From 51a33f330c324d38a59df721b778c9d88c56dedd Mon Sep 17 00:00:00 2001 From: Tana M Berry Date: Thu, 21 Mar 2024 12:49:51 -0500 Subject: [PATCH 01/15] website/deverlop-docs website/integrations: add links to integrations template (#8995) * add link to template * add link in devdocs too * fix links and tweaks * extra files --------- Co-authored-by: Tana M Berry --- .../developer-docs/docs/templates/index.md | 10 +++++++-- website/integrations/services/index.mdx | 21 ++++++++++++------- 2 files changed, 21 insertions(+), 10 deletions(-) diff --git a/website/developer-docs/docs/templates/index.md b/website/developer-docs/docs/templates/index.md index f93ae5120a..6653f54f64 100644 --- a/website/developer-docs/docs/templates/index.md +++ b/website/developer-docs/docs/templates/index.md @@ -2,7 +2,7 @@ title: "Templates" --- -In technical documentation, there are document "types" (similar to how there are data types). +In technical documentation, there are document "types" (similar to how there are data types). We have templates for the different types, to make it super-easy for whomever wants to contribute some documentation! The most common types are: @@ -14,4 +14,10 @@ The most common types are: - [**Reference**](./reference.md): this is typically tables or lists of reference information, such as configuration values, or functions, or most commmonly APIs. -We have templates for the different types, to make it super-easy for whomever wants to contribute some documentation! +### Add a new integration + +To add documentation for a new [integration](../../../integrations/) (with support level Community or Vendor), please use the integration template [`service.md`](https://github.com/goauthentik/authentik/blob/main/website/integrations/_template/service.md) file from our GitHub repo. You can download the template file using the following command: + +``` +wget https://raw.githubusercontent.com/goauthentik/authentik/main/website/integrations/_template/service.md +``` diff --git a/website/integrations/services/index.mdx b/website/integrations/services/index.mdx index 3f91095cdc..ac1ee32350 100644 --- a/website/integrations/services/index.mdx +++ b/website/integrations/services/index.mdx @@ -6,20 +6,25 @@ slug: / import DocCardList from "@theme/DocCardList"; import { useCurrentSidebarCategory } from "@docusaurus/theme-common"; -Below is a list of all applications that are known to work with authentik. +Below is a list of all integrations, or applications that are known to work with authentik. All integrations will have one of these badges: -All integrations will have a combination of these badges: +- Support level: Community The integration + is community maintained. -- Support level: Community +- Support level: Vendor The integration + is supported by the vendor. - The integration is community maintained. +- Support level: authentik The integration + is regularly tested by the authentik team. -- Support level: Vendor +### Add a new integration - The integration is supported by the vendor. +To add documentation for a new integration (with support level Community or Vendor), please use the integration template [`service.md`](https://github.com/goauthentik/authentik/blob/main/website/integrations/_template/service.md) file from our GitHub repo. You can download the template file using the following command: -- Support level: authentik +``` +wget https://raw.githubusercontent.com/goauthentik/authentik/main/website/integrations/_template/service.md +``` - The integration is regularly tested by the authentik team. +## Integration categories From bcb7c72907ffb6d5d586454c6377c35d9ac11bab Mon Sep 17 00:00:00 2001 From: Jens L Date: Thu, 21 Mar 2024 19:03:38 +0100 Subject: [PATCH 02/15] website/docs: improve flow inspector docs (#8993) Signed-off-by: Jens Langhammer --- website/docs/flow/inspector.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/website/docs/flow/inspector.md b/website/docs/flow/inspector.md index 976c2d81fc..05fca28620 100644 --- a/website/docs/flow/inspector.md +++ b/website/docs/flow/inspector.md @@ -5,9 +5,14 @@ title: Inspector The flow inspector, introduced in 2021.10, allows administrators to easily figure out how custom flows work, inspect the current context and debug issues. :::info -When running a flow with the inspector enabled, the flow is still executed normally. This means that for example, a `user_write` stage will _actually_ write user data. +When running a flow with the inspector enabled, the flow is still executed normally. This means that for example, a [User write](../flow/stages/user_write.md) stage will _actually_ write user data. ::: +### Accessing the inspector + +By default, the inspector can only be enabled when the currently authenticated user is a superuser. +When developing authentik with the debug-mode enabled, the inspector is enabled by default and can be accessed by both unauthenticated users and standard users. However the debug-mode should only be used for the development of authentik. + ![](./inspector.png) The following infos are shown in the inspector @@ -31,7 +36,3 @@ This data is not cleaned, so if your flow involves inputting a password, it will ## Session ID The unique ID for the currently used session. This can be used to debug issues with flows restarting/losing state. - -# Access to the inspector - -By default, the inspector can only be enabled when the currently authenticated user is a superuser. When running authentik with debug-mode enabled, the inspector is enabled by default and can be accessed by both unauthenticated users and standard users. From 32f95818dba91ec594ee3488b342f280f9c033c8 Mon Sep 17 00:00:00 2001 From: Vince Date: Fri, 22 Mar 2024 21:51:18 +0800 Subject: [PATCH 03/15] website/docs: Upgrade nginx reverse porxy config (#8947) Update reverse-proxy.md Signed-off-by: Vince --- website/docs/installation/reverse-proxy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/installation/reverse-proxy.md b/website/docs/installation/reverse-proxy.md index c7931690ba..0a7af1e4b9 100644 --- a/website/docs/installation/reverse-proxy.md +++ b/website/docs/installation/reverse-proxy.md @@ -56,7 +56,7 @@ server { proxy_http_version 1.1; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade_keepalive; } From 193b9e1ae8a0c532c26e0ef1b30611ede088be58 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 22 Mar 2024 15:22:55 +0100 Subject: [PATCH 04/15] core: bump ruff from 0.3.3 to 0.3.4 (#8998) Bumps [ruff](https://github.com/astral-sh/ruff) from 0.3.3 to 0.3.4. - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](https://github.com/astral-sh/ruff/compare/v0.3.3...v0.3.4) --- updated-dependencies: - dependency-name: ruff dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- poetry.