diff --git a/.github/actions/setup/action.yml b/.github/actions/setup/action.yml index 9453956fa7..3f3a44a34c 100644 --- a/.github/actions/setup/action.yml +++ b/.github/actions/setup/action.yml @@ -36,7 +36,7 @@ runs: with: go-version-file: "go.mod" - name: Setup docker cache - uses: ScribeMD/docker-cache@0.5.0 + uses: AndreKurait/docker-cache@0fe76702a40db986d9663c24954fc14c6a6031b7 with: key: docker-images-${{ runner.os }}-${{ hashFiles('.github/actions/setup/docker-compose.yml', 'Makefile') }}-${{ inputs.postgresql_version }} - name: Setup dependencies diff --git a/Dockerfile b/Dockerfile index 953af03e7c..e04a22ded2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -94,7 +94,7 @@ RUN --mount=type=secret,id=GEOIPUPDATE_ACCOUNT_ID \ /bin/sh -c "GEOIPUPDATE_LICENSE_KEY_FILE=/run/secrets/GEOIPUPDATE_LICENSE_KEY /usr/bin/entry.sh || echo 'Failed to get GeoIP database, disabling'; exit 0" # Stage 5: Download uv -FROM ghcr.io/astral-sh/uv:0.7.8 AS uv +FROM ghcr.io/astral-sh/uv:0.7.9 AS uv # Stage 6: Base python image FROM ghcr.io/goauthentik/fips-python:3.13.3-slim-bookworm-fips AS python-base diff --git a/authentik/core/api/users.py b/authentik/core/api/users.py index 6378965bf2..2e95a1396e 100644 --- a/authentik/core/api/users.py +++ b/authentik/core/api/users.py @@ -84,6 +84,7 @@ from authentik.flows.views.executor import QS_KEY_TOKEN from authentik.lib.avatars import get_avatar from authentik.rbac.decorators import permission_required from authentik.rbac.models import get_permission_choices +from authentik.stages.email.flow import pickle_flow_token_for_email from authentik.stages.email.models import EmailStage from authentik.stages.email.tasks import send_mails from authentik.stages.email.utils import TemplateEmailMessage @@ -451,7 +452,7 @@ class UserViewSet(UsedByMixin, ModelViewSet): def list(self, request, *args, **kwargs): return super().list(request, *args, **kwargs) - def _create_recovery_link(self) -> tuple[str, Token]: + def _create_recovery_link(self, for_email=False) -> tuple[str, Token]: """Create a recovery link (when the current brand has a recovery flow set), that can either be shown to an admin or sent to the user directly""" brand: Brand = self.request._request.brand @@ -473,12 +474,16 @@ class UserViewSet(UsedByMixin, ModelViewSet): raise ValidationError( {"non_field_errors": "Recovery flow not applicable to user"} ) from None + _plan = FlowToken.pickle(plan) + if for_email: + _plan = pickle_flow_token_for_email(plan) token, __ = FlowToken.objects.update_or_create( identifier=f"{user.uid}-password-reset", defaults={ "user": user, "flow": flow, - "_plan": FlowToken.pickle(plan), + "_plan": _plan, + "revoke_on_execution": not for_email, }, ) querystring = urlencode({QS_KEY_TOKEN: token.key}) @@ -648,7 +653,7 @@ class UserViewSet(UsedByMixin, ModelViewSet): if for_user.email == "": LOGGER.debug("User doesn't have an email address") raise ValidationError({"non_field_errors": "User does not have an email address set."}) - link, token = self._create_recovery_link() + link, token = self._create_recovery_link(for_email=True) # Lookup the email stage to assure the current user can access it stages = get_objects_for_user( request.user, "authentik_stages_email.view_emailstage" diff --git a/authentik/core/migrations/0046_session_and_more.py b/authentik/core/migrations/0046_session_and_more.py index 1a681ea1f5..1b52b1d65f 100644 --- a/authentik/core/migrations/0046_session_and_more.py +++ b/authentik/core/migrations/0046_session_and_more.py @@ -79,6 +79,7 @@ def _migrate_session( AuthenticatedSession.objects.using(db_alias).create( session=session, user=old_auth_session.user, + uuid=old_auth_session.uuid, ) diff --git a/authentik/core/migrations/0048_delete_oldauthenticatedsession_content_type.py b/authentik/core/migrations/0048_delete_oldauthenticatedsession_content_type.py index d79f14a74a..09a1027e39 100644 --- a/authentik/core/migrations/0048_delete_oldauthenticatedsession_content_type.py +++ b/authentik/core/migrations/0048_delete_oldauthenticatedsession_content_type.py @@ -1,10 +1,81 @@ # Generated by Django 5.1.9 on 2025-05-14 11:15 -from django.apps.registry import Apps +from django.apps.registry import Apps, apps as global_apps from django.db import migrations +from django.contrib.contenttypes.management import create_contenttypes +from django.contrib.auth.management import create_permissions from django.db.backends.base.schema import BaseDatabaseSchemaEditor +def migrate_authenticated_session_permissions(apps: Apps, schema_editor: BaseDatabaseSchemaEditor): + """Migrate permissions from OldAuthenticatedSession to AuthenticatedSession""" + db_alias = schema_editor.connection.alias + + # `apps` here is just an instance of `django.db.migrations.state.AppConfigStub`, we need the + # real config for creating permissions and content types + authentik_core_config = global_apps.get_app_config("authentik_core") + # These are only ran by django after all migrations, but we need them right now. + # `global_apps` is needed, + create_permissions(authentik_core_config, using=db_alias, verbosity=1) + create_contenttypes(authentik_core_config, using=db_alias, verbosity=1) + + # But from now on, this is just a regular migration, so use `apps` + Permission = apps.get_model("auth", "Permission") + ContentType = apps.get_model("contenttypes", "ContentType") + + try: + old_ct = ContentType.objects.using(db_alias).get( + app_label="authentik_core", model="oldauthenticatedsession" + ) + new_ct = ContentType.objects.using(db_alias).get( + app_label="authentik_core", model="authenticatedsession" + ) + except ContentType.DoesNotExist: + # This should exist at this point, but if not, let's cut our losses + return + + # Get all permissions for the old content type + old_perms = Permission.objects.using(db_alias).filter(content_type=old_ct) + + # Create equivalent permissions for the new content type + for old_perm in old_perms: + new_perm = ( + Permission.objects.using(db_alias) + .filter( + content_type=new_ct, + codename=old_perm.codename, + ) + .first() + ) + if not new_perm: + # This should exist at this point, but if not, let's cut our losses + continue + + # Global user permissions + User = apps.get_model("authentik_core", "User") + User.user_permissions.through.objects.using(db_alias).filter( + permission=old_perm + ).all().update(permission=new_perm) + + # Global role permissions + DjangoGroup = apps.get_model("auth", "Group") + DjangoGroup.permissions.through.objects.using(db_alias).filter( + permission=old_perm + ).all().update(permission=new_perm) + + # Object user permissions + UserObjectPermission = apps.get_model("guardian", "UserObjectPermission") + UserObjectPermission.objects.using(db_alias).filter(permission=old_perm).all().update( + permission=new_perm, content_type=new_ct + ) + + # Object role permissions + GroupObjectPermission = apps.get_model("guardian", "GroupObjectPermission") + GroupObjectPermission.objects.using(db_alias).filter(permission=old_perm).all().update( + permission=new_perm, content_type=new_ct + ) + + def remove_old_authenticated_session_content_type( apps: Apps, schema_editor: BaseDatabaseSchemaEditor ): @@ -21,7 +92,12 @@ class Migration(migrations.Migration): ] operations = [ + migrations.RunPython( + code=migrate_authenticated_session_permissions, + reverse_code=migrations.RunPython.noop, + ), migrations.RunPython( code=remove_old_authenticated_session_content_type, + reverse_code=migrations.RunPython.noop, ), ] diff --git a/authentik/flows/migrations/0028_flowtoken_revoke_on_execution.py b/authentik/flows/migrations/0028_flowtoken_revoke_on_execution.py new file mode 100644 index 0000000000..afadd9db3d --- /dev/null +++ b/authentik/flows/migrations/0028_flowtoken_revoke_on_execution.py @@ -0,0 +1,18 @@ +# Generated by Django 5.1.9 on 2025-05-27 12:52 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ("authentik_flows", "0027_auto_20231028_1424"), + ] + + operations = [ + migrations.AddField( + model_name="flowtoken", + name="revoke_on_execution", + field=models.BooleanField(default=True), + ), + ] diff --git a/authentik/flows/models.py b/authentik/flows/models.py index 278c90c67f..df14c87d66 100644 --- a/authentik/flows/models.py +++ b/authentik/flows/models.py @@ -303,9 +303,10 @@ class FlowToken(Token): flow = models.ForeignKey(Flow, on_delete=models.CASCADE) _plan = models.TextField() + revoke_on_execution = models.BooleanField(default=True) @staticmethod - def pickle(plan) -> str: + def pickle(plan: "FlowPlan") -> str: """Pickle into string""" data = dumps(plan) return b64encode(data).decode() diff --git a/authentik/flows/stage.py b/authentik/flows/stage.py index 715a2aa52a..6d34fad746 100644 --- a/authentik/flows/stage.py +++ b/authentik/flows/stage.py @@ -99,9 +99,10 @@ class ChallengeStageView(StageView): self.logger.debug("Got StageInvalidException", exc=exc) return self.executor.stage_invalid() if not challenge.is_valid(): - self.logger.warning( + self.logger.error( "f(ch): Invalid challenge", errors=challenge.errors, + challenge=challenge.data, ) return HttpChallengeResponse(challenge) diff --git a/authentik/flows/views/executor.py b/authentik/flows/views/executor.py index ad2eac6b05..b70b0f058c 100644 --- a/authentik/flows/views/executor.py +++ b/authentik/flows/views/executor.py @@ -146,7 +146,8 @@ class FlowExecutorView(APIView): except (AttributeError, EOFError, ImportError, IndexError) as exc: LOGGER.warning("f(exec): Failed to restore token plan", exc=exc) finally: - token.delete() + if token.revoke_on_execution: + token.delete() if not isinstance(plan, FlowPlan): return None plan.context[PLAN_CONTEXT_IS_RESTORED] = token diff --git a/authentik/lib/default.yml b/authentik/lib/default.yml index 1585960352..52a79972c6 100644 --- a/authentik/lib/default.yml +++ b/authentik/lib/default.yml @@ -81,7 +81,6 @@ debugger: false log_level: info -session_storage: cache sessions: unauthenticated_age: days=1 diff --git a/authentik/lib/sync/outgoing/tasks.py b/authentik/lib/sync/outgoing/tasks.py index 97e555c3f3..a6c8dd1175 100644 --- a/authentik/lib/sync/outgoing/tasks.py +++ b/authentik/lib/sync/outgoing/tasks.py @@ -1,18 +1,21 @@ +from collections.abc import Callable from dataclasses import asdict +from celery import group +from celery.exceptions import Retry +from celery.result import allow_join_result from django.core.paginator import Paginator from django.db.models import Model, QuerySet from django.db.models.query import Q from django.utils.text import slugify from django.utils.translation import gettext_lazy as _ -from dramatiq.actor import Actor -from dramatiq.composition import group -from dramatiq.errors import Retry from structlog.stdlib import BoundLogger, get_logger from authentik.core.expression.exceptions import SkipObjectException from authentik.core.models import Group, User from authentik.events.logs import LogEvent +from authentik.events.models import TaskStatus +from authentik.events.system_tasks import SystemTask from authentik.events.utils import sanitize_item from authentik.lib.sync.outgoing import PAGE_SIZE, PAGE_TIMEOUT from authentik.lib.sync.outgoing.base import Direction @@ -24,8 +27,6 @@ from authentik.lib.sync.outgoing.exceptions import ( ) from authentik.lib.sync.outgoing.models import OutgoingSyncProvider from authentik.lib.utils.reflection import class_to_path, path_to_class -from authentik.tasks.middleware import CurrentTask -from authentik.tasks.models import Task, TaskStatus class SyncTasks: @@ -38,35 +39,34 @@ class SyncTasks: super().