website/docs: maintenance, re-add system settings (#9026)

* update screenshots Signed-off-by: Jens Langhammer <jens@goauthentik.io> * unrelated: fix api schema Signed-off-by: Jens Langhammer <jens@goauthentik.io> * required working anchors Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add system settings page Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix broken anchors Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use client-side-redirects plugin Signed-off-by: Jens Langhammer <jens@goauthentik.io> * Optimised images with calibre/image-actions * Revert "use client-side-redirects plugin" This reverts commit 3103433617. Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2024-03-26 14:42:07 +01:00
parent fcb82c243f
commit 0b4822c1e3
19 changed files with 68 additions and 6 deletions
--- a/authentik/admin/api/version.py
+++ b/authentik/admin/api/version.py
@ -39,7 +39,7 @@ class VersionSerializer(PassiveSerializer):
            return __version__
        return version_in_cache

-    def get_version_latest_valid(self, _) -> str:
+    def get_version_latest_valid(self, _) -> bool:
        """Check if latest version is valid"""
        return cache.get(VERSION_CACHE_KEY) != VERSION_NULL

--- a/schema.yml
+++ b/schema.yml
@ -45615,7 +45615,7 @@ components:
          description: Get latest version from cache
          readOnly: true
        version_latest_valid:
-          type: string
+          type: boolean
          description: Check if latest version is valid
          readOnly: true
        build_hash:
--- a/website/docs/core/settings.md
+++ b/website/docs/core/settings.md
@ -0,0 +1,60 @@
+---
+title: System Settings
+---
+
+These settings are similar to the configuration options listed [here](../installation/configuration.mdx), however they can only be adjusted through the authentik Admin interface or API.
+
+### Avatars
+
+Configure how authentik should show avatars for users. Following values can be set:
+
+Default: `gravatar,initials`
+
+-   `none`: Disables per-user avatars and just shows a 1x1 pixel transparent picture
+-   `gravatar`: Uses gravatar with the user's email address
+-   `initials`: Generated avatars based on the user's name
+-   Any URL: If you want to use images hosted on another server, you can set any URL.
+
+    Additionally, these placeholders can be used:
+
+    -   `%(username)s`: The user's username
+    -   `%(mail_hash)s`: The email address, md5 hashed
+    -   `%(upn)s`: The user's UPN, if set (otherwise an empty string)
+
+You can also use an attribute path like `attributes.something.avatar`, which can be used in combination with the file field to allow users to upload custom avatars for themselves.
+
+Multiple modes can be set, and authentik will fallback to the next mode when no avatar could be found. For example, setting this to `gravatar,initials` will attempt to get an avatar from Gravatar, and if the user has not configured on there, it will fallback to a generated avatar.
+
+### Allow users to change name
+
+Enable the ability for users to change their name, defaults to `true`.
+
+### Allow users to change email
+
+Enable the ability for users to change their Email address, defaults to `false`.
+
+### Allow users to change username
+
+Enable the ability for users to change their Usernames, defaults to `false`.
+
+### Event retention
+
+Configure how long [Events](../events/index.md) are retained for within authentik. Default value is `days=365`. When forwarding events to an external application, this value can be decreased. When changing this value, only new events are affected.
+
+### Footer links
+
+This option configures the footer links on the flow executor pages.
+
+The setting can be used as follows:
+
+```json
+[{ "name": "Link Name", "href": "https://goauthentik.io" }]
+```
+
+### GDPR compliance
+
+When enabled, all the events caused by a user will be deleted upon the user's deletion. Defaults to `true`.
+
+### Impersonation
+
+Globally enable/disable impersonation. Defaults to `true`.
--- a/website/docs/releases/2023/v2023.2.md
+++ b/website/docs/releases/2023/v2023.2.md
@ -21,7 +21,7 @@ slug: "/releases/2023.2"

 -   Generated avatars, multiple avatar modes

-    authentik now supports multiple avatar modes, and will use the next configured mode when a mode doesn't have an avatar. For example, the new default configuration attempts to use gravatar, but if the user's email does not have a gravatar setup, it will instead use the new generated avatars. See [Configuration](../../installation/configuration.mdx#authentik_avatars)
+    authentik now supports multiple avatar modes, and will use the next configured mode when a mode doesn't have an avatar. For example, the new default configuration attempts to use gravatar, but if the user's email does not have a gravatar setup, it will instead use the new generated avatars. See [Configuration](../../core/settings.md#avatars)

