habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

outposts/proxyv2 (#1365)

Browse Source 
* outposts/proxyv2: initial commit

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add rs256

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

more stuff

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add forward auth an sign_out

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

match cookie name

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

re-add support for rs256 for backwards compat

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add error handler

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

ensure unique user-agent is used

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

set cookie duration based on id_token expiry

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

build proxy v2

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add ssl

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add basic auth and custom header support

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add application cert loading

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

implement whitelist

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add redis

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

migrate embedded outpost to v2

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

remove old proxy

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

providers/proxy: make token expiration configurable

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add metrics

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

fix tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/proxy: only allow one redirect URI

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix docker build for proxy

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* remove default port offset

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add AUTHENTIK_HOST_BROWSER

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* tests: fix e2e/integration tests not using proper tags

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* remove references of old port

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix user_attributes not being loaded correctly

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup dependencies

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens L
2021-09-08 20:04:56 +02:00
committed by GitHub
parent 27508dd1f0
commit 3c1b70c355
75 changed files with 1368 additions and 1665 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
web/src/locales/en.po
View File

@ -15,6 +15,7 @@ msgstr ""
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/proxy/ProxyProviderForm.ts
#: src/pages/providers/saml/SAMLProviderForm.ts
#: src/pages/stages/user_login/UserLoginStageForm.ts
msgid "(Format: hours=-1;minutes=-2;seconds=-3)."
@ -794,6 +795,10 @@ msgstr "Configure how long access codes are valid for."
msgid "Configure how long refresh tokens and their id_tokens are valid for."
msgstr "Configure how long refresh tokens and their id_tokens are valid for."
#: src/pages/providers/proxy/ProxyProviderForm.ts
msgid "Configure how long tokens are valid for."
msgstr "Configure how long tokens are valid for."
#: src/pages/providers/saml/SAMLProviderForm.ts
msgid "Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be respected."
msgstr "Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be respected."
@ -2053,6 +2058,10 @@ msgstr "If this is selected, the token will expire. Upon expiration, the token w
msgid "If your authentik Instance is using a self-signed certificate, set this value."
msgstr "If your authentik Instance is using a self-signed certificate, set this value."
#: src/pages/outposts/OutpostDeploymentModal.ts
msgid "If your authentik_host setting does not match the URL you want to login with, add this setting."
msgstr "If your authentik_host setting does not match the URL you want to login with, add this setting."
#: src/pages/users/UserListPage.ts
msgid "Impersonate"
msgstr "Impersonate"
@ -4472,6 +4481,7 @@ msgid "Token expiry"
msgstr "Token expiry"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/proxy/ProxyProviderForm.ts
msgid "Token validity"
msgstr "Token validity"

10
web/src/locales/pseudo-LOCALE.po
View File

@ -15,6 +15,7 @@ msgstr ""
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/proxy/ProxyProviderForm.ts
#: src/pages/providers/saml/SAMLProviderForm.ts
#: src/pages/stages/user_login/UserLoginStageForm.ts
msgid "(Format: hours=-1;minutes=-2;seconds=-3)."
@ -788,6 +789,10 @@ msgstr ""
msgid "Configure how long refresh tokens and their id_tokens are valid for."
msgstr ""
#: src/pages/providers/proxy/ProxyProviderForm.ts
msgid "Configure how long tokens are valid for."
msgstr ""
#: src/pages/providers/saml/SAMLProviderForm.ts
msgid "Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be respected."
msgstr ""
@ -2045,6 +2050,10 @@ msgstr ""
msgid "If your authentik Instance is using a self-signed certificate, set this value."
msgstr ""
#: src/pages/outposts/OutpostDeploymentModal.ts
msgid "If your authentik_host setting does not match the URL you want to login with, add this setting."
msgstr ""
#: src/pages/users/UserListPage.ts
msgid "Impersonate"
msgstr ""
@ -4457,6 +4466,7 @@ msgid "Token expiry"
msgstr ""
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/proxy/ProxyProviderForm.ts
msgid "Token validity"
msgstr ""

22
web/src/pages/outposts/OutpostDeploymentModal.ts
View File

@ -1,4 +1,4 @@
import { Outpost } from "@goauthentik/api";
import { Outpost, OutpostTypeEnum } from "@goauthentik/api";
import { customElement, html, property, TemplateResult } from "lit-element";
import { t } from "@lingui/macro";
import { ifDefined } from "lit-html/directives/if-defined";
@ -53,6 +53,26 @@ export class OutpostDeploymentModal extends ModalButton {
</label>
<input class="pf-c-form-control" readonly type="text" value="true" />
</div>
${this.outpost?.type == OutpostTypeEnum.Proxy
? html`
<h3>
${t`If your authentik_host setting does not match the URL you want to login with, add this setting.`}
</h3>
<div class="pf-c-form__group">
<label class="pf-c-form__label" for="help-text-simple-form-name">
<span class="pf-c-form__label-text"
>AUTHENTIK_HOST_BROWSER</span
>
</label>
<input
class="pf-c-form-control"
readonly
type="text"
value="${document.location.origin}"
/>
</div>
`
: html``}
</form>
</div>
<footer class="pf-c-modal-box__footer pf-m-align-left">

11
web/src/pages/providers/proxy/ProxyProviderForm.ts
View File

@ -302,6 +302,17 @@ export class ProxyProviderFormPage extends ModelForm<ProxyProvider, number> {
</div>
<div class="pf-c-card__footer">${this.renderSettings()}</div>
</div>
<ak-form-element-horizontal label=${t`Token validity`} name="tokenValidity">
<input
type="text"
value="${first(this.instance?.tokenValidity, "hours=24")}"
class="pf-c-form-control"
/>
<p class="pf-c-form__helper-text">${t`Configure how long tokens are valid for.`}</p>
<p class="pf-c-form__helper-text">
${t`(Format: hours=-1;minutes=-2;seconds=-3).`}
</p>
</ak-form-element-horizontal>
<ak-form-group>
<span slot="header"> ${t`Advanced protocol settings`} </span>