__init__() self._provider_model = provider_model - def sync_paginator( - self, - provider_pk: int, - sync_objects: Actor, - paginator: Paginator, - object_type: type[User | Group], - **options, - ): - tasks = [] - for page in paginator.page_range: - page_sync = sync_objects.message_with_options( - args=(class_to_path(object_type), page, provider_pk), - time_limit=PAGE_TIMEOUT * 1000, - **options, - ) - tasks.append(page_sync) - return tasks + def sync_all(self, single_sync: Callable[[int], None]): + for provider in self._provider_model.objects.filter( + Q(backchannel_application__isnull=False) | Q(application__isnull=False) + ): + self.trigger_single_task(provider, single_sync) - def sync( + def trigger_single_task(self, provider: OutgoingSyncProvider, sync_task: Callable[[int], None]): + """Wrapper single sync task that correctly sets time limits based + on the amount of objects that will be synced""" + users_paginator = Paginator(provider.get_object_qs(User), PAGE_SIZE) + groups_paginator = Paginator(provider.get_object_qs(Group), PAGE_SIZE) + soft_time_limit = (users_paginator.num_pages + groups_paginator.num_pages) * PAGE_TIMEOUT + time_limit = soft_time_limit * 1.5 + return sync_task.apply_async( + (provider.pk,), time_limit=int(time_limit), soft_time_limit=int(soft_time_limit) + ) + + def sync_single( self, + task: SystemTask, provider_pk: int, - sync_objects: Actor, + sync_objects: Callable[[int, int], list[str]], ): - task: Task = CurrentTask.get_task() self.logger = get_logger().bind( provider_type=class_to_path(self._provider_model), provider_pk=provider_pk, ) - provider: OutgoingSyncProvider = self._provider_model.objects.filter( + provider = self._provider_model.objects.filter( Q(backchannel_application__isnull=False) | Q(application__isnull=False), pk=provider_pk, ).first() @@ -78,32 +78,50 @@ class SyncTasks: self.logger.debug("Starting provider sync") users_paginator = Paginator(provider.get_object_qs(User), PAGE_SIZE) groups_paginator = Paginator(provider.get_object_qs(Group), PAGE_SIZE) - with provider.sync_lock as lock_acquired: + with allow_join_result(), provider.sync_lock as lock_acquired: if not lock_acquired: self.logger.debug("Failed to acquire sync lock, skipping", provider=provider.name) return try: - tasks = group( - self.sync_paginator( - provider_pk=provider_pk, - sync_objects=sync_objects, - paginator=users_paginator, - object_type=User, - schedule_uid=task.schedule_uid, - ) - + self.sync_paginator( - provider_pk=provider_pk, - sync_objects=sync_objects, - paginator=groups_paginator, - object_type=Group, - schedule_uid=task.schedule_uid, + messages.append(_("Syncing users")) + user_results = ( + group( + [ + sync_objects.signature( + args=(class_to_path(User), page, provider_pk), + time_limit=PAGE_TIMEOUT, + soft_time_limit=PAGE_TIMEOUT, + ) + for page in users_paginator.page_range + ] ) + .apply_async() + .get() ) - tasks.run() - tasks.wait(timeout=provider.get_sync_time_limit() * 1000) + for result in user_results: + for msg in result: + messages.append(LogEvent(**msg)) + messages.append(_("Syncing groups")) + group_results = ( + group( + [ + sync_objects.signature( + args=(class_to_path(Group), page, provider_pk), + time_limit=PAGE_TIMEOUT, + soft_time_limit=PAGE_TIMEOUT, + ) + for page in groups_paginator.page_range + ] + ) + .apply_async() + .get() + ) + for result in group_results: + for msg in result: + messages.append(LogEvent(**msg)) except TransientSyncException as exc: self.logger.warning("transient sync exception", exc=exc) - raise Retry() from exc + raise task.retry(exc=exc) from exc except StopSync as exc: task.set_error(exc) return @@ -118,9 +136,7 @@ class SyncTasks: provider_pk=provider_pk, object_type=object_type, ) - messages = [ - f"Syncing page {page} of {_object_type._meta.verbose_name_plural}", - ] + messages = [] provider = self._provider_model.objects.filter(pk=provider_pk).first() if not provider: return messages @@ -137,6 +153,15 @@ class SyncTasks: self.logger.debug("starting discover") client.discover() self.logger.debug("starting sync for page", page=page) + messages.append( + asdict( + LogEvent( + _("Syncing page {page} of groups".format(page=page)), + log_level="info", + logger=f"{provider._meta.verbose_name}@{object_type}", + ) + ) + ) for obj in paginator.page(page).object_list: obj: Model try: diff --git a/authentik/providers/scim/clients/groups.py b/authentik/providers/scim/clients/groups.py index cf403d1f59..0a2f03caac 100644 --- a/authentik/providers/scim/clients/groups.py +++ b/authentik/providers/scim/clients/groups.py @@ -47,15 +47,16 @@ class SCIMGroupClient(SCIMClient[Group, SCIMProviderGroup, SCIMGroupSchema]): def to_schema(self, obj: Group, connection: SCIMProviderGroup) -> SCIMGroupSchema: """Convert authentik user into SCIM""" - raw_scim_group = super().to_schema( - obj, - connection, - schemas=(SCIM_GROUP_SCHEMA,), - ) + raw_scim_group = super().to_schema(obj, connection) try: scim_group = SCIMGroupSchema.model_validate(delete_none_values(raw_scim_group)) except ValidationError as exc: raise StopSync(exc, obj) from exc + if SCIM_GROUP_SCHEMA not in scim_group.schemas: + scim_group.schemas.insert(0, SCIM_GROUP_SCHEMA) + # As this might be unset, we need to tell pydantic it's set so ensure the schemas + # are included, even if its just the defaults + scim_group.schemas = list(scim_group.schemas) if not scim_group.externalId: scim_group.externalId = str(obj.pk) diff --git a/authentik/providers/scim/clients/users.py b/authentik/providers/scim/clients/users.py index 579d4c8381..2334f26ec1 100644 --- a/authentik/providers/scim/clients/users.py +++ b/authentik/providers/scim/clients/users.py @@ -31,15 +31,16 @@ class SCIMUserClient(SCIMClient[User, SCIMProviderUser, SCIMUserSchema]): def to_schema(self, obj: User, connection: SCIMProviderUser) -> SCIMUserSchema: """Convert authentik user into SCIM""" - raw_scim_user = super().to_schema( - obj, - connection, - schemas=(SCIM_USER_SCHEMA,), - ) + raw_scim_user = super().to_schema(obj, connection) try: scim_user = SCIMUserSchema.model_validate(delete_none_values(raw_scim_user)) except ValidationError as exc: raise StopSync(exc, obj) from exc + if SCIM_USER_SCHEMA not in scim_user.schemas: + scim_user.schemas.insert(0, SCIM_USER_SCHEMA) + # As this might be unset, we need to tell pydantic it's set so ensure the schemas + # are included, even if its just the defaults + scim_user.schemas = list(scim_user.schemas) if not scim_user.externalId: scim_user.externalId = str(obj.uid) return scim_user diff --git a/authentik/providers/scim/tests/test_user.py b/authentik/providers/scim/tests/test_user.py index 61f902d05e..2f32b68857 100644 --- a/authentik/providers/scim/tests/test_user.py +++ b/authentik/providers/scim/tests/test_user.py @@ -3,14 +3,17 @@ from json import loads from django.test import TestCase +from django.utils.text import slugify from jsonschema import validate from requests_mock import Mocker from authentik.blueprints.tests import apply_blueprint from authentik.core.models import Application, Group, User +from authentik.events.models import SystemTask from authentik.lib.generators import generate_id from authentik.lib.sync.outgoing.base import SAFE_METHODS from authentik.providers.scim.models import SCIMMapping, SCIMProvider +from authentik.providers.scim.tasks import scim_sync, sync_tasks from authentik.tenants.models import Tenant @@ -88,6 +91,57 @@ class SCIMUserTests(TestCase): }, ) + @Mocker() + def test_user_create_custom_schema(self, mock: Mocker): + """Test user creation with custom schema""" + schema = SCIMMapping.objects.create( + name="custom_schema", + expression="""return {"schemas": ["foo"]}""", + ) + self.provider.property_mappings.add(schema) + scim_id = generate_id() + mock.get( + "https://localhost/ServiceProviderConfig", + json={}, + ) + mock.post( + "https://localhost/Users", + json={ + "id": scim_id, + }, + ) + uid = generate_id() + user = User.objects.create( + username=uid, + name=f"{uid} {uid}", + email=f"{uid}@goauthentik.io", + ) + self.assertEqual(mock.call_count, 2) + self.assertEqual(mock.request_history[0].method, "GET") + self.assertEqual(mock.request_history[1].method, "POST") + self.assertJSONEqual( + mock.request_history[1].body, + { + "schemas": ["urn:ietf:params:scim:schemas:core:2.0:User", "foo"], + "active": True, + "emails": [ + { + "primary": True, + "type": "other", + "value": f"{uid}@goauthentik.io", + } + ], + "externalId": user.uid, + "name": { + "familyName": uid, + "formatted": f"{uid} {uid}", + "givenName": uid, + }, + "displayName": f"{uid} {uid}", + "userName": uid, + }, + ) + @Mocker() def test_user_create_different_provider_same_id(self, mock: Mocker): """Test user creation with multiple providers that happen @@ -158,6 +212,7 @@ class SCIMUserTests(TestCase): def test_user_create_update(self, mock: Mocker): """Test user creation and update""" scim_id = generate_id() + mock: Mocker mock.get( "https://localhost/ServiceProviderConfig", json={}, @@ -301,8 +356,7 @@ class SCIMUserTests(TestCase): email=f"{uid}@goauthentik.io", ) - for schedule in self.provider.schedules.all(): - schedule.send().get_result() + sync_tasks.trigger_single_task(self.provider, scim_sync).get() self.assertEqual(mock.call_count, 5) self.assertEqual(mock.request_history[0].method, "GET") @@ -374,17 +428,15 @@ class SCIMUserTests(TestCase): email=f"{uid}@goauthentik.io", ) - for schedule in self.provider.schedules.all(): - schedule.send().get_result() + sync_tasks.trigger_single_task(self.provider, scim_sync).get() self.assertEqual(mock.call_count, 3) for request in mock.request_history: self.assertIn(request.method, SAFE_METHODS) - # TODO: fixme - # task = SystemTask.objects.filter(uid=slugify(self.provider.name)).first() - # self.assertIsNotNone(task) - # drop_msg = task.messages[2] - # self.assertEqual(drop_msg["event"], "Dropping mutating request due to dry run") - # self.assertIsNotNone(drop_msg["attributes"]["url"]) - # self.assertIsNotNone(drop_msg["attributes"]["body"]) - # self.assertIsNotNone(drop_msg["attributes"]["method"]) + task = SystemTask.objects.filter(uid=slugify(self.provider.name)).first() + self.assertIsNotNone(task) + drop_msg = task.messages[3] + self.assertEqual(drop_msg["event"], "Dropping mutating request due to dry run") + self.assertIsNotNone(drop_msg["attributes"]["url"]) + self.assertIsNotNone(drop_msg["attributes"]["body"]) + self.assertIsNotNone(drop_msg["attributes"]["method"]) diff --git a/authentik/root/settings.py b/authentik/root/settings.py index 1eeabebf60..e8fbe7af42 100644 --- a/authentik/root/settings.py +++ b/authentik/root/settings.py @@ -415,7 +415,7 @@ else: "BACKEND": "authentik.root.storages.FileStorage", "OPTIONS": { "location": Path(CONFIG.get("storage.media.file.path")), - "base_url": "/media/", + "base_url": CONFIG.get("web.path", "/") + "media/", }, } # Compatibility for apps not supporting top-level STORAGES diff --git a/authentik/root/test_runner.py b/authentik/root/test_runner.py index 20779d30c4..b5c9a72ef9 100644 --- a/authentik/root/test_runner.py +++ b/authentik/root/test_runner.py @@ -32,6 +32,8 @@ class PytestTestRunner(DiscoverRunner): # pragma: no cover if kwargs.get("randomly_seed", None): self.args.append(f"--randomly-seed={kwargs['randomly_seed']}") + if kwargs.get("no_capture", False): + self.args.append("--capture=no") settings.TEST = True settings.CELERY["task_always_eager"] = True @@ -67,6 +69,11 @@ class PytestTestRunner(DiscoverRunner): # pragma: no cover "Default behaviour: use random.Random().getrandbits(32), so the seed is" "different on each run.", ) + parser.add_argument( + "--no-capture", + action="store_true", + help="Disable any capturing of stdout/stderr during tests.", + ) def run_tests(self, test_labels, extra_tests=None, **kwargs): """Run pytest and return the exitcode. diff --git a/authentik/sources/ldap/api.py b/authentik/sources/ldap/api.py index 167bb2059a..b453b80552 100644 --- a/authentik/sources/ldap/api.py +++ b/authentik/sources/ldap/api.py @@ -103,6 +103,7 @@ class LDAPSourceSerializer(SourceSerializer): "user_object_filter", "group_object_filter", "group_membership_field", + "user_membership_attribute", "object_uniqueness_field", "password_login_update_internal_password", "sync_users", @@ -111,6 +112,7 @@ class LDAPSourceSerializer(SourceSerializer): "sync_parent_group", "connectivity", "lookup_groups_from_user", + "delete_not_found_objects", ] extra_kwargs = {"bind_password": {"write_only": True}} @@ -138,6 +140,7 @@ class LDAPSourceViewSet(UsedByMixin, ModelViewSet): "user_object_filter", "group_object_filter", "group_membership_field", + "user_membership_attribute", "object_uniqueness_field", "password_login_update_internal_password", "sync_users", @@ -147,6 +150,7 @@ class LDAPSourceViewSet(UsedByMixin, ModelViewSet): "user_property_mappings", "group_property_mappings", "lookup_groups_from_user", + "delete_not_found_objects", ] search_fields = ["name", "slug"] ordering = ["name"] diff --git a/authentik/sources/ldap/migrations/0009_groupldapsourceconnection_validated_by_and_more.py b/authentik/sources/ldap/migrations/0009_groupldapsourceconnection_validated_by_and_more.py new file mode 100644 index 0000000000..5f02ad4a95 --- /dev/null +++ b/authentik/sources/ldap/migrations/0009_groupldapsourceconnection_validated_by_and_more.py @@ -0,0 +1,48 @@ +# Generated by Django 5.1.9 on 2025-05-28 08:15 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ("authentik_core", "0048_delete_oldauthenticatedsession_content_type"), + ("authentik_sources_ldap", "0008_groupldapsourceconnection_userldapsourceconnection"), + ] + + operations = [ + migrations.AddField( + model_name="groupldapsourceconnection", + name="validated_by", + field=models.UUIDField( + blank=True, + help_text="Unique ID used while checking if this object still exists in the directory.", + null=True, + ), + ), + migrations.AddField( + model_name="ldapsource", + name="delete_not_found_objects", + field=models.BooleanField( + default=False, + help_text="Delete authentik users and groups which were previously supplied by this source, but are now missing from it.", + ), + ), + migrations.AddField( + model_name="userldapsourceconnection", + name="validated_by", + field=models.UUIDField( + blank=True, + help_text="Unique ID used while checking if this object still exists in the directory.", + null=True, + ), + ), + migrations.AddIndex( + model_name="groupldapsourceconnection", + index=models.Index(fields=["validated_by"], name="authentik_s_validat_b70447_idx"), + ), + migrations.AddIndex( + model_name="userldapsourceconnection", + index=models.Index(fields=["validated_by"], name="authentik_s_validat_ff2ebc_idx"), + ), + ] diff --git a/authentik/sources/ldap/migrations/0010_ldapsource_user_membership_attribute.py b/authentik/sources/ldap/migrations/0010_ldapsource_user_membership_attribute.py new file mode 100644 index 0000000000..d498f0cf39 --- /dev/null +++ b/authentik/sources/ldap/migrations/0010_ldapsource_user_membership_attribute.py @@ -0,0 +1,32 @@ +# Generated by Django 5.1.9 on 2025-05-29 11:22 + +from django.apps.registry import Apps +from django.db import migrations, models +from django.db.backends.base.schema import BaseDatabaseSchemaEditor + + +def set_user_membership_attribute(apps: Apps, schema_editor: BaseDatabaseSchemaEditor): + LDAPSource = apps.get_model("authentik_sources_ldap", "LDAPSource") + db_alias = schema_editor.connection.alias + + LDAPSource.objects.using(db_alias).filter(group_membership_field="memberUid").all().update( + user_membership_attribute="ldap_uniq" + ) + + +class Migration(migrations.Migration): + dependencies = [ + ("authentik_sources_ldap", "0009_groupldapsourceconnection_validated_by_and_more"), + ] + + operations = [ + migrations.AddField( + model_name="ldapsource", + name="user_membership_attribute", + field=models.TextField( + default="distinguishedName", + help_text="Attribute which matches the value of `group_membership_field`.", + ), + ), + migrations.RunPython(set_user_membership_attribute, migrations.RunPython.noop), + ] diff --git a/authentik/sources/ldap/models.py b/authentik/sources/ldap/models.py index 325ccbdf85..f051cb9f3c 100644 --- a/authentik/sources/ldap/models.py +++ b/authentik/sources/ldap/models.py @@ -103,6 +103,10 @@ class LDAPSource(ScheduledModel, Source): default="(objectClass=person)", help_text=_("Consider Objects matching this filter to be Users."), ) + user_membership_attribute = models.TextField( + default=LDAP_DISTINGUISHED_NAME, + help_text=_("Attribute which matches the value of `group_membership_field`."), + ) group_membership_field = models.TextField( default="member", help_text=_("Field which contains members of a group.") ) @@ -140,6 +144,14 @@ class LDAPSource(ScheduledModel, Source): ), ) + delete_not_found_objects = models.BooleanField( + default=False, + help_text=_( + "Delete authentik users and groups which were previously supplied by this source, " + "but are now missing from it." + ), + ) + @property def component(self) -> str: return "ak-source-ldap-form" @@ -343,6 +355,12 @@ class LDAPSourcePropertyMapping(PropertyMapping): class UserLDAPSourceConnection(UserSourceConnection): + validated_by = models.UUIDField( + null=True, + blank=True, + help_text=_("Unique ID used while checking if this object still exists in the directory."), + ) + @property def serializer(self) -> type[Serializer]: from authentik.sources.ldap.api import ( @@ -354,9 +372,18 @@ class UserLDAPSourceConnection(UserSourceConnection): class Meta: verbose_name = _("User LDAP Source Connection") verbose_name_plural = _("User LDAP Source Connections") + indexes = [ + models.Index(fields=["validated_by"]), + ] class GroupLDAPSourceConnection(GroupSourceConnection): + validated_by = models.UUIDField( + null=True, + blank=True, + help_text=_("Unique ID used while checking if this object still exists in the directory."), + ) + @property def serializer(self) -> type[Serializer]: from authentik.sources.ldap.api import ( @@ -368,3 +395,6 @@ class GroupLDAPSourceConnection(GroupSourceConnection): class Meta: verbose_name = _("Group LDAP Source Connection") verbose_name_plural = _("Group LDAP Source Connections") + indexes = [ + models.Index(fields=["validated_by"]), + ] diff --git a/authentik/sources/ldap/sync/base.py b/authentik/sources/ldap/sync/base.py index 5fa7d699bf..3d2498b41b 100644 --- a/authentik/sources/ldap/sync/base.py +++ b/authentik/sources/ldap/sync/base.py @@ -9,7 +9,7 @@ from structlog.stdlib import BoundLogger, get_logger from authentik.core.sources.mapper import SourceMapper from authentik.lib.config import CONFIG from authentik.lib.sync.mapper import PropertyMappingManager -from authentik.sources.ldap.models import LDAPSource +from authentik.sources.ldap.models import LDAPSource, flatten class BaseLDAPSynchronizer: @@ -77,6 +77,16 @@ class BaseLDAPSynchronizer: """Get objects from LDAP, implemented in subclass""" raise NotImplementedError() + def get_attributes(self, object): + if "attributes" not in object: + return + return object.get("attributes", {}) + + def get_identifier(self, attributes: dict): + if not attributes.get(self._source.object_uniqueness_field): + return + return flatten(attributes[self._source.object_uniqueness_field]) + def search_paginator( # noqa: PLR0913 self, search_base, diff --git a/authentik/sources/ldap/sync/forward_delete_groups.py b/authentik/sources/ldap/sync/forward_delete_groups.py new file mode 100644 index 0000000000..875601162d --- /dev/null +++ b/authentik/sources/ldap/sync/forward_delete_groups.py @@ -0,0 +1,61 @@ +from collections.abc import Generator +from itertools import batched +from uuid import uuid4 + +from ldap3 import SUBTREE + +from authentik.core.models import Group +from authentik.sources.ldap.models import GroupLDAPSourceConnection +from authentik.sources.ldap.sync.base import BaseLDAPSynchronizer +from authentik.sources.ldap.sync.forward_delete_users import DELETE_CHUNK_SIZE, UPDATE_CHUNK_SIZE + + +class GroupLDAPForwardDeletion(BaseLDAPSynchronizer): + """Delete LDAP Groups from authentik""" + + @staticmethod + def name() -> str: + return "group_deletions" + + def get_objects(self, **kwargs) -> Generator: + if not self._source.sync_groups or not self._source.delete_not_found_objects: + self.message("Group syncing is disabled for this Source") + return iter(()) + + uuid = uuid4() + groups = self._source.connection().extend.standard.paged_search( + search_base=self.base_dn_groups, + search_filter=self._source.group_object_filter, + search_scope=SUBTREE, + attributes=[self._source.object_uniqueness_field], + generator=True, + **kwargs, + ) + for batch in batched(groups, UPDATE_CHUNK_SIZE, strict=False): + identifiers = [] + for group in batch: + if not (attributes := self.get_attributes(group)): + continue + if identifier := self.get_identifier(attributes): + identifiers.append(identifier) + GroupLDAPSourceConnection.objects.filter(identifier__in=identifiers).update( + validated_by=uuid + ) + + return batched( + GroupLDAPSourceConnection.objects.filter(source=self._source) + .exclude(validated_by=uuid) + .values_list("group", flat=True) + .iterator(chunk_size=DELETE_CHUNK_SIZE), + DELETE_CHUNK_SIZE, + strict=False, + ) + + def sync(self, group_pks: tuple) -> int: + """Delete authentik groups""" + if not self._source.sync_groups or not self._source.delete_not_found_objects: + self.message("Group syncing is disabled for this Source") + return -1 + self._logger.debug("Deleting groups", group_pks=group_pks) + _, deleted_per_type = Group.objects.filter(pk__in=group_pks).delete() + return deleted_per_type.get(Group._meta.label, 0) diff --git a/authentik/sources/ldap/sync/forward_delete_users.py b/authentik/sources/ldap/sync/forward_delete_users.py new file mode 100644 index 0000000000..2ea81cc735 --- /dev/null +++ b/authentik/sources/ldap/sync/forward_delete_users.py @@ -0,0 +1,63 @@ +from collections.abc import Generator +from itertools import batched +from uuid import uuid4 + +from ldap3 import SUBTREE + +from authentik.core.models import User +from authentik.sources.ldap.models import UserLDAPSourceConnection +from authentik.sources.ldap.sync.base import BaseLDAPSynchronizer + +UPDATE_CHUNK_SIZE = 10_000 +DELETE_CHUNK_SIZE = 50 + + +class UserLDAPForwardDeletion(BaseLDAPSynchronizer): + """Delete LDAP Users from authentik""" + + @staticmethod + def name() -> str: + return "user_deletions" + + def get_objects(self, **kwargs) -> Generator: + if not self._source.sync_users or not self._source.delete_not_found_objects: + self.message("User syncing is disabled for this Source") + return iter(()) + + uuid = uuid4() + users = self._source.connection().extend.standard.paged_search( + search_base=self.base_dn_users, + search_filter=self._source.user_object_filter, + search_scope=SUBTREE, + attributes=[self._source.object_uniqueness_field], + generator=True, + **kwargs, + ) + for batch in batched(users, UPDATE_CHUNK_SIZE, strict=False): + identifiers = [] + for user in batch: + if not (attributes := self.get_attributes(user)): + continue + if identifier := self.get_identifier(attributes): + identifiers.append(identifier) + UserLDAPSourceConnection.objects.filter(identifier__in=identifiers).update( + validated_by=uuid + ) + + return batched( + UserLDAPSourceConnection.objects.filter(source=self._source) + .exclude(validated_by=uuid) + .values_list("user", flat=True) + .iterator(chunk_size=DELETE_CHUNK_SIZE), + DELETE_CHUNK_SIZE, + strict=False, + ) + + def sync(self, user_pks: tuple) -> int: + """Delete authentik users""" + if not self._source.sync_users or not self._source.delete_not_found_objects: + self.message("User syncing is disabled for this Source") + return -1 + self._logger.debug("Deleting users", user_pks=user_pks) + _, deleted_per_type = User.objects.filter(pk__in=user_pks).delete() + return deleted_per_type.get(User._meta.label, 0) diff --git a/authentik/sources/ldap/sync/groups.py b/authentik/sources/ldap/sync/groups.py index 1562d43247..3119b7905d 100644 --- a/authentik/sources/ldap/sync/groups.py +++ b/authentik/sources/ldap/sync/groups.py @@ -58,18 +58,16 @@ class GroupLDAPSynchronizer(BaseLDAPSynchronizer): return -1 group_count = 0 for group in page_data: - if "attributes" not in group: + if (attributes := self.get_attributes(group)) is None: continue - attributes = group.get("attributes", {}) group_dn = flatten(flatten(group.get("entryDN", group.get("dn")))) - if not attributes.get(self._source.object_uniqueness_field): + if not (uniq := self.get_identifier(attributes)): self.message( f"Uniqueness field not found/not set in attributes: '{group_dn}'", attributes=attributes.keys(), dn=group_dn, ) continue - uniq = flatten(attributes[self._source.object_uniqueness_field]) try: defaults = { k: flatten(v) diff --git a/authentik/sources/ldap/sync/membership.py b/authentik/sources/ldap/sync/membership.py index cbeaacbdd1..277cd90ea9 100644 --- a/authentik/sources/ldap/sync/membership.py +++ b/authentik/sources/ldap/sync/membership.py @@ -63,25 +63,19 @@ class MembershipLDAPSynchronizer(BaseLDAPSynchronizer): group_member_dn = group_member.get("dn", {}) members.append(group_member_dn) else: - if "attributes" not in group: + if (attributes := self.get_attributes(group)) is None: continue - members = group.get("attributes", {}).get(self._source.group_membership_field, []) + members = attributes.get(self._source.group_membership_field, []) ak_group = self.get_group(group) if not ak_group: continue - membership_mapping_attribute = LDAP_DISTINGUISHED_NAME - if self._source.group_membership_field == "memberUid": - # If memberships are based on the posixGroup's 'memberUid' - # attribute we use the RDN instead of the FDN to lookup members. - membership_mapping_attribute = LDAP_UNIQUENESS - users = User.objects.filter( - Q(**{f"attributes__{membership_mapping_attribute}__in": members}) + Q(**{f"attributes__{self._source.user_membership_attribute}__in": members}) | Q( **{ - f"attributes__{membership_mapping_attribute}__isnull": True, + f"attributes__{self._source.user_membership_attribute}__isnull": True, "ak_groups__in": [ak_group], } ) diff --git a/authentik/sources/ldap/sync/users.py b/authentik/sources/ldap/sync/users.py index 6bdf66b610..f936b04b0b 100644 --- a/authentik/sources/ldap/sync/users.py +++ b/authentik/sources/ldap/sync/users.py @@ -60,18 +60,16 @@ class UserLDAPSynchronizer(BaseLDAPSynchronizer): return -1 user_count = 0 for user in page_data: - if "attributes" not in user: + if (attributes := self.get_attributes(user)) is None: continue - attributes = user.get("attributes", {}) user_dn = flatten(user.get("entryDN", user.get("dn"))) - if not attributes.get(self._source.object_uniqueness_field): + if not (uniq := self.get_identifier(attributes)): self.message( f"Uniqueness field not found/not set in attributes: '{user_dn}'", attributes=attributes.keys(), dn=user_dn, ) continue - uniq = flatten(attributes[self._source.object_uniqueness_field]) try: defaults = { k: flatten(v) diff --git a/authentik/sources/ldap/tasks.py b/authentik/sources/ldap/tasks.py index 2445afe99f..3851780405 100644 --- a/authentik/sources/ldap/tasks.py +++ b/authentik/sources/ldap/tasks.py @@ -2,23 +2,26 @@ from uuid import uuid4 +from celery import chain, group from django.core.cache import cache -from dramatiq.actor import actor -from dramatiq.composition import group from ldap3.core.exceptions import LDAPException from structlog.stdlib import get_logger +from authentik.events.models import SystemTask as DBSystemTask +from authentik.events.models import TaskStatus +from authentik.events.system_tasks import SystemTask from authentik.lib.config import CONFIG from authentik.lib.sync.outgoing.exceptions import StopSync from authentik.lib.utils.errors import exception_to_string from authentik.lib.utils.reflection import class_to_path, path_to_class +from authentik.root.celery import CELERY_APP from authentik.sources.ldap.models import LDAPSource from authentik.sources.ldap.sync.base import BaseLDAPSynchronizer +from authentik.sources.ldap.sync.forward_delete_groups import GroupLDAPForwardDeletion +from authentik.sources.ldap.sync.forward_delete_users import UserLDAPForwardDeletion from authentik.sources.ldap.sync.groups import GroupLDAPSynchronizer from authentik.sources.ldap.sync.membership import MembershipLDAPSynchronizer from authentik.sources.ldap.sync.users import UserLDAPSynchronizer -from authentik.tasks.middleware import CurrentTask -from authentik.tasks.models import Task, TaskStatus LOGGER = get_logger() SYNC_CLASSES = [ @@ -30,87 +33,102 @@ CACHE_KEY_PREFIX = "goauthentik.io/sources/ldap/page/" CACHE_KEY_STATUS = "goauthentik.io/sources/ldap/status/" -@actor -def ldap_connectivity_check(source_pk: str): +@CELERY_APP.task() +def ldap_sync_all(): + """Sync all sources""" + for source in LDAPSource.objects.filter(enabled=True): + ldap_sync_single.apply_async(args=[str(source.pk)]) + + +@CELERY_APP.task() +def ldap_connectivity_check(pk: str | None = None): """Check connectivity for LDAP Sources""" # 2 hour timeout, this task should run every hour timeout = 60 * 60 * 2 - source = LDAPSource.objects.filter(enabled=True, pk=source_pk).first() - if not source: - return - status = source.check_connection() - cache.set(CACHE_KEY_STATUS + source.slug, status, timeout=timeout) + sources = LDAPSource.objects.filter(enabled=True) + if pk: + sources = sources.filter(pk=pk) + for source in sources: + status = source.check_connection() + cache.set(CACHE_KEY_STATUS + source.slug, status, timeout=timeout) -# We take the configured hours timeout time by 2.5 as we run user and -# group in parallel and then membership, so 2x is to cover the serial tasks, -# and 0.5x on top of that to give some more leeway -@actor(time_limit=(60 * 60 * CONFIG.get_int("ldap.task_timeout_hours")) * 2.5 * 1000) -def ldap_sync(source_pk: str): +@CELERY_APP.task( + # We take the configured hours timeout time by 3.5 as we run user and + # group in parallel and then membership, then deletions, so 3x is to cover the serial tasks, + # and 0.5x on top of that to give some more leeway + soft_time_limit=(60 * 60 * CONFIG.get_int("ldap.task_timeout_hours")) * 3.5, + task_time_limit=(60 * 60 * CONFIG.get_int("ldap.task_timeout_hours")) * 3.5, +) +def ldap_sync_single(source_pk: str): """Sync a single source""" - self: Task = CurrentTask.get_task() source: LDAPSource = LDAPSource.objects.filter(pk=source_pk).first() if not source: return - # Don't sync sources when they don't have any property mappings. This will only happen if: - # - the user forgets to set them or - # - the source is newly created, the mappings are save a bit later, which might cause invalid - # data - if source.sync_users and not source.user_property_mappings.exists(): - # TODO: add to task messages - LOGGER.warning( - "LDAP source has user sync enabled but does not have user property mappings configured, not syncing", # noqa: E501 - source=source.slug, - ) - return - if source.sync_groups and not source.group_property_mappings.exists(): - # TODO: add to task messages - LOGGER.warning( - "LDAP source has group sync enabled but does not have group property mappings configured, not syncing", # noqa: E501 - source=source.slug, - ) - return with source.sync_lock as lock_acquired: if not lock_acquired: LOGGER.debug("Failed to acquire lock for LDAP sync, skipping task", source=source.slug) return - # User and group sync can happen at once, they have no dependencies on each other - task_users_group = group( - ldap_sync_paginator(source, UserLDAPSynchronizer, schedule_uid=self.schedule_uid) - + ldap_sync_paginator(source, GroupLDAPSynchronizer, schedule_uid=self.schedule_uid), + # Delete all sync tasks from the cache + DBSystemTask.objects.filter(name="ldap_sync", uid__startswith=source.slug).delete() + task = chain( + # User and group sync can happen at once, they have no dependencies on each other + group( + ldap_sync_paginator(source, UserLDAPSynchronizer) + + ldap_sync_paginator(source, GroupLDAPSynchronizer), + ), + # Membership sync needs to run afterwards + group( + ldap_sync_paginator(source, MembershipLDAPSynchronizer), + ), + # Finally, deletions. What we'd really like to do here is something like + # ``` + # user_identifiers = + # User.objects.exclude( + # usersourceconnection__identifier__in=user_uniqueness_identifiers, + # ).delete() + # ``` + # This runs into performance issues in large installations. So instead we spread the + # work out into three steps: + # 1. Get every object from the LDAP source. + # 2. Mark every object as "safe" in the database. This is quick, but any error could + # mean deleting users which should not be deleted, so we do it immediately, in + # large chunks, and only queue the deletion step afterwards. + # 3. Delete every unmarked item. This is slow, so we spread it over many tasks in + # small chunks. + group( + ldap_sync_paginator(source, UserLDAPForwardDeletion) + + ldap_sync_paginator(source, GroupLDAPForwardDeletion), + ), ) - task_users_group.run() - task_users_group.wait(timeout=60 * 60 * CONFIG.get_int("ldap.task_timeout_hours") * 1000) - # Membership sync needs to run afterwards - task_membership = group( - ldap_sync_paginator(source, MembershipLDAPSynchronizer, schedule_uid=self.schedule_uid), - ) - task_membership.run() - task_membership.wait(timeout=60 * 60 * CONFIG.get_int("ldap.task_timeout_hours") * 1000) + task() -def ldap_sync_paginator(source: LDAPSource, sync: type[BaseLDAPSynchronizer], **options) -> list: +def ldap_sync_paginator(source: LDAPSource, sync: type[BaseLDAPSynchronizer]) -> list: """Return a list of task signatures with LDAP pagination data""" sync_inst: BaseLDAPSynchronizer = sync(source) - tasks = [] + signatures = [] for page in sync_inst.get_objects(): page_cache_key = CACHE_KEY_PREFIX + str(uuid4()) cache.set(page_cache_key, page, 60 * 60 * CONFIG.get_int("ldap.task_timeout_hours")) - page_sync = ldap_sync_page.message_with_options( - args=(source.pk, class_to_path(sync), page_cache_key), - **options, - ) - tasks.append(page_sync) - return tasks + page_sync = ldap_sync.si(str(source.pk), class_to_path(sync), page_cache_key) + signatures.append(page_sync) + return signatures -@actor(time_limit=60 * 60 * CONFIG.get_int("ldap.task_timeout_hours") * 1000) -def ldap_sync_page(source_pk: str, sync_class: str, page_cache_key: str): +@CELERY_APP.task( + bind=True, + base=SystemTask, + soft_time_limit=60 * 60 * CONFIG.get_int("ldap.task_timeout_hours"), + task_time_limit=60 * 60 * CONFIG.get_int("ldap.task_timeout_hours"), +) +def ldap_sync(self: SystemTask, source_pk: str, sync_class: str, page_cache_key: str): """Synchronization of an LDAP Source""" - self: Task = CurrentTask.get_task() - # self.result_timeout_hours = CONFIG.get_int("ldap.task_timeout_hours") + self.result_timeout_hours = CONFIG.get_int("ldap.task_timeout_hours") source: LDAPSource = LDAPSource.objects.filter(pk=source_pk).first() if not source: + # Because the source couldn't be found, we don't have a UID + # to set the state with return sync: type[BaseLDAPSynchronizer] = path_to_class(sync_class) uid = page_cache_key.replace(CACHE_KEY_PREFIX, "") diff --git a/authentik/sources/ldap/tests/mock_slapd.py b/authentik/sources/ldap/tests/mock_slapd.py index 957b7fbdca..4d8790d57b 100644 --- a/authentik/sources/ldap/tests/mock_slapd.py +++ b/authentik/sources/ldap/tests/mock_slapd.py @@ -2,6 +2,33 @@ from ldap3 import MOCK_SYNC, OFFLINE_SLAPD_2_4, Connection, Server +# The mock modifies these in place, so we have to define them per string +user_in_slapd_dn = "cn=user_in_slapd_cn,ou=users,dc=goauthentik,dc=io" +user_in_slapd_cn = "user_in_slapd_cn" +user_in_slapd_uid = "user_in_slapd_uid" +user_in_slapd_object_class = "person" +user_in_slapd = { + "dn": user_in_slapd_dn, + "attributes": { + "cn": user_in_slapd_cn, + "uid": user_in_slapd_uid, + "objectClass": user_in_slapd_object_class, + }, +} +group_in_slapd_dn = "cn=user_in_slapd_cn,ou=groups,dc=goauthentik,dc=io" +group_in_slapd_cn = "group_in_slapd_cn" +group_in_slapd_uid = "group_in_slapd_uid" +group_in_slapd_object_class = "groupOfNames" +group_in_slapd = { + "dn": group_in_slapd_dn, + "attributes": { + "cn": group_in_slapd_cn, + "uid": group_in_slapd_uid, + "objectClass": group_in_slapd_object_class, + "member": [user_in_slapd["dn"]], + }, +} + def mock_slapd_connection(password: str) -> Connection: """Create mock SLAPD connection""" @@ -96,5 +123,14 @@ def mock_slapd_connection(password: str) -> Connection: "objectClass": "posixAccount", }, ) + # Known user and group + connection.strategy.add_entry( + user_in_slapd["dn"], + user_in_slapd["attributes"], + ) + connection.strategy.add_entry( + group_in_slapd["dn"], + group_in_slapd["attributes"], + ) connection.bind() return connection diff --git a/authentik/sources/ldap/tests/test_sync.py b/authentik/sources/ldap/tests/test_sync.py index 8b3c4959a1..a6b3659360 100644 --- a/authentik/sources/ldap/tests/test_sync.py +++ b/authentik/sources/ldap/tests/test_sync.py @@ -8,15 +8,31 @@ from django.test import TestCase from authentik.blueprints.tests import apply_blueprint from authentik.core.models import Group, User from authentik.core.tests.utils import create_test_admin_user -from authentik.events.models import Event, EventAction +from authentik.events.models import Event, EventAction, SystemTask +from authentik.events.system_tasks import TaskStatus from authentik.lib.generators import generate_id, generate_key from authentik.lib.sync.outgoing.exceptions import StopSync -from authentik.sources.ldap.models import LDAPSource, LDAPSourcePropertyMapping +from authentik.lib.utils.reflection import class_to_path +from authentik.sources.ldap.models import ( + GroupLDAPSourceConnection, + LDAPSource, + LDAPSourcePropertyMapping, + UserLDAPSourceConnection, +) +from authentik.sources.ldap.sync.forward_delete_users import DELETE_CHUNK_SIZE +from authentik.sources.ldap.sync.groups import GroupLDAPSynchronizer +from authentik.sources.ldap.sync.membership import MembershipLDAPSynchronizer from authentik.sources.ldap.sync.users import UserLDAPSynchronizer -from authentik.sources.ldap.tasks import ldap_sync +from authentik.sources.ldap.tasks import ldap_sync, ldap_sync_all from authentik.sources.ldap.tests.mock_ad import mock_ad_connection from authentik.sources.ldap.tests.mock_freeipa import mock_freeipa_connection -from authentik.sources.ldap.tests.mock_slapd import mock_slapd_connection +from authentik.sources.ldap.tests.mock_slapd import ( + group_in_slapd_cn, + group_in_slapd_uid, + mock_slapd_connection, + user_in_slapd_cn, + user_in_slapd_uid, +) LDAP_PASSWORD = generate_key() @@ -34,14 +50,13 @@ class LDAPSyncTests(TestCase): additional_group_dn="ou=groups", ) - # TODO: fix me - # def test_sync_missing_page(self): - # """Test sync with missing page""" - # connection = MagicMock(return_value=mock_ad_connection(LDAP_PASSWORD)) - # with patch("authentik.sources.ldap.models.LDAPSource.connection", connection): - # ldap_sync_page.send(str(self.source.pk), class_to_path(UserLDAPSynchronizer), "foo") - # task = SystemTask.objects.filter(name="ldap_sync", uid="ldap:users:foo").first() - # self.assertEqual(task.status, TaskStatus.ERROR) + def test_sync_missing_page(self): + """Test sync with missing page""" + connection = MagicMock(return_value=mock_ad_connection(LDAP_PASSWORD)) + with patch("authentik.sources.ldap.models.LDAPSource.connection", connection): + ldap_sync.delay(str(self.source.pk), class_to_path(UserLDAPSynchronizer), "foo").get() + task = SystemTask.objects.filter(name="ldap_sync", uid="ldap:users:foo").first() + self.assertEqual(task.status, TaskStatus.ERROR) def test_sync_error(self): """Test user sync""" @@ -56,9 +71,9 @@ class LDAPSyncTests(TestCase): expression="q", ) self.source.user_property_mappings.set([mapping]) + self.source.save() connection = MagicMock(return_value=mock_ad_connection(LDAP_PASSWORD)) with patch("authentik.sources.ldap.models.LDAPSource.connection", connection): - self.source.save() user_sync = UserLDAPSynchronizer(self.source) with self.assertRaises(StopSync): user_sync.sync_full() @@ -214,8 +229,11 @@ class LDAPSyncTests(TestCase): _user = create_test_admin_user() parent_group = Group.objects.get(name=_user.username) self.source.sync_parent_group = parent_group - # Sync is run on save self.source.save() + group_sync = GroupLDAPSynchronizer(self.source) + group_sync.sync_full() + membership_sync = MembershipLDAPSynchronizer(self.source) + membership_sync.sync_full() group: Group = Group.objects.filter(name="test-group").first() self.assertIsNotNone(group) self.assertEqual(group.parent, parent_group) @@ -237,8 +255,11 @@ class LDAPSyncTests(TestCase): ) connection = MagicMock(return_value=mock_slapd_connection(LDAP_PASSWORD)) with patch("authentik.sources.ldap.models.LDAPSource.connection", connection): - # Sync is run on save self.source.save() + group_sync = GroupLDAPSynchronizer(self.source) + group_sync.sync_full() + membership_sync = MembershipLDAPSynchronizer(self.source) + membership_sync.sync_full() group = Group.objects.filter(name="group1") self.assertTrue(group.exists()) @@ -248,11 +269,18 @@ class LDAPSyncTests(TestCase): self.source.group_membership_field = "memberUid" self.source.user_object_filter = "(objectClass=posixAccount)" self.source.group_object_filter = "(objectClass=posixGroup)" + self.source.user_membership_attribute = "uid" self.source.user_property_mappings.set( - LDAPSourcePropertyMapping.objects.filter( - Q(managed__startswith="goauthentik.io/sources/ldap/default") - | Q(managed__startswith="goauthentik.io/sources/ldap/openldap") - ) + [ + *LDAPSourcePropertyMapping.objects.filter( + Q(managed__startswith="goauthentik.io/sources/ldap/default") + | Q(managed__startswith="goauthentik.io/sources/ldap/openldap") + ).all(), + LDAPSourcePropertyMapping.objects.create( + name="name", + expression='return {"attributes": {"uid": list_flatten(ldap.get("uid"))}}', + ), + ] ) self.source.group_property_mappings.set( LDAPSourcePropertyMapping.objects.filter( @@ -261,8 +289,51 @@ class LDAPSyncTests(TestCase): ) connection = MagicMock(return_value=mock_slapd_connection(LDAP_PASSWORD)) with patch("authentik.sources.ldap.models.LDAPSource.connection", connection): - # Sync is run on save self.source.save() + user_sync = UserLDAPSynchronizer(self.source) + user_sync.sync_full() + group_sync = GroupLDAPSynchronizer(self.source) + group_sync.sync_full() + membership_sync = MembershipLDAPSynchronizer(self.source) + membership_sync.sync_full() + # Test if membership mapping based on memberUid works. + posix_group = Group.objects.filter(name="group-posix").first() + self.assertTrue(posix_group.users.filter(name="user-posix").exists()) + + def test_sync_groups_openldap_posix_group_nonstandard_membership_attribute(self): + """Test posix group sync""" + self.source.object_uniqueness_field = "cn" + self.source.group_membership_field = "memberUid" + self.source.user_object_filter = "(objectClass=posixAccount)" + self.source.group_object_filter = "(objectClass=posixGroup)" + self.source.user_membership_attribute = "cn" + self.source.user_property_mappings.set( + [ + *LDAPSourcePropertyMapping.objects.filter( + Q(managed__startswith="goauthentik.io/sources/ldap/default") + | Q(managed__startswith="goauthentik.io/sources/ldap/openldap") + ).all(), + LDAPSourcePropertyMapping.objects.create( + name="name", + expression='return {"attributes": {"cn": list_flatten(ldap.get("cn"))}}', + ), + ] + ) + self.source.group_property_mappings.set( + LDAPSourcePropertyMapping.objects.filter( + managed="goauthentik.io/sources/ldap/openldap-cn" + ) + ) + connection = MagicMock(return_value=mock_slapd_connection(LDAP_PASSWORD)) + with patch("authentik.sources.ldap.models.LDAPSource.connection", connection): + self.source.save() + user_sync = UserLDAPSynchronizer(self.source) + user_sync.sync_full() + group_sync = GroupLDAPSynchronizer(self.source) + group_sync.sync_full() + membership_sync = MembershipLDAPSynchronizer(self.source) + membership_sync.sync_full() + # Test if membership mapping based on memberUid works. posix_group = Group.objects.filter(name="group-posix").first() self.assertTrue(posix_group.users.filter(name="user-posix").exists()) @@ -274,10 +345,10 @@ class LDAPSyncTests(TestCase): | Q(managed__startswith="goauthentik.io/sources/ldap/ms") ) ) + self.source.save() connection = MagicMock(return_value=mock_ad_connection(LDAP_PASSWORD)) with patch("authentik.sources.ldap.models.LDAPSource.connection", connection): - self.source.save() - ldap_sync.send(self.source.pk).get_result() + ldap_sync_all.delay().get() def test_tasks_openldap(self): """Test Scheduled tasks""" @@ -289,7 +360,164 @@ class LDAPSyncTests(TestCase): | Q(managed__startswith="goauthentik.io/sources/ldap/openldap") ) ) + self.source.save() connection = MagicMock(return_value=mock_slapd_connection(LDAP_PASSWORD)) with patch("authentik.sources.ldap.models.LDAPSource.connection", connection): - self.source.save() - ldap_sync.send(self.source.pk).get_result() + ldap_sync_all.delay().get() + + def test_user_deletion(self): + """Test user deletion""" + user = User.objects.create_user(username="not-in-the-source") + UserLDAPSourceConnection.objects.create( + user=user, source=self.source, identifier="not-in-the-source" + ) + self.source.object_uniqueness_field = "uid" + self.source.group_object_filter = "(objectClass=groupOfNames)" + self.source.delete_not_found_objects = True + self.source.save() + + connection = MagicMock(return_value=mock_slapd_connection(LDAP_PASSWORD)) + with patch("authentik.sources.ldap.models.LDAPSource.connection", connection): + ldap_sync_all.delay().get() + self.assertFalse(User.objects.filter(username="not-in-the-source").exists()) + + def test_user_deletion_still_in_source(self): + """Test that user is not deleted if it's still in the source""" + username = user_in_slapd_cn + identifier = user_in_slapd_uid + user = User.objects.create_user(username=username) + UserLDAPSourceConnection.objects.create( + user=user, source=self.source, identifier=identifier + ) + self.source.object_uniqueness_field = "uid" + self.source.group_object_filter = "(objectClass=groupOfNames)" + self.source.delete_not_found_objects = True + self.source.save() + + connection = MagicMock(return_value=mock_slapd_connection(LDAP_PASSWORD)) + with patch("authentik.sources.ldap.models.LDAPSource.connection", connection): + ldap_sync_all.delay().get() + self.assertTrue(User.objects.filter(username=username).exists()) + + def test_user_deletion_no_sync(self): + """Test that user is not deleted if sync_users is False""" + user = User.objects.create_user(username="not-in-the-source") + UserLDAPSourceConnection.objects.create( + user=user, source=self.source, identifier="not-in-the-source" + ) + self.source.object_uniqueness_field = "uid" + self.source.group_object_filter = "(objectClass=groupOfNames)" + self.source.delete_not_found_objects = True + self.source.sync_users = False + self.source.save() + + connection = MagicMock(return_value=mock_slapd_connection(LDAP_PASSWORD)) + with patch("authentik.sources.ldap.models.LDAPSource.connection", connection): + ldap_sync_all.delay().get() + self.assertTrue(User.objects.filter(username="not-in-the-source").exists()) + + def test_user_deletion_no_delete(self): + """Test that user is not deleted if delete_not_found_objects is False""" + user = User.objects.create_user(username="not-in-the-source") + UserLDAPSourceConnection.objects.create( + user=user, source=self.source, identifier="not-in-the-source" + ) + self.source.object_uniqueness_field = "uid" + self.source.group_object_filter = "(objectClass=groupOfNames)" + self.source.save() + + connection = MagicMock(return_value=mock_slapd_connection(LDAP_PASSWORD)) + with patch("authentik.sources.ldap.models.LDAPSource.connection", connection): + ldap_sync_all.delay().get() + self.assertTrue(User.objects.filter(username="not-in-the-source").exists()) + + def test_group_deletion(self): + """Test group deletion""" + group = Group.objects.create(name="not-in-the-source") + GroupLDAPSourceConnection.objects.create( + group=group, source=self.source, identifier="not-in-the-source" + ) + self.source.object_uniqueness_field = "uid" + self.source.group_object_filter = "(objectClass=groupOfNames)" + self.source.delete_not_found_objects = True + self.source.save() + + connection = MagicMock(return_value=mock_slapd_connection(LDAP_PASSWORD)) + with patch("authentik.sources.ldap.models.LDAPSource.connection", connection): + ldap_sync_all.delay().get() + self.assertFalse(Group.objects.filter(name="not-in-the-source").exists()) + + def test_group_deletion_still_in_source(self): + """Test that group is not deleted if it's still in the source""" + groupname = group_in_slapd_cn + identifier = group_in_slapd_uid + group = Group.objects.create(name=groupname) + GroupLDAPSourceConnection.objects.create( + group=group, source=self.source, identifier=identifier + ) + self.source.object_uniqueness_field = "uid" + self.source.group_object_filter = "(objectClass=groupOfNames)" + self.source.delete_not_found_objects = True + self.source.save() + + connection = MagicMock(return_value=mock_slapd_connection(LDAP_PASSWORD)) + with patch("authentik.sources.ldap.models.LDAPSource.connection", connection): + ldap_sync_all.delay().get() + self.assertTrue(Group.objects.filter(name=groupname).exists()) + + def test_group_deletion_no_sync(self): + """Test that group is not deleted if sync_groups is False""" + group = Group.objects.create(name="not-in-the-source") + GroupLDAPSourceConnection.objects.create( + group=group, source=self.source, identifier="not-in-the-source" + ) + self.source.object_uniqueness_field = "uid" + self.source.group_object_filter = "(objectClass=groupOfNames)" + self.source.delete_not_found_objects = True + self.source.sync_groups = False + self.source.save() + + connection = MagicMock(return_value=mock_slapd_connection(LDAP_PASSWORD)) + with patch("authentik.sources.ldap.models.LDAPSource.connection", connection): + ldap_sync_all.delay().get() + self.assertTrue(Group.objects.filter(name="not-in-the-source").exists()) + + def test_group_deletion_no_delete(self): + """Test that group is not deleted if delete_not_found_objects is False""" + group = Group.objects.create(name="not-in-the-source") + GroupLDAPSourceConnection.objects.create( + group=group, source=self.source, identifier="not-in-the-source" + ) + self.source.object_uniqueness_field = "uid" + self.source.group_object_filter = "(objectClass=groupOfNames)" + self.source.save() + + connection = MagicMock(return_value=mock_slapd_connection(LDAP_PASSWORD)) + with patch("authentik.sources.ldap.models.LDAPSource.connection", connection): + ldap_sync_all.delay().get() + self.assertTrue(Group.objects.filter(name="not-in-the-source").exists()) + + def test_batch_deletion(self): + """Test batch deletion""" + BATCH_SIZE = DELETE_CHUNK_SIZE + 1 + for i in range(BATCH_SIZE): + user = User.objects.create_user(username=f"not-in-the-source-{i}") + group = Group.objects.create(name=f"not-in-the-source-{i}") + group.users.add(user) + UserLDAPSourceConnection.objects.create( + user=user, source=self.source, identifier=f"not-in-the-source-{i}-user" + ) + GroupLDAPSourceConnection.objects.create( + group=group, source=self.source, identifier=f"not-in-the-source-{i}-group" + ) + self.source.object_uniqueness_field = "uid" + self.source.group_object_filter = "(objectClass=groupOfNames)" + self.source.delete_not_found_objects = True + self.source.save() + + connection = MagicMock(return_value=mock_slapd_connection(LDAP_PASSWORD)) + with patch("authentik.sources.ldap.models.LDAPSource.connection", connection): + ldap_sync_all.delay().get() + + self.assertFalse(User.objects.filter(username__startswith="not-in-the-source").exists()) + self.assertFalse(Group.objects.filter(name__startswith="not-in-the-source").exists()) diff --git a/authentik/sources/saml/views.py b/authentik/sources/saml/views.py index 07fc6f859c..45a75980e3 100644 --- a/authentik/sources/saml/views.py +++ b/authentik/sources/saml/views.py @@ -9,6 +9,7 @@ from django.http.response import HttpResponseBadRequest from django.shortcuts import get_object_or_404, redirect from django.utils.decorators import method_decorator from django.utils.http import urlencode +from django.utils.translation import gettext as _ from django.views import View from django.views.decorators.csrf import csrf_exempt from structlog.stdlib import get_logger @@ -128,7 +129,9 @@ class InitiateView(View): # otherwise we default to POST_AUTO, with direct redirect if source.binding_type == SAMLBindingTypes.POST: injected_stages.append(in_memory_stage(ConsentStageView)) - plan_kwargs[PLAN_CONTEXT_CONSENT_HEADER] = f"Continue to {source.name}" + plan_kwargs[PLAN_CONTEXT_CONSENT_HEADER] = _( + "Continue to {source_name}".format(source_name=source.name) + ) injected_stages.append(in_memory_stage(AutosubmitStageView)) return self.handle_login_flow( source, diff --git a/authentik/stages/consent/stage.py b/authentik/stages/consent/stage.py index 36648c899a..8408daf3fe 100644 --- a/authentik/stages/consent/stage.py +++ b/authentik/stages/consent/stage.py @@ -4,6 +4,8 @@ from uuid import uuid4 from django.http import HttpRequest, HttpResponse from django.utils.timezone import now +from django.utils.translation import gettext as _ +from rest_framework.exceptions import ValidationError from rest_framework.fields import CharField from authentik.core.api.utils import PassiveSerializer @@ -47,6 +49,11 @@ class ConsentChallengeResponse(ChallengeResponse): component = CharField(default="ak-stage-consent") token = CharField(required=True) + def validate_token(self, token: str): + if token != self.stage.executor.request.session[SESSION_KEY_CONSENT_TOKEN]: + raise ValidationError(_("Invalid consent token, re-showing prompt")) + return token + class ConsentStageView(ChallengeStageView): """Simple consent checker.""" @@ -120,9 +127,6 @@ class ConsentStageView(ChallengeStageView): return super().get(request, *args, **kwargs) def challenge_valid(self, response: ChallengeResponse) -> HttpResponse: - if response.data["token"] != self.request.session[SESSION_KEY_CONSENT_TOKEN]: - self.logger.info("Invalid consent token, re-showing prompt") - return self.get(self.request) if self.should_always_prompt(): return self.executor.stage_ok() current_stage: ConsentStage = self.executor.current_stage diff --git a/authentik/stages/consent/tests.py b/authentik/stages/consent/tests.py index d03b47e7e6..0ef001b225 100644 --- a/authentik/stages/consent/tests.py +++ b/authentik/stages/consent/tests.py @@ -17,6 +17,7 @@ from authentik.flows.views.executor import SESSION_KEY_PLAN from authentik.lib.generators import generate_id from authentik.stages.consent.models import ConsentMode, ConsentStage, UserConsent from authentik.stages.consent.stage import ( + PLAN_CONTEXT_CONSENT_HEADER, PLAN_CONTEXT_CONSENT_PERMISSIONS, SESSION_KEY_CONSENT_TOKEN, ) @@ -33,6 +34,40 @@ class TestConsentStage(FlowTestCase): slug=generate_id(), ) + def test_mismatched_token(self): + """Test incorrect token""" + flow = create_test_flow(FlowDesignation.AUTHENTICATION) + stage = ConsentStage.objects.create(name=generate_id(), mode=ConsentMode.ALWAYS_REQUIRE) + binding = FlowStageBinding.objects.create(target=flow, stage=stage, order=2) + + plan = FlowPlan(flow_pk=flow.pk.hex, bindings=[binding], markers=[StageMarker()]) + session = self.client.session + session[SESSION_KEY_PLAN] = plan + session.save() + response = self.client.get( + reverse("authentik_api:flow-executor", kwargs={"flow_slug": flow.slug}), + ) + self.assertEqual(response.status_code, 200) + + session = self.client.session + response = self.client.post( + reverse("authentik_api:flow-executor", kwargs={"flow_slug": flow.slug}), + { + "token": generate_id(), + }, + ) + + self.assertEqual(response.status_code, 200) + self.assertStageResponse( + response, + flow, + component="ak-stage-consent", + response_errors={ + "token": [{"string": "Invalid consent token, re-showing prompt", "code": "invalid"}] + }, + ) + self.assertFalse(UserConsent.objects.filter(user=self.user).exists()) + def test_always_required(self): """Test always required consent""" flow = create_test_flow(FlowDesignation.AUTHENTICATION) @@ -158,6 +193,7 @@ class TestConsentStage(FlowTestCase): context={ PLAN_CONTEXT_APPLICATION: self.application, PLAN_CONTEXT_CONSENT_PERMISSIONS: [PermissionDict(id="foo", name="foo-desc")], + PLAN_CONTEXT_CONSENT_HEADER: "test header", }, ) session = self.client.session diff --git a/authentik/stages/email/flow.py b/authentik/stages/email/flow.py new file mode 100644 index 0000000000..af2fe37973 --- /dev/null +++ b/authentik/stages/email/flow.py @@ -0,0 +1,38 @@ +from base64 import b64encode +from copy import deepcopy +from pickle import dumps # nosec + +from django.utils.translation import gettext as _ + +from authentik.flows.models import FlowToken, in_memory_stage +from authentik.flows.planner import PLAN_CONTEXT_IS_RESTORED, FlowPlan +from authentik.stages.consent.stage import PLAN_CONTEXT_CONSENT_HEADER, ConsentStageView + + +def pickle_flow_token_for_email(plan: FlowPlan): + """Insert a consent stage into the flow plan and pickle it for a FlowToken, + to be sent via Email. This is to prevent automated email scanners, which sometimes + open links in emails in a full browser from breaking the link.""" + plan_copy = deepcopy(plan) + plan_copy.insert_stage(in_memory_stage(EmailTokenRevocationConsentStageView), index=0) + plan_copy.context[PLAN_CONTEXT_CONSENT_HEADER] = _("Continue to confirm this email address.") + data = dumps(plan_copy) + return b64encode(data).decode() + + +class EmailTokenRevocationConsentStageView(ConsentStageView): + + def get(self, request, *args, **kwargs): + token: FlowToken = self.executor.plan.context[PLAN_CONTEXT_IS_RESTORED] + try: + token.refresh_from_db() + except FlowToken.DoesNotExist: + return self.executor.stage_invalid( + _("Link was already used, please request a new link.") + ) + return super().get(request, *args, **kwargs) + + def challenge_valid(self, response): + token: FlowToken = self.executor.plan.context[PLAN_CONTEXT_IS_RESTORED] + token.delete() + return super().challenge_valid(response) diff --git a/authentik/stages/email/stage.py b/authentik/stages/email/stage.py index f45b9a9fa2..548c2083f5 100644 --- a/authentik/stages/email/stage.py +++ b/authentik/stages/email/stage.py @@ -23,6 +23,7 @@ from authentik.flows.stage import ChallengeStageView from authentik.flows.views.executor import QS_KEY_TOKEN, QS_QUERY from authentik.lib.utils.errors import exception_to_string from authentik.lib.utils.time import timedelta_from_string +from authentik.stages.email.flow import pickle_flow_token_for_email from authentik.stages.email.models import EmailStage from authentik.stages.email.tasks import send_mails from authentik.stages.email.utils import TemplateEmailMessage @@ -86,7 +87,8 @@ class EmailStageView(ChallengeStageView): user=pending_user, identifier=identifier, flow=self.executor.flow, - _plan=FlowToken.pickle(self.executor.plan), + _plan=pickle_flow_token_for_email(self.executor.plan), + revoke_on_execution=False, ) token = tokens.first() # Check if token is expired and rotate key if so diff --git a/authentik/stages/email/tests/test_sending.py b/authentik/stages/email/tests/test_sending.py index 4f2b5758c2..027529b04c 100644 --- a/authentik/stages/email/tests/test_sending.py +++ b/authentik/stages/email/tests/test_sending.py @@ -174,5 +174,5 @@ class TestEmailStageSending(FlowTestCase): response = self.client.post(url) response = self.client.post(url) self.assertEqual(response.status_code, 200) - self.assertTrue(len(mail.outbox) >= 1) + self.assertGreaterEqual(len(mail.outbox), 1) self.assertEqual(mail.outbox[0].subject, "authentik") diff --git a/authentik/stages/email/tests/test_stage.py b/authentik/stages/email/tests/test_stage.py index 92739739cc..5d0a4d6d6c 100644 --- a/authentik/stages/email/tests/test_stage.py +++ b/authentik/stages/email/tests/test_stage.py @@ -17,6 +17,7 @@ from authentik.flows.tests import FlowTestCase from authentik.flows.views.executor import QS_KEY_TOKEN, SESSION_KEY_PLAN, FlowExecutorView from authentik.lib.config import CONFIG from authentik.lib.generators import generate_id +from authentik.stages.consent.stage import SESSION_KEY_CONSENT_TOKEN from authentik.stages.email.models import EmailStage from authentik.stages.email.stage import PLAN_CONTEXT_EMAIL_OVERRIDE, EmailStageView @@ -164,6 +165,17 @@ class TestEmailStage(FlowTestCase): kwargs={"flow_slug": self.flow.slug}, ) ) + self.assertStageResponse(response, self.flow, component="ak-stage-consent") + response = self.client.post( + reverse( + "authentik_api:flow-executor", + kwargs={"flow_slug": self.flow.slug}, + ), + data={ + "token": self.client.session[SESSION_KEY_CONSENT_TOKEN], + }, + follow=True, + ) self.assertEqual(response.status_code, 200) self.assertStageRedirects(response, reverse("authentik_core:root-redirect")) @@ -186,6 +198,7 @@ class TestEmailStage(FlowTestCase): # Set flow token user to a different user token: FlowToken = FlowToken.objects.get(user=self.user) token.user = create_test_admin_user() + token.revoke_on_execution = True token.save() with patch("authentik.flows.views.executor.FlowExecutorView.cancel", MagicMock()): diff --git a/authentik/stages/user_login/stage.py b/authentik/stages/user_login/stage.py index ac312f4db4..ea92f8b353 100644 --- a/authentik/stages/user_login/stage.py +++ b/authentik/stages/user_login/stage.py @@ -11,7 +11,7 @@ from rest_framework.fields import BooleanField, CharField from authentik.core.models import Session, User from authentik.events.middleware import audit_ignore from authentik.flows.challenge import ChallengeResponse, WithUserInfoChallenge -from authentik.flows.planner import PLAN_CONTEXT_PENDING_USER, PLAN_CONTEXT_SOURCE +from authentik.flows.planner import PLAN_CONTEXT_PENDING_USER from authentik.flows.stage import ChallengeStageView from authentik.lib.utils.time import timedelta_from_string from authentik.root.middleware import ClientIPMiddleware @@ -108,10 +108,6 @@ class UserLoginStageView(ChallengeStageView): flow_slug=self.executor.flow.slug, session_duration=delta, ) - # Only show success message if we don't have a source in the flow - # as sources show their own success messages - if not self.executor.plan.context.get(PLAN_CONTEXT_SOURCE, None): - messages.success(self.request, _("Successfully logged in!")) if self.executor.current_stage.terminate_other_sessions: Session.objects.filter( authenticatedsession__user=user, diff --git a/blueprints/schema.json b/blueprints/schema.json index e18cbf0fcd..843e054cba 100644 --- a/blueprints/schema.json +++ b/blueprints/schema.json @@ -8575,6 +8575,12 @@ "title": "Group membership field", "description": "Field which contains members of a group." }, + "user_membership_attribute": { + "type": "string", + "minLength": 1, + "title": "User membership attribute", + "description": "Attribute which matches the value of `group_membership_field`." + }, "object_uniqueness_field": { "type": "string", "minLength": 1, @@ -8608,6 +8614,11 @@ "type": "boolean", "title": "Lookup groups from user", "description": "Lookup group membership based on a user attribute instead of a group attribute. This allows nested group resolution on systems like FreeIPA and Active Directory" + }, + "delete_not_found_objects": { + "type": "boolean", + "title": "Delete not found objects", + "description": "Delete authentik users and groups which were previously supplied by this source, but are now missing from it." } }, "required": [] diff --git a/go.mod b/go.mod index 3c8be11d7b..553aae4ca9 100644 --- a/go.mod +++ b/go.mod @@ -21,13 +21,13 @@ require ( github.com/nmcclain/asn1-ber v0.0.0-20170104154839-2661553a0484 github.com/pires/go-proxyproto v0.8.1 github.com/prometheus/client_golang v1.22.0 - github.com/redis/go-redis/v9 v9.8.0 + github.com/redis/go-redis/v9 v9.9.0 github.com/sethvargo/go-envconfig v1.3.