 ## Upgrading

--- a/website/docusaurus.config.ts
+++ b/website/docusaurus.config.ts
@ -11,6 +11,7 @@ module.exports = async function (): Promise<Config> {
        url: "https://docs.goauthentik.io",
        baseUrl: "/",
        onBrokenLinks: "throw",
+        onBrokenAnchors: "throw",
        favicon: "img/icon.png",
        organizationName: "Authentik Security Inc.",
        projectName: "authentik",
--- a/website/integrations/services/nextcloud/index.md
+++ b/website/integrations/services/nextcloud/index.md
@ -98,7 +98,7 @@ Create a provider for Nextcloud. In the Admin Interface, go to _Applications_ ->
        -   `Nextcloud Profile` (or `authentik default Oauth Mapping profile` if you skipped the [custom profile scope](#custom-profile-scope) section)
    -   Subject mode: Based on the User's UUID
        :::danger
-        Nextcloud will use the UUID as username. However, mapping the subject mode to authentik usernames is **not recommended** due to their mutable nature. This can lead to security issues such as user impersonation. If you still wish to map the subject mode to an username, [disable username changing](../../../docs/installation/configuration#authentik_default_user_change_username) in authentik and set this to `Based on the User's username`.
+        Nextcloud will use the UUID as username. However, mapping the subject mode to authentik usernames is **not recommended** due to their mutable nature. This can lead to security issues such as user impersonation. If you still wish to map the subject mode to an username, [disable username changing](../../../docs/core/settings#allow-users-to-change-username) in authentik and set this to `Based on the User's username`.
        :::
    -   Include claims in ID token: ✔️

@ -233,7 +233,7 @@ Set the following values:

 -   Attribute to map the UID to: `http://schemas.goauthentik.io/2021/02/saml/uid`
    :::danger
-    Nextcloud uses the UID attribute as username. However, mapping it to authentik usernames is **not recommended** due to their mutable nature. This can lead to security issues such as user impersonation. If you still wish to map the UID to an username, [disable username changing](../../../docs/installation/configuration#authentik_default_user_change_username) in authentik and set the UID attribute to "http://schemas.goauthentik.io/2021/02/saml/username".
+    Nextcloud uses the UID attribute as username. However, mapping it to authentik usernames is **not recommended** due to their mutable nature. This can lead to security issues such as user impersonation. If you still wish to map the UID to an username, [disable username changing](../../../docs/core/settings#allow-users-to-change-username) in authentik and set the UID attribute to "http://schemas.goauthentik.io/2021/02/saml/username".
    :::
 -   Optional display name of the identity provider (default: "SSO & SAML log in"): `authentik`
 -   Identifier of the IdP entity (must be a URI): `https://authentik.company`
--- a/website/integrations/sources/google/index.md
+++ b/website/integrations/sources/google/index.md
@ -99,4 +99,4 @@ return False

 Afterwards, edit the source's enrollment flow (by default _default-source-enrollment_), expand the policies bound to the first stage (_default-source-enrollment-prompt_), and bind the policy created above. Make sure the newly created policy comes before _default-source-enrollment-if-username_. Afterwards, any new logins will automatically have their google email address used as their username.

-This can be combined with disallowing users from changing their usernames, see [Configuration](../../../docs/installation/configuration#authentik_default_user_change_username).
+This can be combined with disallowing users from changing their usernames, see [Configuration](../../../docs/core/settings#allow-users-to-change-username).
--- a/website/sidebars.js
+++ b/website/sidebars.js
@ -40,6 +40,7 @@ const docsSidebar = {
                "core/certificates",
                "core/geoip",
                "core/architecture",
+                "core/settings",
            ],
        },
        {
--- a/website/static/img/landing_login_card.png
+++ b/website/static/img/landing_login_card.png
--- a/website/static/img/landing_screen_admin_dark.jpg
+++ b/website/static/img/landing_screen_admin_dark.jpg
--- a/website/static/img/landing_screen_admin_light.jpg
+++ b/website/static/img/landing_screen_admin_light.jpg
--- a/website/static/img/landing_screen_apps_dark.jpg
+++ b/website/static/img/landing_screen_apps_dark.jpg
--- a/website/static/img/landing_screen_apps_light.jpg
+++ b/website/static/img/landing_screen_apps_light.jpg
--- a/website/static/img/screen_admin_dark.jpg
+++ b/website/static/img/screen_admin_dark.jpg
--- a/website/static/img/screen_admin_light.jpg
+++ b/website/static/img/screen_admin_light.jpg
--- a/website/static/img/screen_apps_dark.jpg
+++ b/website/static/img/screen_apps_dark.jpg
--- a/website/static/img/screen_apps_light.jpg
+++ b/website/static/img/screen_apps_light.jpg
--- a/website/static/img/screen_flow_dark.jpg
+++ b/website/static/img/screen_flow_dark.jpg
--- a/website/static/img/screen_flow_light.jpg
+++ b/website/static/img/screen_flow_light.jpg