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/poetry.lock b/poetry.lock index e063d4cee1..bede1594fd 100644 --- a/poetry.lock +++ b/poetry.lock @@ -3509,28 +3509,28 @@ pyasn1 = ">=0.1.3" [[package]] name = "ruff" -version = "0.3.3" +version = "0.3.4" description = "An extremely fast Python linter and code formatter, written in Rust." optional = false python-versions = ">=3.7" files = [ - {file = "ruff-0.3.3-py3-none-macosx_10_12_x86_64.macosx_11_0_arm64.macosx_10_12_universal2.whl", hash = "sha256:973a0e388b7bc2e9148c7f9be8b8c6ae7471b9be37e1cc732f8f44a6f6d7720d"}, - {file = "ruff-0.3.3-py3-none-macosx_10_12_x86_64.whl", hash = "sha256:cfa60d23269d6e2031129b053fdb4e5a7b0637fc6c9c0586737b962b2f834493"}, - {file = "ruff-0.3.3-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:1eca7ff7a47043cf6ce5c7f45f603b09121a7cc047447744b029d1b719278eb5"}, - {file = "ruff-0.3.3-py3-none-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:e7d3f6762217c1da954de24b4a1a70515630d29f71e268ec5000afe81377642d"}, - {file = "ruff-0.3.3-py3-none-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:b24c19e8598916d9c6f5a5437671f55ee93c212a2c4c569605dc3842b6820386"}, - {file = "ruff-0.3.3-py3-none-manylinux_2_17_ppc64.manylinux2014_ppc64.whl", hash = "sha256:5a6cbf216b69c7090f0fe4669501a27326c34e119068c1494f35aaf4cc683778"}, - {file = "ruff-0.3.3-py3-none-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:352e95ead6964974b234e16ba8a66dad102ec7bf8ac064a23f95371d8b198aab"}, - {file = "ruff-0.3.3-py3-none-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:8d6ab88c81c4040a817aa432484e838aaddf8bfd7ca70e4e615482757acb64f8"}, - {file = "ruff-0.3.3-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:79bca3a03a759cc773fca69e0bdeac8abd1c13c31b798d5bb3c9da4a03144a9f"}, - {file = "ruff-0.3.3-py3-none-musllinux_1_2_aarch64.whl", hash = "sha256:2700a804d5336bcffe063fd789ca2c7b02b552d2e323a336700abb8ae9e6a3f8"}, - {file = "ruff-0.3.3-py3-none-musllinux_1_2_armv7l.whl", hash = "sha256:fd66469f1a18fdb9d32e22b79f486223052ddf057dc56dea0caaf1a47bdfaf4e"}, - {file = "ruff-0.3.3-py3-none-musllinux_1_2_i686.whl", hash = "sha256:45817af234605525cdf6317005923bf532514e1ea3d9270acf61ca2440691376"}, - {file = "ruff-0.3.3-py3-none-musllinux_1_2_x86_64.whl", hash = "sha256:0da458989ce0159555ef224d5b7c24d3d2e4bf4c300b85467b08c3261c6bc6a8"}, - {file = "ruff-0.3.3-py3-none-win32.whl", hash = "sha256:f2831ec6a580a97f1ea82ea1eda0401c3cdf512cf2045fa3c85e8ef109e87de0"}, - {file = "ruff-0.3.3-py3-none-win_amd64.whl", hash = "sha256:be90bcae57c24d9f9d023b12d627e958eb55f595428bafcb7fec0791ad25ddfc"}, - {file = "ruff-0.3.3-py3-none-win_arm64.whl", hash = "sha256:0171aab5fecdc54383993389710a3d1227f2da124d76a2784a7098e818f92d61"}, - {file = "ruff-0.3.3.tar.gz", hash = "sha256:38671be06f57a2f8aba957d9f701ea889aa5736be806f18c0cd03d6ff0cbca8d"}, + {file = "ruff-0.3.4-py3-none-macosx_10_12_x86_64.macosx_11_0_arm64.macosx_10_12_universal2.whl", hash = "sha256:60c870a7d46efcbc8385d27ec07fe534ac32f3b251e4fc44b3cbfd9e09609ef4"}, + {file = "ruff-0.3.4-py3-none-macosx_10_12_x86_64.whl", hash = "sha256:6fc14fa742e1d8f24910e1fff0bd5e26d395b0e0e04cc1b15c7c5e5fe5b4af91"}, + {file = "ruff-0.3.4-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:d3ee7880f653cc03749a3bfea720cf2a192e4f884925b0cf7eecce82f0ce5854"}, + {file = "ruff-0.3.4-py3-none-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:cf133dd744f2470b347f602452a88e70dadfbe0fcfb5fd46e093d55da65f82f7"}, + {file = "ruff-0.3.4-py3-none-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:3f3860057590e810c7ffea75669bdc6927bfd91e29b4baa9258fd48b540a4365"}, + {file = "ruff-0.3.4-py3-none-manylinux_2_17_ppc64.manylinux2014_ppc64.whl", hash = "sha256:986f2377f7cf12efac1f515fc1a5b753c000ed1e0a6de96747cdf2da20a1b369"}, + {file = "ruff-0.3.4-py3-none-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:c4fd98e85869603e65f554fdc5cddf0712e352fe6e61d29d5a6fe087ec82b76c"}, + {file = "ruff-0.3.4-py3-none-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:64abeed785dad51801b423fa51840b1764b35d6c461ea8caef9cf9e5e5ab34d9"}, + {file = "ruff-0.3.4-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:df52972138318bc7546d92348a1ee58449bc3f9eaf0db278906eb511889c4b50"}, + {file = "ruff-0.3.4-py3-none-musllinux_1_2_aarch64.whl", hash = "sha256:98e98300056445ba2cc27d0b325fd044dc17fcc38e4e4d2c7711585bd0a958ed"}, + {file = "ruff-0.3.4-py3-none-musllinux_1_2_armv7l.whl", hash = "sha256:519cf6a0ebed244dce1dc8aecd3dc99add7a2ee15bb68cf19588bb5bf58e0488"}, + {file = "ruff-0.3.4-py3-none-musllinux_1_2_i686.whl", hash = "sha256:bb0acfb921030d00070539c038cd24bb1df73a2981e9f55942514af8b17be94e"}, + {file = "ruff-0.3.4-py3-none-musllinux_1_2_x86_64.whl", hash = "sha256:cf187a7e7098233d0d0c71175375c5162f880126c4c716fa28a8ac418dcf3378"}, + {file = "ruff-0.3.4-py3-none-win32.whl", hash = "sha256:af27ac187c0a331e8ef91d84bf1c3c6a5dea97e912a7560ac0cef25c526a4102"}, + {file = "ruff-0.3.4-py3-none-win_amd64.whl", hash = "sha256:de0d5069b165e5a32b3c6ffbb81c350b1e3d3483347196ffdf86dc0ef9e37dd6"}, + {file = "ruff-0.3.4-py3-none-win_arm64.whl", hash = "sha256:6810563cc08ad0096b57c717bd78aeac888a1bfd38654d9113cb3dc4d3f74232"}, + {file = "ruff-0.3.4.tar.gz", hash = "sha256:f0f4484c6541a99862b693e13a151435a279b271cff20e37101116a21e2a1ad1"}, ] [[package]] From 1d773dfc769dc99b17b58f5de7bcaa06ab315346 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 22 Mar 2024 15:40:53 +0100 Subject: [PATCH 05/15] website: bump webpack-dev-middleware from 5.3.3 to 5.3.4 in /website (#9001) Bumps [webpack-dev-middleware](https://github.com/webpack/webpack-dev-middleware) from 5.3.3 to 5.3.4. - [Release notes](https://github.com/webpack/webpack-dev-middleware/releases) - [Changelog](https://github.com/webpack/webpack-dev-middleware/blob/v5.3.4/CHANGELOG.md) - [Commits](https://github.com/webpack/webpack-dev-middleware/compare/v5.3.3...v5.3.4) --- updated-dependencies: - dependency-name: webpack-dev-middleware dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- website/package-lock.