.
 ### Allow users to change username
 Enable the ability for users to change their Usernames, defaults to `false`.
 ### Event retention
 Configure how long [Events](../events/index.md) are retained for within authentik. Default value is `days=365`. When forwarding events to an external application, this value can be decreased. When changing this value, only new events are affected.
 ### Footer links
 This option configures the footer links on the flow executor pages.
 The setting can be used as follows:
 ```json
 [{ "name": "Link Name", "href": "https://goauthentik.io" }]
 ```
 ### GDPR compliance
 When enabled, all the events caused by a user will be deleted upon the user's deletion. Defaults to `true`.
 ### Impersonation
 Globally enable/disable impersonation. Defaults to `true`.
--- a/website/docs/releases/2023/v2023.2.md
+++ b/website/docs/releases/2023/v2023.2.md
@ -21,7 +21,7 @@ slug: "/releases/2023.2"
 -   Generated avatars, multiple avatar modes
-    authentik now supports multiple avatar modes, and will use the next configured mode when a mode doesn't have an avatar. For example, the new default configuration attempts to use gravatar, but if the user's email does not have a gravatar setup, it will instead use the new generated avatars. See [Configuration](../../installation/configuration.mdx#authentik_avatars)
+    authentik now supports multiple avatar modes, and will use the next configured mode when a mode doesn't have an avatar. For example, the new default configuration attempts to use gravatar, but if the user's email does not have a gravatar setup, it will instead use the new generated avatars. See [Configuration](../../core/settings.md#avatars)
 ## Upgrading
--- a/website/docusaurus.config.ts
+++ b/website/docusaurus.config.ts
@ -11,6 +11,7 @@ module.exports = async function (): Promise<Config> {
        url: "https://docs.goauthentik.io",
        baseUrl: "/",
        onBrokenLinks: "throw",
        onBrokenAnchors: "throw",
        favicon: "img/icon.png",
        organizationName: "Authentik Security Inc.",
        projectName: "authentik",
--- a/website/integrations/services/nextcloud/index.md
+++ b/website/integrations/services/nextcloud/index.md
@ -98,7 +98,7 @@ Create a provider for Nextcloud. In the Admin Interface, go to _Applications_ ->
        -   `Nextcloud Profile` (or `authentik default Oauth Mapping profile` if you skipped the [custom profile scope](#custom-profile-scope) section)
    -   Subject mode: Based on the User's UUID
        :::danger
-        Nextcloud will use the UUID as username. However, mapping the subject mode to authentik usernames is **not recommended** due to their mutable nature. This can lead to security issues such as user impersonation. If you still wish to map the subject mode to an username, [disable username changing](../../../docs/installation/configuration#authentik_default_user_change_username) in authentik and set this to `Based on the User's username`.
+        Nextcloud will use the UUID as username. However, mapping the subject mode to authentik usernames is **not recommended** due to their mutable nature. This can lead to security issues such as user impersonation. If you still wish to map the subject mode to an username, [disable username changing](../../../docs/core/settings#allow-users-to-change-username) in authentik and set this to `Based on the User's username`.
        :::
    -   Include claims in ID token: ✔️
@ -233,7 +233,7 @@ Set the following values:
 -   Attribute to map the UID to: `http://schemas.goauthentik.io/2021/02/saml/uid`
    :::danger
-    Nextcloud uses the UID attribute as username. However, mapping it to authentik usernames is **not recommended** due to their mutable nature. This can lead to security issues such as user impersonation. If you still wish to map the UID to an username, [disable username changing](../../../docs/installation/configuration#authentik_default_user_change_username) in authentik and set the UID attribute to "http://schemas.goauthentik.io/2021/02/saml/username".
+    Nextcloud uses the UID attribute as username. However, mapping it to authentik usernames is **not recommended** due to their mutable nature. This can lead to security issues such as user impersonation. If you still wish to map the UID to an username, [disable username changing](../../../docs/core/settings#allow-users-to-change-username) in authentik and set the UID attribute to "http://schemas.goauthentik.io/2021/02/saml/username".
    :::
 -   Optional display name of the identity provider (default: "SSO & SAML log in"): `authentik`
 -   Identifier of the IdP entity (must be a URI): `https://authentik.company`
--- a/website/integrations/sources/google/index.md
+++ b/website/integrations/sources/google/index.md
@ -99,4 +99,4 @@ return False
 Afterwards, edit the source's enrollment flow (by default _default-source-enrollment_), expand the policies bound to the first stage (_default-source-enrollment-prompt_), and bind the policy created above. Make sure the newly created policy comes before _default-source-enrollment-if-username_. Afterwards, any new logins will automatically have their google email address used as their username.
-This can be combined with disallowing users from changing their usernames, see [Configuration](../../../docs/installation/configuration#authentik_default_user_change_username).
+This can be combined with disallowing users from changing their usernames, see [Configuration](../../../docs/core/settings#allow-users-to-change-username).
--- a/website/sidebars.js
+++ b/website/sidebars.js
@ -40,6 +40,7 @@ const docsSidebar = {
                "core/certificates",
                "core/geoip",
                "core/architecture",
                "core/settings",
            ],
        },
        {
--- a/website/static/img/landing_login_card.png
+++ b/website/static/img/landing_login_card.png
--- a/website/static/img/landing_screen_admin_dark.jpg
+++ b/website/static/img/landing_screen_admin_dark.jpg
--- a/website/static/img/landing_screen_admin_light.jpg
+++ b/website/static/img/landing_screen_admin_light.jpg
--- a/website/static/img/landing_screen_apps_dark.jpg
+++ b/website/static/img/landing_screen_apps_dark.jpg
--- a/website/static/img/landing_screen_apps_light.jpg
+++ b/website/static/img/landing_screen_apps_light.jpg
--- a/website/static/img/screen_admin_dark.jpg
+++ b/website/static/img/screen_admin_dark.jpg
--- a/website/static/img/screen_admin_light.jpg
+++ b/website/static/img/screen_admin_light.jpg
--- a/website/static/img/screen_apps_dark.jpg
+++ b/website/static/img/screen_apps_dark.jpg
--- a/website/static/img/screen_apps_light.jpg
+++ b/website/static/img/screen_apps_light.jpg
--- a/website/static/img/screen_flow_dark.jpg
+++ b/website/static/img/screen_flow_dark.jpg
--- a/website/static/img/screen_flow_light.jpg
+++ b/website/static/img/screen_flow_light.jpg
`@ -99,4 +99,4 @@ return False`

	`Afterwards, edit the source's enrollment flow (by default _default-source-enrollment_), expand the policies bound to the first stage (_default-source-enrollment-prompt_), and bind the policy created above. Make sure the newly created policy comes before _default-source-enrollment-if-username_. Afterwards, any new logins will automatically have their google email address used as their username.`	`Afterwards, edit the source's enrollment flow (by default _default-source-enrollment_), expand the policies bound to the first stage (_default-source-enrollment-prompt_), and bind the policy created above. Make sure the newly created policy comes before _default-source-enrollment-if-username_. Afterwards, any new logins will automatically have their google email address used as their username.`

	`This can be combined with disallowing users from changing their usernames, see [Configuration](../../../docs/installation/configuration#authentik_default_user_change_username).`	`This can be combined with disallowing users from changing their usernames, see [Configuration](../../../docs/core/settings#allow-users-to-change-username).`