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/website/package-lock.json b/website/package-lock.json index 2f2cecc9b3..a6725a5b26 100644 --- a/website/package-lock.json +++ b/website/package-lock.json @@ -16568,9 +16568,9 @@ } }, "node_modules/webpack-dev-middleware": { - "version": "5.3.3", - "resolved": "https://registry.npmjs.org/webpack-dev-middleware/-/webpack-dev-middleware-5.3.3.tgz", - "integrity": "sha512-hj5CYrY0bZLB+eTO+x/j67Pkrquiy7kWepMHmUMoPsmcUaeEnQJqFzHJOyxgWlq746/wUuA64p9ta34Kyb01pA==", + "version": "5.3.4", + "resolved": "https://registry.npmjs.org/webpack-dev-middleware/-/webpack-dev-middleware-5.3.4.tgz", + "integrity": "sha512-BVdTqhhs+0IfoeAf7EoH5WE+exCmqGerHfDM0IL096Px60Tq2Mn9MAbnaGUe6HiMa41KMCYF19gyzZmBcq/o4Q==", "dependencies": { "colorette": "^2.0.10", "memfs": "^3.4.3", From 6584074b9c534e73071bf672f0fe77e28353136d Mon Sep 17 00:00:00 2001 From: Jens L Date: Sat, 23 Mar 2024 16:55:55 +0100 Subject: [PATCH 06/15] web/admin: small fixes (#9002) * unrelated: fix broken loading spinner Signed-off-by: Jens Langhammer * unrelated: fix slight oauth2 view page layout thing Signed-off-by: Jens Langhammer --------- Signed-off-by: Jens Langhammer --- web/src/admin/providers/oauth2/OAuth2ProviderViewPage.ts | 4 ++-- web/src/elements/EmptyState.ts | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/web/src/admin/providers/oauth2/OAuth2ProviderViewPage.ts b/web/src/admin/providers/oauth2/OAuth2ProviderViewPage.ts index 337f11be85..6c3bcc4cc8 100644 --- a/web/src/admin/providers/oauth2/OAuth2ProviderViewPage.ts +++ b/web/src/admin/providers/oauth2/OAuth2ProviderViewPage.ts @@ -175,7 +175,7 @@ export class OAuth2ProviderViewPage extends AKElement { `}
@@ -255,7 +255,7 @@ export class OAuth2ProviderViewPage extends AKElement {
-
+
diff --git a/web/src/elements/EmptyState.ts b/web/src/elements/EmptyState.ts index cf025aef2c..8842badea2 100644 --- a/web/src/elements/EmptyState.ts +++ b/web/src/elements/EmptyState.ts @@ -1,5 +1,6 @@ import { PFSize } from "@goauthentik/common/enums.js"; import { AKElement } from "@goauthentik/elements/Base"; +import "@goauthentik/elements/Spinner"; import { CSSResult, TemplateResult, css, html } from "lit"; import { customElement, property } from "lit/decorators.js"; From 8a5aa9bf6f5551f258da34bbb54163710e3b6c82 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 25 Mar 2024 11:45:20 +0100 Subject: [PATCH 07/15] web: bump the sentry group in /web with 2 updates (#9017) Bumps the sentry group in /web with 2 updates: [@sentry/browser](https://github.com/getsentry/sentry-javascript) and @spotlightjs/spotlight. Updates `@sentry/browser` from 7.107.0 to 7.108.0 - [Release notes](https://github.com/getsentry/sentry-javascript/releases) - [Changelog](https://github.com/getsentry/sentry-javascript/blob/7.108.0/CHANGELOG.md) - [Commits](https://github.com/getsentry/sentry-javascript/compare/7.107.0...7.108.0) Updates `@spotlightjs/spotlight` from 1.2.14 to 1.2.15 --- updated-dependencies: - dependency-name: "@sentry/browser" dependency-type: direct:production update-type: version-update:semver-minor dependency-group: sentry - dependency-name: "@spotlightjs/spotlight" dependency-type: direct:development update-type: version-update:semver-patch dependency-group: sentry ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- web/package-lock.json | 114 +++++++++++++++++++++--------------------- web/package.json | 4 +- 2 files changed, 59 insertions(+), 59 deletions(-) diff --git a/web/package-lock.json b/web/package-lock.json index 6d8bf502e3..84778c69de 100644 --- a/web/package-lock.json +++ b/web/package-lock.json @@ -25,7 +25,7 @@ "@open-wc/lit-helpers": "^0.7.0", "@patternfly/elements": "^2.4.0", "@patternfly/patternfly": "^4.224.2", - "@sentry/browser": "^7.107.0", + "@sentry/browser": "^7.108.0", "@webcomponents/webcomponentsjs": "^2.8.0", "base64-js": "^1.5.1", "chart.js": "^4.4.2", @@ -59,7 +59,7 @@ "@jeysal/storybook-addon-css-user-preferences": "^0.2.0", "@lit/localize-tools": "^0.7.2", "@rollup/plugin-replace": "^5.0.5", - "@spotlightjs/spotlight": "^1.2.14", + "@spotlightjs/spotlight": "^1.2.15", "@storybook/addon-essentials": "^7.6.17", "@storybook/addon-links": "^7.6.17", "@storybook/api": "^7.6.17", @@ -4407,102 +4407,102 @@ "peer": true }, "node_modules/@sentry-internal/feedback": { - "version": "7.107.0", - "resolved": "https://registry.npmjs.org/@sentry-internal/feedback/-/feedback-7.107.0.tgz", - "integrity": "sha512-okF0B9AJHrpkwNMxNs/Lffw3N5ZNbGwz4uvCfyOfnMxc7E2VfDM18QzUvTBRvNr3bA9wl+InJ+EMG3aZhyPunA==", + "version": "7.108.0", + "resolved": "https://registry.npmjs.org/@sentry-internal/feedback/-/feedback-7.108.0.tgz", + "integrity": "sha512-8JcgZEnk1uWrXJhsd3iRvFtEiVeaWOEhN0NZwhwQXHfvODqep6JtrkY1yCIyxbpA37aZmrPc2JhyotRERGfUjg==", "dependencies": { - "@sentry/core": "7.107.0", - "@sentry/types": "7.107.0", - "@sentry/utils": "7.107.0" + "@sentry/core": "7.108.0", + "@sentry/types": "7.108.0", + "@sentry/utils": "7.108.0" }, "engines": { "node": ">=12" } }, "node_modules/@sentry-internal/replay-canvas": { - "version": "7.107.0", - "resolved": "https://registry.npmjs.org/@sentry-internal/replay-canvas/-/replay-canvas-7.107.0.tgz", - "integrity": "sha512-dmDL9g3QDfo7axBOsVnpiKdJ/DXrdeuRv1AqsLgwzJKvItsv0ZizX0u+rj5b1UoxcwbXRMxJ0hit5a1yt3t/ow==", + "version": "7.108.0", + "resolved": "https://registry.npmjs.org/@sentry-internal/replay-canvas/-/replay-canvas-7.108.0.tgz", + "integrity": "sha512-R5tvjGqWUV5vSk0N1eBgVW7wIADinrkfDEBZ9FyKP2mXHBobsyNGt30heJDEqYmVqluRqjU2NuIRapsnnrpGnA==", "dependencies": { - "@sentry/core": "7.107.0", - "@sentry/replay": "7.107.0", - "@sentry/types": "7.107.0", - "@sentry/utils": "7.107.0" + "@sentry/core": "7.108.0", + "@sentry/replay": "7.108.0", + "@sentry/types": "7.108.0", + "@sentry/utils": "7.108.0" }, "engines": { "node": ">=12" } }, "node_modules/@sentry-internal/tracing": { - "version": "7.107.0", - "resolved": "https://registry.npmjs.org/@sentry-internal/tracing/-/tracing-7.107.0.tgz", - "integrity": "sha512-le9wM8+OHBbq7m/8P7JUJ1UhSPIty+Z/HmRXc5Z64ODZcOwFV6TmDpYx729IXDdz36XUKmeI+BeM7yQdTTZPfQ==", + "version": "7.108.0", + "resolved": "https://registry.npmjs.org/@sentry-internal/tracing/-/tracing-7.108.0.tgz", + "integrity": "sha512-zuK5XsTsb+U+hgn3SPetYDAogrXsM16U/LLoMW7+TlC6UjlHGYQvmX3o+M2vntejoU1QZS8m1bCAZSMWEypAEw==", "dependencies": { - "@sentry/core": "7.107.0", - "@sentry/types": "7.107.0", - "@sentry/utils": "7.107.0" + "@sentry/core": "7.108.0", + "@sentry/types": "7.108.0", + "@sentry/utils": "7.108.0" }, "engines": { "node": ">=8" } }, "node_modules/@sentry/browser": { - "version": "7.107.0", - "resolved": "https://registry.npmjs.org/@sentry/browser/-/browser-7.107.0.tgz", - "integrity": "sha512-KnqaQDhxv6w9dJ+mYLsNwPeGZfgbpM3vaismBNyJCKLgWn2V75kxkSq+bDX8LQT/13AyK7iFp317L6P8EuNa3g==", + "version": "7.108.0", + "resolved": "https://registry.npmjs.org/@sentry/browser/-/browser-7.108.0.tgz", + "integrity": "sha512-FNpzsdTvGvdHJMUelqEouUXMZU7jC+dpN7CdT6IoHVVFEkoAgrjMVUhXZoQ/dmCkdKWHmFSQhJ8Fm6V+e9Aq0A==", "dependencies": { - "@sentry-internal/feedback": "7.107.0", - "@sentry-internal/replay-canvas": "7.107.0", - "@sentry-internal/tracing": "7.107.0", - "@sentry/core": "7.107.0", - "@sentry/replay": "7.107.0", - "@sentry/types": "7.107.0", - "@sentry/utils": "7.107.0" + "@sentry-internal/feedback": "7.108.0", + "@sentry-internal/replay-canvas": "7.108.0", + "@sentry-internal/tracing": "7.108.0", + "@sentry/core": "7.108.0", + "@sentry/replay": "7.108.0", + "@sentry/types": "7.108.0", + "@sentry/utils": "7.108.0" }, "engines": { "node": ">=8" } }, "node_modules/@sentry/core": { - "version": "7.107.0", - "resolved": "https://registry.npmjs.org/@sentry/core/-/core-7.107.0.tgz", - "integrity": "sha512-C7ogye6+KPyBi8NVL0P8Rxx3Ur7Td8ufnjxosVy678lqY+dcYPk/HONROrzUFYW5fMKWL4/KYnwP+x9uHnkDmw==", + "version": "7.108.0", + "resolved": "https://registry.npmjs.org/@sentry/core/-/core-7.108.0.tgz", + "integrity": "sha512-I/VNZCFgLASxHZaD0EtxZRM34WG9w2gozqgrKGNMzAymwmQ3K9g/1qmBy4e6iS3YRptb7J5UhQkZQHrcwBbjWQ==", "dependencies": { - "@sentry/types": "7.107.0", - "@sentry/utils": "7.107.0" + "@sentry/types": "7.108.0", + "@sentry/utils": "7.108.0" }, "engines": { "node": ">=8" } }, "node_modules/@sentry/replay": { - "version": "7.107.0", - "resolved": "https://registry.npmjs.org/@sentry/replay/-/replay-7.107.0.tgz", - "integrity": "sha512-BNJDEVaEwr/YnV22qnyVA1almx/3p615m3+KaF8lPo7YleYgJGSJv1auH64j1G8INkrJ0J0wFBujb1EFjMYkxA==", + "version": "7.108.0", + "resolved": "https://registry.npmjs.org/@sentry/replay/-/replay-7.108.0.tgz", + "integrity": "sha512-jo8fDOzcZJclP1+4n9jUtVxTlBFT9hXwxhAMrhrt70FV/nfmCtYQMD3bzIj79nwbhUtFP6pN39JH1o7Xqt1hxQ==", "dependencies": { - "@sentry-internal/tracing": "7.107.0", - "@sentry/core": "7.107.0", - "@sentry/types": "7.107.0", - "@sentry/utils": "7.107.0" + "@sentry-internal/tracing": "7.108.0", + "@sentry/core": "7.108.0", + "@sentry/types": "7.108.0", + "@sentry/utils": "7.108.0" }, "engines": { "node": ">=12" } }, "node_modules/@sentry/types": { - "version": "7.107.0", - "resolved": "https://registry.npmjs.org/@sentry/types/-/types-7.107.0.tgz", - "integrity": "sha512-H7qcPjPSUWHE/Zf5bR1EE24G0pGVuJgrSx8Tvvl5nKEepswMYlbXHRVSDN0gTk/E5Z7cqf+hUBOpkQgZyps77w==", + "version": "7.108.0", + "resolved": "https://registry.npmjs.org/@sentry/types/-/types-7.108.0.tgz", + "integrity": "sha512-bKtHITmBN3kqtqE5eVvL8mY8znM05vEodENwRpcm6TSrrBjC2RnwNWVwGstYDdHpNfFuKwC8mLY9bgMJcENo8g==", "engines": { "node": ">=8" } }, "node_modules/@sentry/utils": { - "version": "7.107.0", - "resolved": "https://registry.npmjs.org/@sentry/utils/-/utils-7.107.0.tgz", - "integrity": "sha512-C6PbN5gHh73MRHohnReeQ60N8rrLYa9LciHue3Ru2290eSThg4CzsPnx4SzkGpkSeVlhhptKtKZ+hp/ha3iVuw==", + "version": "7.108.0", + "resolved": "https://registry.npmjs.org/@sentry/utils/-/utils-7.108.0.tgz", + "integrity": "sha512-a45yEFD5qtgZaIFRAcFkG8C8lnDzn6t4LfLXuV4OafGAy/3ZAN3XN8wDnrruHkiUezSSANGsLg3bXaLW/JLvJw==", "dependencies": { - "@sentry/types": "7.107.0" + "@sentry/types": "7.108.0" }, "engines": { "node": ">=8" @@ -4514,9 +4514,9 @@ "license": "MIT" }, "node_modules/@spotlightjs/overlay": { - "version": "1.8.0", - "resolved": "https://registry.npmjs.org/@spotlightjs/overlay/-/overlay-1.8.0.tgz", - "integrity": "sha512-yRcxp7Je4OXyr/JNJp5TAixu7gV9Hq99MQ94bMvoLv+WtS1ngd1lBmxMwAWKGp5TFUXCidNzKIjc11T4nCQ6FQ==", + "version": "1.8.1", + "resolved": "https://registry.npmjs.org/@spotlightjs/overlay/-/overlay-1.8.1.tgz", + "integrity": "sha512-t8S2b6AxgDfDoPls3CU7uABLdKx3g8cCXQWEHOICC1i7MYUSQLFMDpWzFWTEjN0XA8MGwNf/QKNlZ/HhaKTzJw==", "dev": true }, "node_modules/@spotlightjs/sidecar": { @@ -4528,12 +4528,12 @@ } }, "node_modules/@spotlightjs/spotlight": { - "version": "1.2.14", - "resolved": "https://registry.npmjs.org/@spotlightjs/spotlight/-/spotlight-1.2.14.tgz", - "integrity": "sha512-bix/qb0qnky3GajKAQ5gJquh81CPlc6/c6KmxCuZbH2pta0M5r9RmQbLFrZkJl9QvkHCf/+qBDrm1Td6KtRIoQ==", + "version": "1.2.15", + "resolved": "https://registry.npmjs.org/@spotlightjs/spotlight/-/spotlight-1.2.15.tgz", + "integrity": "sha512-M0VTAyameAsK9kjI9k31CehTLJMqUdOvv7DSOr27dcioytBV0uC0l8w7ngHWxdqCOTpbruEs8EIrbQ0T9b4YZQ==", "dev": true, "dependencies": { - "@spotlightjs/overlay": "1.8.0", + "@spotlightjs/overlay": "1.8.1", "@spotlightjs/sidecar": "1.4.0" }, "bin": { diff --git a/web/package.json b/web/package.json index 02761fd757..ef3017a53f 100644 --- a/web/package.json +++ b/web/package.json @@ -46,7 +46,7 @@ "@open-wc/lit-helpers": "^0.7.0", "@patternfly/elements": "^2.4.0", "@patternfly/patternfly": "^4.224.2", - "@sentry/browser": "^7.107.0", + "@sentry/browser": "^7.108.0", "@webcomponents/webcomponentsjs": "^2.8.0", "base64-js": "^1.5.1", "chart.js": "^4.4.2", @@ -80,7 +80,7 @@ "@jeysal/storybook-addon-css-user-preferences": "^0.2.0", "@lit/localize-tools": "^0.7.2", "@rollup/plugin-replace": "^5.0.5", - "@spotlightjs/spotlight": "^1.2.14", + "@spotlightjs/spotlight": "^1.2.15", "@storybook/addon-essentials": "^7.6.17", "@storybook/addon-links": "^7.6.17", "@storybook/api": "^7.6.17", From d5c0a6e252efa378eae4c604ea34ed7c1bbf2d5f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 25 Mar 2024 11:45:39 +0100 Subject: [PATCH 08/15] core: bump requests-oauthlib from 1.4.0 to 2.0.0 (#9018) Bumps [requests-oauthlib](https://github.com/requests/requests-oauthlib) from 1.4.0 to 2.0.0. - [Release notes](https://github.com/requests/requests-oauthlib/releases) - [Changelog](https://github.com/requests/requests-oauthlib/blob/master/HISTORY.rst) - [Commits](https://github.com/requests/requests-oauthlib/compare/v1.4.0...v2.0.0) --- updated-dependencies: - dependency-name: requests-oauthlib dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- poetry.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/poetry.lock b/poetry.lock index bede1594fd..761a4c5216 100644 --- a/poetry.lock +++ b/poetry.lock @@ -3351,13 +3351,13 @@ test = ["fixtures", "mock", "purl", "pytest", "requests-futures", "sphinx", "tes [[package]] name = "requests-oauthlib" -version = "1.4.0" +version = "2.0.0" description = "OAuthlib authentication support for Requests." optional = false -python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" +python-versions = ">=3.4" files = [ - {file = "requests-oauthlib-1.4.0.tar.gz", hash = "sha256:acee623221e4a39abcbb919312c8ff04bd44e7e417087fb4bd5e2a2f53d5e79a"}, - {file = "requests_oauthlib-1.4.0-py2.py3-none-any.whl", hash = "sha256:7a3130d94a17520169e38db6c8d75f2c974643788465ecc2e4b36d288bf13033"}, + {file = "requests-oauthlib-2.0.0.tar.gz", hash = "sha256:b3dffaebd884d8cd778494369603a9e7b58d29111bf6b41bdc2dcd87203af4e9"}, + {file = "requests_oauthlib-2.0.0-py2.py3-none-any.whl", hash = "sha256:7dd8a5c40426b779b0868c404bdef9768deccf22749cde15852df527e6269b36"}, ] [package.dependencies] From 1e25d3e3e997e9e15d471e1afa6f1a6deec79658 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 25 Mar 2024 11:45:47 +0100 Subject: [PATCH 09/15] website: bump @types/react from 18.2.67 to 18.2.69 in /website (#9016) Bumps [@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react) from 18.2.67 to 18.2.69. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react) --- updated-dependencies: - dependency-name: "@types/react" dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- website/package-lock.json | 8 ++++---- website/package.json | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/website/package-lock.json b/website/package-lock.json index a6725a5b26..28757cdbff 100644 --- a/website/package-lock.json +++ b/website/package-lock.json @@ -33,7 +33,7 @@ "@docusaurus/module-type-aliases": "3.1.1", "@docusaurus/tsconfig": "3.1.1", "@docusaurus/types": "3.1.1", - "@types/react": "^18.2.67", + "@types/react": "^18.2.69", "prettier": "3.2.5", "typescript": "~5.4.3" }, @@ -3999,9 +3999,9 @@ "integrity": "sha512-+0autS93xyXizIYiyL02FCY8N+KkKPhILhcUSA276HxzreZ16kl+cmwvV2qAM/PuCCwPXzOXOWhiPcw20uSFcA==" }, "node_modules/@types/react": { - "version": "18.2.67", - "resolved": "https://registry.npmjs.org/@types/react/-/react-18.2.67.tgz", - "integrity": "sha512-vkIE2vTIMHQ/xL0rgmuoECBCkZFZeHr49HeWSc24AptMbNRo7pwSBvj73rlJJs9fGKj0koS+V7kQB1jHS0uCgw==", + "version": "18.2.69", + "resolved": "https://registry.npmjs.org/@types/react/-/react-18.2.69.tgz", + "integrity": "sha512-W1HOMUWY/1Yyw0ba5TkCV+oqynRjG7BnteBB+B7JmAK7iw3l2SW+VGOxL+akPweix6jk2NNJtyJKpn4TkpfK3Q==", "dependencies": { "@types/prop-types": "*", "@types/scheduler": "*", diff --git a/website/package.json b/website/package.json index db3d5b63b2..d4b80cc213 100644 --- a/website/package.json +++ b/website/package.json @@ -52,7 +52,7 @@ "@docusaurus/module-type-aliases": "3.1.1", "@docusaurus/tsconfig": "3.1.1", "@docusaurus/types": "3.1.1", - "@types/react": "^18.2.67", + "@types/react": "^18.2.69", "prettier": "3.2.5", "typescript": "~5.4.3" }, From d7e399dbf9a1ea11d75d4a54dde7666d95b500a1 Mon Sep 17 00:00:00 2001 From: Roney Dsilva <116948023+roney492@users.noreply.github.com> Date: Mon, 25 Mar 2024 17:24:40 +0530 Subject: [PATCH 10/15] web/flow: general ux improvements (#8558) * message fixes * format Signed-off-by: Jens Langhammer * remove inline css, reword Signed-off-by: Jens Langhammer * don't rely on flow naming to show message Signed-off-by: Jens Langhammer * fix tests Signed-off-by: Jens Langhammer --------- Signed-off-by: Jens Langhammer Co-authored-by: roney Co-authored-by: Jens Langhammer --- authentik/flows/tests/test_inspector.py | 1 + .../authenticator_validate/challenge.py | 4 +- authentik/stages/identification/stage.py | 6 +- schema.yml | 27 +++++++-- .../providers/rac/ConnectionTokenList.ts | 4 +- .../AuthenticatorTOTPStage.stories.ts | 58 +++++++++++++++++++ .../AuthenticatorTOTPStage.ts | 5 ++ .../identification/IdentificationStage.ts | 14 ++++- 8 files changed, 106 insertions(+), 13 deletions(-) create mode 100644 web/src/flow/stages/authenticator_totp/AuthenticatorTOTPStage.stories.ts diff --git a/authentik/flows/tests/test_inspector.py b/authentik/flows/tests/test_inspector.py index 49ba593566..a12054fd37 100644 --- a/authentik/flows/tests/test_inspector.py +++ b/authentik/flows/tests/test_inspector.py @@ -53,6 +53,7 @@ class TestFlowInspector(APITestCase): "title": flow.title, "layout": "stacked", }, + "flow_designation": "authentication", "type": ChallengeTypes.NATIVE.value, "password_fields": False, "primary_action": "Log in", diff --git a/authentik/stages/authenticator_validate/challenge.py b/authentik/stages/authenticator_validate/challenge.py index a762e44c17..ce0dea1a16 100644 --- a/authentik/stages/authenticator_validate/challenge.py +++ b/authentik/stages/authenticator_validate/challenge.py @@ -120,7 +120,9 @@ def validate_challenge_code(code: str, stage_view: StageView, user: User) -> Dev stage=stage_view.executor.current_stage, device_class=DeviceClasses.TOTP.value, ) - raise ValidationError(_("Invalid Token")) + raise ValidationError( + _("Invalid Token. Please ensure the time on your device is accurate and try again.") + ) return device diff --git a/authentik/stages/identification/stage.py b/authentik/stages/identification/stage.py index 3799991d9f..8be41825d5 100644 --- a/authentik/stages/identification/stage.py +++ b/authentik/stages/identification/stage.py @@ -10,7 +10,7 @@ from django.db.models import Q from django.http import HttpResponse from django.utils.translation import gettext as _ from drf_spectacular.utils import PolymorphicProxySerializer, extend_schema_field -from rest_framework.fields import BooleanField, CharField, DictField, ListField +from rest_framework.fields import BooleanField, CharField, ChoiceField, DictField, ListField from rest_framework.serializers import ValidationError from sentry_sdk.hub import Hub @@ -66,6 +66,7 @@ class IdentificationChallenge(Challenge): user_fields = ListField(child=CharField(), allow_empty=True, allow_null=True) password_fields = BooleanField() application_pre = CharField(required=False) + flow_designation = ChoiceField(FlowDesignation.choices) enroll_url = CharField(required=False) recovery_url = CharField(required=False) @@ -194,11 +195,12 @@ class IdentificationStageView(ChallengeStageView): challenge = IdentificationChallenge( data={ "type": ChallengeTypes.NATIVE.value, - "primary_action": self.get_primary_action(), "component": "ak-stage-identification", + "primary_action": self.get_primary_action(), "user_fields": current_stage.user_fields, "password_fields": bool(current_stage.password_stage), "show_source_labels": current_stage.show_source_labels, + "flow_designation": self.executor.flow.designation, } ) # If the user has been redirected to us whilst trying to access an diff --git a/schema.yml b/schema.yml index 6ac8eb9eb1..fd10552093 100644 --- a/schema.yml +++ b/schema.yml @@ -31782,8 +31782,7 @@ components: pk: type: string format: uuid - readOnly: true - title: Pbm uuid + title: Connection token uuid provider: type: integer provider_obj: @@ -31793,7 +31792,6 @@ components: endpoint: type: string format: uuid - readOnly: true endpoint_obj: allOf: - $ref: '#/components/schemas/Endpoint' @@ -31805,7 +31803,6 @@ components: required: - endpoint - endpoint_obj - - pk - provider - provider_obj - user @@ -31813,9 +31810,17 @@ components: type: object description: ConnectionToken Serializer properties: + pk: + type: string + format: uuid + title: Connection token uuid provider: type: integer + endpoint: + type: string + format: uuid required: + - endpoint - provider ConsentChallenge: type: object @@ -34332,6 +34337,8 @@ components: type: boolean application_pre: type: string + flow_designation: + $ref: '#/components/schemas/FlowDesignationEnum' enroll_url: type: string recovery_url: @@ -34347,6 +34354,7 @@ components: show_source_labels: type: boolean required: + - flow_designation - password_fields - primary_action - show_source_labels @@ -38586,8 +38594,15 @@ components: type: object description: ConnectionToken Serializer properties: + pk: + type: string + format: uuid + title: Connection token uuid provider: type: integer + endpoint: + type: string + format: uuid PatchedConsentStageRequest: type: object description: ConsentStage Serializer @@ -45584,8 +45599,8 @@ components: description: Get latest version from cache readOnly: true version_latest_valid: - type: boolean - description: Latest version query is a valid non-default value + type: string + description: Check if latest version is valid readOnly: true build_hash: type: string diff --git a/web/src/admin/providers/rac/ConnectionTokenList.ts b/web/src/admin/providers/rac/ConnectionTokenList.ts index 4161cedaee..d9d4fbf830 100644 --- a/web/src/admin/providers/rac/ConnectionTokenList.ts +++ b/web/src/admin/providers/rac/ConnectionTokenList.ts @@ -61,12 +61,12 @@ export class ConnectionTokenListPage extends Table { }} .usedBy=${(item: ConnectionToken) => { return new RacApi(DEFAULT_CONFIG).racConnectionTokensUsedByList({ - connectionTokenUuid: item.pk, + connectionTokenUuid: item.pk || "", }); }} .delete=${(item: ConnectionToken) => { return new RacApi(DEFAULT_CONFIG).racConnectionTokensDestroy({ - connectionTokenUuid: item.pk, + connectionTokenUuid: item.pk || "", }); }} > diff --git a/web/src/flow/stages/authenticator_totp/AuthenticatorTOTPStage.stories.ts b/web/src/flow/stages/authenticator_totp/AuthenticatorTOTPStage.stories.ts new file mode 100644 index 0000000000..24a4f4a4a8 --- /dev/null +++ b/web/src/flow/stages/authenticator_totp/AuthenticatorTOTPStage.stories.ts @@ -0,0 +1,58 @@ +import type { StoryObj } from "@storybook/web-components"; + +import { html } from "lit"; + +import "@patternfly/patternfly/components/Login/login.css"; + +import { AuthenticatorTOTPChallenge, ChallengeChoices, UiThemeEnum } from "@goauthentik/api"; + +import "../../../stories/flow-interface"; +import "./AuthenticatorTOTPStage"; + +export default { + title: "Flow / Stages / AuthenticatorTOTPStage", +}; + +export const LoadingNoChallenge = () => { + return html` + + `; +}; + +export const Challenge: StoryObj = { + render: ({ theme, challenge }) => { + return html` + `; + }, + args: { + theme: "automatic", + challenge: { + type: ChallengeChoices.Native, + pendingUser: "foo", + pendingUserAvatar: "https://picsum.photos/64", + configUrl: "", + } as AuthenticatorTOTPChallenge, + }, + argTypes: { + theme: { + options: [UiThemeEnum.Automatic, UiThemeEnum.Light, UiThemeEnum.Dark], + control: { + type: "select", + }, + }, + }, +}; diff --git a/web/src/flow/stages/authenticator_totp/AuthenticatorTOTPStage.ts b/web/src/flow/stages/authenticator_totp/AuthenticatorTOTPStage.ts index 38030c10a0..074adb29ca 100644 --- a/web/src/flow/stages/authenticator_totp/AuthenticatorTOTPStage.ts +++ b/web/src/flow/stages/authenticator_totp/AuthenticatorTOTPStage.ts @@ -106,6 +106,11 @@ export class AuthenticatorTOTPStage extends BaseStage<
+

+ ${msg( + "Please scan the QR code above using the Microsoft Authenticator, Google Authenticator, or other authenticator apps on your device, and enter the code the device displays below to finish setting up the MFA device.", + )} +

uiFields[f])); - return html` + ${msg( + "Enter the email associated with your account, and we'll send you a link to reset your password.", + )} +

+ ` + : nothing} + Date: Mon, 25 Mar 2024 07:07:54 -0500 Subject: [PATCH 11/15] website/integrations: Update nextcloud Admin Group Expression (#7314) * Update index.md Replace user.ak_groups.all() with user.all_groups per 2023.8 release notes in Admin Group Update Expression in Admin group to only pass groups that start with 'NC-' to NextCloud. Add verbiage around naming for admin group. Signed-off-by: Sean Dion * don't use NC prefix Signed-off-by: Jens Langhammer --------- Signed-off-by: Sean Dion Signed-off-by: Jens Langhammer Co-authored-by: Jens Langhammer --- website/integrations/services/nextcloud/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/integrations/services/nextcloud/index.md b/website/integrations/services/nextcloud/index.md index 3b8be9c4b5..c26682501f 100644 --- a/website/integrations/services/nextcloud/index.md +++ b/website/integrations/services/nextcloud/index.md @@ -286,7 +286,7 @@ Create a custom SAML Property Mapping: - Set the _Expression_ to: ```python -for group in user.ak_groups.all(): +for group in request.user.all_groups(): yield group.name if ak_is_group_member(request.user, name=""): yield "admin" From 15c7be1979854c5a855ebd9c2f5f232f5166a0fc Mon Sep 17 00:00:00 2001 From: Marc 'risson' Schmitt Date: Mon, 25 Mar 2024 13:11:02 +0100 Subject: [PATCH 12/15] lifecycle: migrate: ensure template schema exists before migrating (#8952) --- lifecycle/migrate.py | 1 + lifecycle/system_migrations/template_schema.py | 12 ++++++++++++ 2 files changed, 13 insertions(+) create mode 100644 lifecycle/system_migrations/template_schema.py diff --git a/lifecycle/migrate.py b/lifecycle/migrate.py index 6dceb6b007..1dac197119 100755 --- a/lifecycle/migrate.py +++ b/lifecycle/migrate.py @@ -64,6 +64,7 @@ def release_lock(cursor: Cursor): """Release database lock""" if not LOCKED: return + LOGGER.info("releasing database lock") cursor.execute("SELECT pg_advisory_unlock(%s)", (ADV_LOCK_UID,)) diff --git a/lifecycle/system_migrations/template_schema.py b/lifecycle/system_migrations/template_schema.py new file mode 100644 index 0000000000..9ab53c0605 --- /dev/null +++ b/lifecycle/system_migrations/template_schema.py @@ -0,0 +1,12 @@ +from lifecycle.migrate import BaseMigration + + +class Migration(BaseMigration): + def needs_migration(self) -> bool: + self.cur.execute( + "SELECT schema_name FROM information_schema.schemata WHERE schema_name = 'template';" + ) + return not bool(self.cur.rowcount) + + def run(self): + self.cur.execute("CREATE SCHEMA IF NOT EXISTS template; COMMIT;") From bf8c3078dbb758643bf81f7c1cc60f5ed8f08885 Mon Sep 17 00:00:00 2001 From: "authentik-automation[bot]" <135050075+authentik-automation[bot]@users.noreply.github.com> Date: Mon, 25 Mar 2024 12:12:26 +0000 Subject: [PATCH 13/15] web: bump API Client version (#9020) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com> --- web/package-lock.json | 8 ++++---- web/package.json | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/web/package-lock.json b/web/package-lock.json index 84778c69de..998ade4d04 100644 --- a/web/package-lock.json +++ b/web/package-lock.json @@ -17,7 +17,7 @@ "@codemirror/theme-one-dark": "^6.1.2", "@formatjs/intl-listformat": "^7.5.5", "@fortawesome/fontawesome-free": "^6.5.1", - "@goauthentik/api": "^2024.2.2-1710521362", + "@goauthentik/api": "^2024.2.2-1711367699", "@lit-labs/task": "^3.1.0", "@lit/context": "^1.1.0", "@lit/localize": "^0.12.1", @@ -2820,9 +2820,9 @@ } }, "node_modules/@goauthentik/api": { - "version": "2024.2.2-1710521362", - "resolved": "https://registry.npmjs.org/@goauthentik/api/-/api-2024.2.2-1710521362.tgz", - "integrity": "sha512-rfGIk+l+hcsgYd6Pj8cL9GTrUlJzT2dhAI6kJk7OsE/HamIUxpPG5wquE9oRcxrsWYkuFZQ1Z4lTePdSjxbt0w==" + "version": "2024.2.2-1711367699", + "resolved": "https://registry.npmjs.org/@goauthentik/api/-/api-2024.2.2-1711367699.tgz", + "integrity": "sha512-PYdfTsPC5CdPTYOA68eHASvWt8k5LdQgHdT3wPsk19Cgyjbj3obU5uW2ZS3Cvs/lL7lBBG0w24hgmZ3a67POqQ==" }, "node_modules/@hcaptcha/types": { "version": "1.0.3", diff --git a/web/package.json b/web/package.json index ef3017a53f..c0d02c1dfb 100644 --- a/web/package.json +++ b/web/package.json @@ -38,7 +38,7 @@ "@codemirror/theme-one-dark": "^6.1.2", "@formatjs/intl-listformat": "^7.5.5", "@fortawesome/fontawesome-free": "^6.5.1", - "@goauthentik/api": "^2024.2.2-1710521362", + "@goauthentik/api": "^2024.2.2-1711367699", "@lit-labs/task": "^3.1.0", "@lit/context": "^1.1.0", "@lit/localize": "^0.12.1", From 06af8e3a35711d0db3ac997cfb389cf9cea757f7 Mon Sep 17 00:00:00 2001 From: Marc 'risson' Schmitt Date: Mon, 25 Mar 2024 13:22:21 +0100 Subject: [PATCH 14/15] sources/ldap: add ability to disable password write on login (#8377) * sources/ldap: add ability to disable password write on login Signed-off-by: Marc 'risson' Schmitt * reword docs Signed-off-by: Jens Langhammer --------- Signed-off-by: Marc 'risson' Schmitt Signed-off-by: Jens Langhammer Co-authored-by: Jens Langhammer --- authentik/sources/ldap/api.py | 2 + authentik/sources/ldap/auth.py | 9 ++-- ...password_login_update_internal_password.py | 29 +++++++++++++ authentik/sources/ldap/models.py | 5 +++ blueprints/schema.json | 5 +++ schema.yml | 16 +++++++ tests/e2e/test_source_ldap_samba.py | 1 + web/src/admin/sources/ldap/LDAPSourceForm.ts | 22 ++++++++++ website/integrations/sources/ldap/index.md | 42 ++++++++++++------- 9 files changed, 113 insertions(+), 18 deletions(-) create mode 100644 authentik/sources/ldap/migrations/0004_ldapsource_password_login_update_internal_password.py diff --git a/authentik/sources/ldap/api.py b/authentik/sources/ldap/api.py index dc45523380..8a672a6aa7 100644 --- a/authentik/sources/ldap/api.py +++ b/authentik/sources/ldap/api.py @@ -77,6 +77,7 @@ class LDAPSourceSerializer(SourceSerializer): "group_object_filter", "group_membership_field", "object_uniqueness_field", + "password_login_update_internal_password", "sync_users", "sync_users_password", "sync_groups", @@ -118,6 +119,7 @@ class LDAPSourceViewSet(UsedByMixin, ModelViewSet): "group_object_filter", "group_membership_field", "object_uniqueness_field", + "password_login_update_internal_password", "sync_users", "sync_users_password", "sync_groups", diff --git a/authentik/sources/ldap/auth.py b/authentik/sources/ldap/auth.py index a271dac5a5..37321ea05f 100644 --- a/authentik/sources/ldap/auth.py +++ b/authentik/sources/ldap/auth.py @@ -41,10 +41,11 @@ class LDAPBackend(InbuiltBackend): # or has a password, but couldn't be authenticated by ModelBackend. # This means we check with a bind to see if the LDAP password has changed if self.auth_user_by_bind(source, user, password): - # Password given successfully binds to LDAP, so we save it in our Database - LOGGER.debug("Updating user's password in DB", user=user) - user.set_password(password, signal=False) - user.save() + if source.password_login_update_internal_password: + # Password given successfully binds to LDAP, so we save it in our Database + LOGGER.debug("Updating user's password in DB", user=user) + user.set_password(password, signal=False) + user.save() return user # Password doesn't match LOGGER.debug("Failed to bind, password invalid") diff --git a/authentik/sources/ldap/migrations/0004_ldapsource_password_login_update_internal_password.py b/authentik/sources/ldap/migrations/0004_ldapsource_password_login_update_internal_password.py new file mode 100644 index 0000000000..cacbe62684 --- /dev/null +++ b/authentik/sources/ldap/migrations/0004_ldapsource_password_login_update_internal_password.py @@ -0,0 +1,29 @@ +# Generated by Django 5.0.1 on 2024-01-31 18:41 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ("authentik_sources_ldap", "0003_ldapsource_client_certificate_ldapsource_sni_and_more"), + ] + + operations = [ + migrations.AddField( + model_name="ldapsource", + name="password_login_update_internal_password", + field=models.BooleanField( + default=True, + help_text="Update internal authentik password when login succeeds with LDAP", + ), + ), + migrations.AlterField( + model_name="ldapsource", + name="password_login_update_internal_password", + field=models.BooleanField( + default=False, + help_text="Update internal authentik password when login succeeds with LDAP", + ), + ), + ] diff --git a/authentik/sources/ldap/models.py b/authentik/sources/ldap/models.py index 074e49b5f4..06ced2f9fa 100644 --- a/authentik/sources/ldap/models.py +++ b/authentik/sources/ldap/models.py @@ -98,6 +98,11 @@ class LDAPSource(Source): help_text=_("Property mappings used for group creation/updating."), ) + password_login_update_internal_password = models.BooleanField( + default=False, + help_text=_("Update internal authentik password when login succeeds with LDAP"), + ) + sync_users = models.BooleanField(default=True) sync_users_password = models.BooleanField( default=True, diff --git a/blueprints/schema.json b/blueprints/schema.json index da1082c7aa..942f37a039 100644 --- a/blueprints/schema.json +++ b/blueprints/schema.json @@ -4347,6 +4347,11 @@ "title": "Object uniqueness field", "description": "Field which contains a unique Identifier." }, + "password_login_update_internal_password": { + "type": "boolean", + "title": "Password login update internal password", + "description": "Update internal authentik password when login succeeds with LDAP" + }, "sync_users": { "type": "boolean", "title": "Sync users" diff --git a/schema.yml b/schema.yml index fd10552093..a14f542873 100644 --- a/schema.yml +++ b/schema.yml @@ -19926,6 +19926,10 @@ paths: description: Number of results to return per page. schema: type: integer + - in: query + name: password_login_update_internal_password + schema: + type: boolean - in: query name: peer_certificate schema: @@ -35225,6 +35229,10 @@ components: object_uniqueness_field: type: string description: Field which contains a unique Identifier. + password_login_update_internal_password: + type: boolean + description: Update internal authentik password when login succeeds with + LDAP sync_users: type: boolean sync_users_password: @@ -35366,6 +35374,10 @@ components: type: string minLength: 1 description: Field which contains a unique Identifier. + password_login_update_internal_password: + type: boolean + description: Update internal authentik password when login succeeds with + LDAP sync_users: type: boolean sync_users_password: @@ -39440,6 +39452,10 @@ components: type: string minLength: 1 description: Field which contains a unique Identifier. + password_login_update_internal_password: + type: boolean + description: Update internal authentik password when login succeeds with + LDAP sync_users: type: boolean sync_users_password: diff --git a/tests/e2e/test_source_ldap_samba.py b/tests/e2e/test_source_ldap_samba.py index d5210f6b51..fb9aa6d12a 100644 --- a/tests/e2e/test_source_ldap_samba.py +++ b/tests/e2e/test_source_ldap_samba.py @@ -128,6 +128,7 @@ class TestSourceLDAPSamba(SeleniumTestCase): base_dn="dc=test,dc=goauthentik,dc=io", additional_user_dn="ou=users", additional_group_dn="ou=groups", + password_login_update_internal_password=True, ) source.property_mappings.set( LDAPPropertyMapping.objects.filter( diff --git a/web/src/admin/sources/ldap/LDAPSourceForm.ts b/web/src/admin/sources/ldap/LDAPSourceForm.ts index f62478963c..a5b9d41c9c 100644 --- a/web/src/admin/sources/ldap/LDAPSourceForm.ts +++ b/web/src/admin/sources/ldap/LDAPSourceForm.ts @@ -86,6 +86,28 @@ export class LDAPSourceForm extends BaseSourceForm { ${msg("Enabled")} + + +

+ ${msg( + "When the user logs in to authentik using this source password backend, update their credentials in authentik.", + )} +

+