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.9.1 github.com/stretchr/testify v1.10.0 github.com/wwt/guac v1.3.2 - goauthentik.io/api/v3 v3.2025041.2 + goauthentik.io/api/v3 v3.2025041.4 golang.org/x/exp v0.0.0-20230210204819-062eb4c674ab golang.org/x/oauth2 v0.30.0 golang.org/x/sync v0.14.0 diff --git a/go.sum b/go.sum index ba2cba50ac..a45a321480 100644 --- a/go.sum +++ b/go.sum @@ -245,8 +245,8 @@ github.com/prometheus/common v0.62.0 h1:xasJaQlnWAeyHdUBeGjXmutelfJHWMRr+Fg4QszZ github.com/prometheus/common v0.62.0/go.mod h1:vyBcEuLSvWos9B1+CyL7JZ2up+uFzXhkqml0W5zIY1I= github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= -github.com/redis/go-redis/v9 v9.8.0 h1:q3nRvjrlge/6UD7eTu/DSg2uYiU2mCL0G/uzBWqhicI= -github.com/redis/go-redis/v9 v9.8.0/go.mod h1:huWgSWd8mW6+m0VPhJjSSQ+d6Nh1VICQ6Q5lHuCH/Iw= +github.com/redis/go-redis/v9 v9.9.0 h1:URbPQ4xVQSQhZ27WMQVmZSo3uT3pL+4IdHVcYq2nVfM= +github.com/redis/go-redis/v9 v9.9.0/go.mod h1:huWgSWd8mW6+m0VPhJjSSQ+d6Nh1VICQ6Q5lHuCH/Iw= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= @@ -290,8 +290,8 @@ go.opentelemetry.io/otel/trace v1.24.0 h1:CsKnnL4dUAr/0llH9FKuc698G04IrpWV0MQA/Y go.opentelemetry.io/otel/trace v1.24.0/go.mod h1:HPc3Xr/cOApsBI154IU0OI0HJexz+aw5uPdbs3UCjNU= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= -goauthentik.io/api/v3 v3.2025041.2 h1:vFYYnhcDcxL95RczZwhzt3i4LptFXMvIRN+vgf8sQYg= -goauthentik.io/api/v3 v3.2025041.2/go.mod h1:zz+mEZg8rY/7eEjkMGWJ2DnGqk+zqxuybGCGrR2O4Kw= +goauthentik.io/api/v3 v3.2025041.4 h1:cGqzWYnUHrWDoaXWDpIL/kWnX9sFrIhkYDye0P0OEAo= +goauthentik.io/api/v3 v3.2025041.4/go.mod h1:zz+mEZg8rY/7eEjkMGWJ2DnGqk+zqxuybGCGrR2O4Kw= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= diff --git a/internal/outpost/ldap/bind/memory/memory.go b/internal/outpost/ldap/bind/memory/memory.go index ef5eb56a85..97080cf582 100644 --- a/internal/outpost/ldap/bind/memory/memory.go +++ b/internal/outpost/ldap/bind/memory/memory.go @@ -28,16 +28,18 @@ func NewSessionBinder(si server.LDAPServerInstance, oldBinder bind.Binder) *Sess si: si, log: log.WithField("logger", "authentik.outpost.ldap.binder.session"), } - if oldSb, ok := oldBinder.(*SessionBinder); ok { - sb.DirectBinder = oldSb.DirectBinder - sb.sessions = oldSb.sessions - sb.log.Debug("re-initialised session binder") - } else { - sb.sessions = ttlcache.New(ttlcache.WithDisableTouchOnHit[Credentials, ldap.LDAPResultCode]()) - sb.DirectBinder = *direct.NewDirectBinder(si) - go sb.sessions.Start() - sb.log.Debug("initialised session binder") + if oldBinder != nil { + if oldSb, ok := oldBinder.(*SessionBinder); ok { + sb.DirectBinder = oldSb.DirectBinder + sb.sessions = oldSb.sessions + sb.log.Debug("re-initialised session binder") + return sb + } } + sb.sessions = ttlcache.New(ttlcache.WithDisableTouchOnHit[Credentials, ldap.LDAPResultCode]()) + sb.DirectBinder = *direct.NewDirectBinder(si) + go sb.sessions.Start() + sb.log.Debug("initialised session binder") return sb } diff --git a/internal/outpost/ldap/refresh.go b/internal/outpost/ldap/refresh.go index 0f00bbeb26..2ad73ab661 100644 --- a/internal/outpost/ldap/refresh.go +++ b/internal/outpost/ldap/refresh.go @@ -16,6 +16,7 @@ import ( memorybind "goauthentik.io/internal/outpost/ldap/bind/memory" "goauthentik.io/internal/outpost/ldap/constants" "goauthentik.io/internal/outpost/ldap/flags" + "goauthentik.io/internal/outpost/ldap/search" directsearch "goauthentik.io/internal/outpost/ldap/search/direct" memorysearch "goauthentik.io/internal/outpost/ldap/search/memory" ) @@ -85,7 +86,11 @@ func (ls *LDAPServer) Refresh() error { providers[idx].certUUID = *kp } if *provider.SearchMode.Ptr() == api.LDAPAPIACCESSMODE_CACHED { - providers[idx].searcher = memorysearch.NewMemorySearcher(providers[idx]) + var oldSearcher search.Searcher + if existing != nil { + oldSearcher = existing.searcher + } + providers[idx].searcher = memorysearch.NewMemorySearcher(providers[idx], oldSearcher) } else if *provider.SearchMode.Ptr() == api.LDAPAPIACCESSMODE_DIRECT { providers[idx].searcher = directsearch.NewDirectSearcher(providers[idx]) } diff --git a/internal/outpost/ldap/search/memory/memory.go b/internal/outpost/ldap/search/memory/memory.go index c4f23a60e8..509b98e824 100644 --- a/internal/outpost/ldap/search/memory/memory.go +++ b/internal/outpost/ldap/search/memory/memory.go @@ -31,13 +31,26 @@ type MemorySearcher struct { groups []api.Group } -func NewMemorySearcher(si server.LDAPServerInstance) *MemorySearcher { +func NewMemorySearcher(si server.LDAPServerInstance, existing search.Searcher) *MemorySearcher { ms := &MemorySearcher{ si: si, log: log.WithField("logger", "authentik.outpost.ldap.searcher.memory"), ds: direct.NewDirectSearcher(si), } + if existing != nil { + if ems, ok := existing.(*MemorySearcher); ok { + ems.si = si + ems.fetch() + ems.log.Debug("re-initialised memory searcher") + return ems + } + } + ms.fetch() ms.log.Debug("initialised memory searcher") + return ms +} + +func (ms *MemorySearcher) fetch() { // Error is not handled here, we get an empty/truncated list and the error is logged users, _ := ak.Paginator(ms.si.GetAPIClient().CoreApi.CoreUsersList(context.TODO()).IncludeGroups(true), ak.PaginatorOptions{ PageSize: 100, @@ -49,7 +62,6 @@ func NewMemorySearcher(si server.LDAPServerInstance) *MemorySearcher { Logger: ms.log, }) ms.groups = groups - return ms } func (ms *MemorySearcher) SearchBase(req *search.Request) (ldap.ServerSearchResult, error) { diff --git a/internal/web/static.go b/internal/web/static.go index 33a538179a..62fa775593 100644 --- a/internal/web/static.go +++ b/internal/web/static.go @@ -67,11 +67,15 @@ func (ws *WebServer) configureStatic() { // Media files, if backend is file if config.Get().Storage.Media.Backend == "file" { - fsMedia := http.StripPrefix("/media", http.FileServer(http.Dir(config.Get().Storage.Media.File.Path))) - indexLessRouter.PathPrefix(config.Get().Web.Path).PathPrefix("/media/").HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - w.Header().Set("Content-Security-Policy", "default-src 'none'; style-src 'unsafe-inline'; sandbox") - fsMedia.ServeHTTP(w, r) - }) + fsMedia := http.FileServer(http.Dir(config.Get().Storage.Media.File.Path)) + indexLessRouter.PathPrefix(config.Get().Web.Path).PathPrefix("/media/").Handler(pathStripper( + http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.Header().Set("Content-Security-Policy", "default-src 'none'; style-src 'unsafe-inline'; sandbox") + fsMedia.ServeHTTP(w, r) + }), + "media/", + config.Get().Web.Path, + )) } staticRouter.PathPrefix(config.Get().Web.Path).PathPrefix("/if/help/").Handler(pathStripper( diff --git a/lifecycle/aws/package-lock.json b/lifecycle/aws/package-lock.json index 7507de6ab9..d36ba19a70 100644 --- a/lifecycle/aws/package-lock.json +++ b/lifecycle/aws/package-lock.json @@ -9,7 +9,7 @@ "version": "0.0.0", "license": "MIT", "devDependencies": { - "aws-cdk": "^2.1016.1", + "aws-cdk": "^2.1017.1", "cross-env": "^7.0.3" }, "engines": { @@ -17,9 +17,9 @@ } }, "node_modules/aws-cdk": { - "version": "2.1016.1", - "resolved": "https://registry.npmjs.org/aws-cdk/-/aws-cdk-2.1016.1.tgz", - "integrity": "sha512-248TBiluT8jHUjkpzvWJOHv2fS+An9fiII3eji8H7jwfTu5yMBk7on4B/AVNr9A1GXJk9I32qf9Q0A3rLWRYPQ==", + "version": "2.1017.1", + "resolved": "https://registry.npmjs.org/aws-cdk/-/aws-cdk-2.1017.1.tgz", + "integrity": "sha512-KtDdkMhfVjDeexjpMrVoSlz2mTYI5BE/KotvJ7iFbZy1G0nkpW1ImZ54TdBefeeFmZ+8DAjU3I6nUFtymyOI1A==", "dev": true, "license": "Apache-2.0", "bin": { diff --git a/lifecycle/aws/package.json b/lifecycle/aws/package.json index 269ef7c2a1..839d552639 100644 --- a/lifecycle/aws/package.json +++ b/lifecycle/aws/package.json @@ -10,7 +10,7 @@ "node": ">=20" }, "devDependencies": { - "aws-cdk": "^2.1016.1", + "aws-cdk": "^2.1017.1", "cross-env": "^7.0.3" } } diff --git a/locale/de/LC_MESSAGES/django.mo b/locale/de/LC_MESSAGES/django.mo index caf9fce1cd..ecf959ae52 100644 Binary files a/locale/de/LC_MESSAGES/django.mo and b/locale/de/LC_MESSAGES/django.mo differ diff --git a/locale/de/LC_MESSAGES/django.po b/locale/de/LC_MESSAGES/django.po index 4921dfb196..2d537c8f33 100644 --- a/locale/de/LC_MESSAGES/django.po +++ b/locale/de/LC_MESSAGES/django.po @@ -32,15 +32,17 @@ # datenschmutz, 2025 # 97cce0ae0cad2a2cc552d3165d04643e_de3d740, 2025 # Dominic Wagner , 2025 +# Till-Frederik Riechard, 2025 +# Alexander Mnich, 2025 # #, fuzzy msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2025-04-23 09:00+0000\n" +"POT-Creation-Date: 2025-05-28 11:25+0000\n" "PO-Revision-Date: 2022-09-26 16:47+0000\n" -"Last-Translator: Dominic Wagner , 2025\n" +"Last-Translator: Alexander Mnich, 2025\n" "Language-Team: German (https://app.transifex.com/authentik/teams/119923/de/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -132,6 +134,10 @@ msgstr "" msgid "Web Certificate used by the authentik Core webserver." msgstr "Vom Authentik-Core-Webserver verwendetes Zertifikat." +#: authentik/brands/models.py +msgid "Certificates used for client authentication." +msgstr "" + #: authentik/brands/models.py msgid "Brand" msgstr "Marke" @@ -405,7 +411,7 @@ msgstr "Eigenschaften" #: authentik/core/models.py msgid "session data" -msgstr "" +msgstr "Sitzungsdaten" #: authentik/core/models.py msgid "Session" @@ -533,7 +539,7 @@ msgstr "" #: authentik/enterprise/policies/unique_password/models.py msgid "Number of passwords to check against." -msgstr "" +msgstr "Anzahl Passwörter, gegen die geprüft wird." #: authentik/enterprise/policies/unique_password/models.py #: authentik/policies/password/models.py @@ -543,18 +549,20 @@ msgstr "Passwort nicht im Kontext festgelegt" #: authentik/enterprise/policies/unique_password/models.py msgid "This password has been used previously. Please choose a different one." msgstr "" +"Dieses Passwort wurde in Vergangenheit bereits verwendet. Bitte nutzen Sie " +"ein anderes." #: authentik/enterprise/policies/unique_password/models.py msgid "Password Uniqueness Policy" -msgstr "" +msgstr "Passwort-Einzigartigkeits-Richtlinie" #: authentik/enterprise/policies/unique_password/models.py msgid "Password Uniqueness Policies" -msgstr "" +msgstr "Passwort-Einzigartigkeits-Richtlinien" #: authentik/enterprise/policies/unique_password/models.py msgid "User Password History" -msgstr "" +msgstr "Nutzer-Passwort-Historie" #: authentik/enterprise/policy.py msgid "Enterprise required to access this feature." @@ -693,6 +701,33 @@ msgstr "Endgeräte" msgid "Verifying your browser..." msgstr "Verifiziere deinen Browser..." +#: authentik/enterprise/stages/mtls/models.py +msgid "" +"Configure certificate authorities to validate the certificate against. This " +"option has a higher priority than the `client_certificate` option on " +"`Brand`." +msgstr "" + +#: authentik/enterprise/stages/mtls/models.py +msgid "Mutual TLS Stage" +msgstr "" + +#: authentik/enterprise/stages/mtls/models.py +msgid "Mutual TLS Stages" +msgstr "" + +#: authentik/enterprise/stages/mtls/models.py +msgid "Permissions to pass Certificates for outposts." +msgstr "" + +#: authentik/enterprise/stages/mtls/stage.py +msgid "Certificate required but no certificate was given." +msgstr "" + +#: authentik/enterprise/stages/mtls/stage.py +msgid "No user found for certificate." +msgstr "" + #: authentik/enterprise/stages/source/models.py msgid "" "Amount of time a user can take to return from the source to continue the " @@ -988,7 +1023,7 @@ msgstr "" #: authentik/flows/models.py msgid "Evaluate policies when the Stage is presented to the user." -msgstr "" +msgstr "Richtlinien auswerten, wenn die Phase dem Benutzer angezeigt wird." #: authentik/flows/models.py msgid "" @@ -1043,9 +1078,12 @@ msgid "Starting full provider sync" msgstr "Starte komplette Provider Synchronisation." #: authentik/lib/sync/outgoing/tasks.py -#, python-brace-format -msgid "Syncing page {page} of users" -msgstr "Synchonisiere Benutzer Seite {page}" +msgid "Syncing users" +msgstr "" + +#: authentik/lib/sync/outgoing/tasks.py +msgid "Syncing groups" +msgstr "" #: authentik/lib/sync/outgoing/tasks.py #, python-brace-format @@ -1593,11 +1631,11 @@ msgstr "ES256 (Asymmetrische Verschlüsselung)" #: authentik/providers/oauth2/models.py msgid "ES384 (Asymmetric Encryption)" -msgstr "" +msgstr "ES384 (Asymmetrische Verschlüsselung)" #: authentik/providers/oauth2/models.py msgid "ES512 (Asymmetric Encryption)" -msgstr "" +msgstr "ES5122 (Asymmetrische Verschlüsselung)" #: authentik/providers/oauth2/models.py msgid "Scope used by the client" @@ -2183,11 +2221,11 @@ msgstr "Standard" #: authentik/providers/scim/models.py msgid "AWS" -msgstr "" +msgstr "AWS" #: authentik/providers/scim/models.py msgid "Slack" -msgstr "" +msgstr "Slack" #: authentik/providers/scim/models.py msgid "Base URL to SCIM requests, usually ends in /v2" @@ -2199,7 +2237,7 @@ msgstr "Authentifizierungstoken" #: authentik/providers/scim/models.py msgid "SCIM Compatibility Mode" -msgstr "" +msgstr "SCIM Kompatibilitätsmodus" #: authentik/providers/scim/models.py msgid "Alter authentik behavior for vendor-specific SCIM implementations." @@ -2231,7 +2269,7 @@ msgstr "Rollen" #: authentik/rbac/models.py msgid "Initial Permissions" -msgstr "" +msgstr "Initiale Berechtigungen" #: authentik/rbac/models.py msgid "System permission" @@ -2487,6 +2525,12 @@ msgid "" "Active Directory" msgstr "" +#: authentik/sources/ldap/models.py +msgid "" +"Delete authentik users and groups which were previously supplied by this " +"source, but are now missing from it." +msgstr "" + #: authentik/sources/ldap/models.py msgid "LDAP Source" msgstr "LDAP Quelle" @@ -2504,20 +2548,25 @@ msgid "LDAP Source Property Mappings" msgstr "LDAP Quelle Eigenschafts-Zuordnungen" #: authentik/sources/ldap/models.py -msgid "User LDAP Source Connection" +msgid "" +"Unique ID used while checking if this object still exists in the directory." msgstr "" +#: authentik/sources/ldap/models.py +msgid "User LDAP Source Connection" +msgstr "Benutzer LDAP-Quellverbindung" + #: authentik/sources/ldap/models.py msgid "User LDAP Source Connections" -msgstr "" +msgstr "Benutzer LDAP-Quellverbindungen" #: authentik/sources/ldap/models.py msgid "Group LDAP Source Connection" -msgstr "" +msgstr "LDAP Gruppen Quellverbindung" #: authentik/sources/ldap/models.py msgid "Group LDAP Source Connections" -msgstr "" +msgstr "LDAP Gruppen Quellverbindungen" #: authentik/sources/ldap/signals.py msgid "Password does not match Active Directory Complexity." @@ -2530,7 +2579,7 @@ msgstr "Kein Token empfangen." #: authentik/sources/oauth/models.py msgid "HTTP Basic Authentication" -msgstr "" +msgstr "HTTP Basic Authentifizierung" #: authentik/sources/oauth/models.py msgid "Include the client ID and secret as request parameters" @@ -2896,6 +2945,11 @@ msgstr "SAML Gruppen Quellverbindung" msgid "Group SAML Source Connections" msgstr "SAML Gruppen Quellverbindungen" +#: authentik/sources/saml/views.py +#, python-brace-format +msgid "Continue to {source_name}" +msgstr "" + #: authentik/sources/scim/models.py msgid "SCIM Source" msgstr "SCIM Quelle" @@ -2930,7 +2984,7 @@ msgstr "Duo Geräte" #: authentik/stages/authenticator_email/models.py msgid "Email OTP" -msgstr "" +msgstr "E-Mail Einmalpasswort" #: authentik/stages/authenticator_email/models.py #: authentik/stages/email/models.py @@ -2963,11 +3017,11 @@ msgstr "Beim Rendern der E-Mail-Vorlage ist ein Fehler aufgetreten" #: authentik/stages/authenticator_email/models.py msgid "Email Device" -msgstr "" +msgstr "E-Mail Gerät" #: authentik/stages/authenticator_email/models.py msgid "Email Devices" -msgstr "" +msgstr "E-Mail Geräte" #: authentik/stages/authenticator_email/stage.py #: authentik/stages/authenticator_sms/stage.py @@ -2977,7 +3031,7 @@ msgstr "Code stimmt nicht überein" #: authentik/stages/authenticator_email/stage.py msgid "Invalid email" -msgstr "" +msgstr "Ungültige E-Mail" #: authentik/stages/authenticator_email/templates/email/email_otp.html #: authentik/stages/email/templates/email/password_reset.html @@ -3273,6 +3327,10 @@ msgstr "Zustimmung der Benutzer" msgid "User Consents" msgstr "Zustimmungen der Benutzer" +#: authentik/stages/consent/stage.py +msgid "Invalid consent token, re-showing prompt" +msgstr "" + #: authentik/stages/deny/models.py msgid "Deny Stage" msgstr "Verweigerungsstufe" @@ -3289,6 +3347,14 @@ msgstr "Dummy Stufe" msgid "Dummy Stages" msgstr "Dummy Stufen" +#: authentik/stages/email/flow.py +msgid "Continue to confirm this email address." +msgstr "" + +#: authentik/stages/email/flow.py +msgid "Link was already used, please request a new link." +msgstr "" + #: authentik/stages/email/models.py msgid "Password Reset" msgstr "Passwort zurücksetzen" @@ -3890,10 +3956,11 @@ msgstr "" #: authentik/tenants/models.py msgid "Reputation cannot decrease lower than this value. Zero or negative." msgstr "" +"Reputation kann nicht niedriger als dieser Wert sein. Null oder negativ." #: authentik/tenants/models.py msgid "Reputation cannot increase higher than this value. Zero or positive." -msgstr "" +msgstr "Reputation kann nicht höher als dieser Wert sein. Null oder positiv." #: authentik/tenants/models.py msgid "The option configures the footer links on the flow executor pages." diff --git a/locale/en/LC_MESSAGES/django.po b/locale/en/LC_MESSAGES/django.po index 23f4405965..bbe2b06fc4 100644 --- a/locale/en/LC_MESSAGES/django.po +++ b/locale/en/LC_MESSAGES/django.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2025-05-20 00:10+0000\n" +"POT-Creation-Date: 2025-06-02 00:12+0000\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -961,8 +961,11 @@ msgid "Starting full provider sync" msgstr "" #: authentik/lib/sync/outgoing/tasks.py -#, python-brace-format -msgid "Syncing page {page} of users" +msgid "Syncing users" +msgstr "" + +#: authentik/lib/sync/outgoing/tasks.py +msgid "Syncing groups" msgstr "" #: authentik/lib/sync/outgoing/tasks.py @@ -2223,6 +2226,10 @@ msgstr "" msgid "Consider Objects matching this filter to be Users." msgstr "" +#: authentik/sources/ldap/models.py +msgid "Attribute which matches the value of `group_membership_field`." +msgstr "" + #: authentik/sources/ldap/models.py msgid "Field which contains members of a group." msgstr "" @@ -2252,6 +2259,12 @@ msgid "" "Active Directory" msgstr "" +#: authentik/sources/ldap/models.py +msgid "" +"Delete authentik users and groups which were previously supplied by this " +"source, but are now missing from it." +msgstr "" + #: authentik/sources/ldap/models.py msgid "LDAP Source" msgstr "" @@ -2268,6 +2281,11 @@ msgstr "" msgid "LDAP Source Property Mappings" msgstr "" +#: authentik/sources/ldap/models.py +msgid "" +"Unique ID used while checking if this object still exists in the directory." +msgstr "" + #: authentik/sources/ldap/models.py msgid "User LDAP Source Connection" msgstr "" @@ -2639,6 +2657,11 @@ msgstr "" msgid "Group SAML Source Connections" msgstr "" +#: authentik/sources/saml/views.py +#, python-brace-format +msgid "Continue to {source_name}" +msgstr "" + #: authentik/sources/scim/models.py msgid "SCIM Source" msgstr "" @@ -2994,6 +3017,10 @@ msgstr "" msgid "User Consents" msgstr "" +#: authentik/stages/consent/stage.py +msgid "Invalid consent token, re-showing prompt" +msgstr "" + #: authentik/stages/deny/models.py msgid "Deny Stage" msgstr "" @@ -3010,6 +3037,14 @@ msgstr "" msgid "Dummy Stages" msgstr "" +#: authentik/stages/email/flow.py +msgid "Continue to confirm this email address." +msgstr "" + +#: authentik/stages/email/flow.py +msgid "Link was already used, please request a new link." +msgstr "" + #: authentik/stages/email/models.py msgid "Password Reset" msgstr "" @@ -3462,10 +3497,6 @@ msgstr "" msgid "No Pending user to login." msgstr "" -#: authentik/stages/user_login/stage.py -msgid "Successfully logged in!" -msgstr "" - #: authentik/stages/user_logout/models.py msgid "User Logout Stage" msgstr "" diff --git a/locale/es/LC_MESSAGES/django.mo b/locale/es/LC_MESSAGES/django.mo index ec44878376..0582df9e28 100644 Binary files a/locale/es/LC_MESSAGES/django.mo and b/locale/es/LC_MESSAGES/django.mo differ diff --git a/locale/es/LC_MESSAGES/django.po b/locale/es/LC_MESSAGES/django.po index 7a9e7e415f..b8f0d15dc0 100644 --- a/locale/es/LC_MESSAGES/django.po +++ b/locale/es/LC_MESSAGES/django.po @@ -15,7 +15,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2025-04-23 09:00+0000\n" +"POT-Creation-Date: 2025-05-28 11:25+0000\n" "PO-Revision-Date: 2022-09-26 16:47+0000\n" "Last-Translator: Jens L. , 2025\n" "Language-Team: Spanish (https://app.transifex.com/authentik/teams/119923/es/)\n" @@ -109,6 +109,10 @@ msgstr "" msgid "Web Certificate used by the authentik Core webserver." msgstr "Certificado Web usado por el servidor web Core de authentik" +#: authentik/brands/models.py +msgid "Certificates used for client authentication." +msgstr "" + #: authentik/brands/models.py msgid "Brand" msgstr "Marca" @@ -671,6 +675,33 @@ msgstr "Dispositivos de Punto de Conexión" msgid "Verifying your browser..." msgstr "Verificando tu navegador..." +#: authentik/enterprise/stages/mtls/models.py +msgid "" +"Configure certificate authorities to validate the certificate against. This " +"option has a higher priority than the `client_certificate` option on " +"`Brand`." +msgstr "" + +#: authentik/enterprise/stages/mtls/models.py +msgid "Mutual TLS Stage" +msgstr "" + +#: authentik/enterprise/stages/mtls/models.py +msgid "Mutual TLS Stages" +msgstr "" + +#: authentik/enterprise/stages/mtls/models.py +msgid "Permissions to pass Certificates for outposts." +msgstr "" + +#: authentik/enterprise/stages/mtls/stage.py +msgid "Certificate required but no certificate was given." +msgstr "" + +#: authentik/enterprise/stages/mtls/stage.py +msgid "No user found for certificate." +msgstr "" + #: authentik/enterprise/stages/source/models.py msgid "" "Amount of time a user can take to return from the source to continue the " @@ -1009,9 +1040,12 @@ msgid "Starting full provider sync" msgstr "Iniciando sincronización completa de proveedor" #: authentik/lib/sync/outgoing/tasks.py -#, python-brace-format -msgid "Syncing page {page} of users" -msgstr "Sincronizando página {page} de usuarios" +msgid "Syncing users" +msgstr "" + +#: authentik/lib/sync/outgoing/tasks.py +msgid "Syncing groups" +msgstr "" #: authentik/lib/sync/outgoing/tasks.py #, python-brace-format @@ -2452,6 +2486,12 @@ msgid "" "Active Directory" msgstr "" +#: authentik/sources/ldap/models.py +msgid "" +"Delete authentik users and groups which were previously supplied by this " +"source, but are now missing from it." +msgstr "" + #: authentik/sources/ldap/models.py msgid "LDAP Source" msgstr "Fuente de LDAP" @@ -2468,6 +2508,11 @@ msgstr "Asignación de Propiedades de Fuente de LDAP" msgid "LDAP Source Property Mappings" msgstr "Asignaciones de Propiedades de Fuente de LDAP" +#: authentik/sources/ldap/models.py +msgid "" +"Unique ID used while checking if this object still exists in the directory." +msgstr "" + #: authentik/sources/ldap/models.py msgid "User LDAP Source Connection" msgstr "" @@ -2859,6 +2904,11 @@ msgstr "Conexión de Fuente de SAML de Grupo" msgid "Group SAML Source Connections" msgstr "Conexiones de Fuente de SAML de Grupo" +#: authentik/sources/saml/views.py +#, python-brace-format +msgid "Continue to {source_name}" +msgstr "" + #: authentik/sources/scim/models.py msgid "SCIM Source" msgstr "Fuente de SCIM" @@ -3245,6 +3295,10 @@ msgstr "Consentimiento del usuario" msgid "User Consents" msgstr "Consentimientos del usuario" +#: authentik/stages/consent/stage.py +msgid "Invalid consent token, re-showing prompt" +msgstr "" + #: authentik/stages/deny/models.py msgid "Deny Stage" msgstr "Etapa de denegación" @@ -3261,6 +3315,14 @@ msgstr "Escenario ficticio" msgid "Dummy Stages" msgstr "Etapas ficticias" +#: authentik/stages/email/flow.py +msgid "Continue to confirm this email address." +msgstr "" + +#: authentik/stages/email/flow.py +msgid "Link was already used, please request a new link." +msgstr "" + #: authentik/stages/email/models.py msgid "Password Reset" msgstr "Restablecimiento de contraseña" diff --git a/locale/fi/LC_MESSAGES/django.mo b/locale/fi/LC_MESSAGES/django.mo index 0c75afc0fe..748d0d7c46 100644 Binary files a/locale/fi/LC_MESSAGES/django.mo and b/locale/fi/LC_MESSAGES/django.mo differ diff --git a/locale/fi/LC_MESSAGES/django.po b/locale/fi/LC_MESSAGES/django.po index 2f6c8dc6a3..50f16df2eb 100644 --- a/locale/fi/LC_MESSAGES/django.po +++ b/locale/fi/LC_MESSAGES/django.po @@ -15,7 +15,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2025-04-23 09:00+0000\n" +"POT-Creation-Date: 2025-05-28 11:25+0000\n" "PO-Revision-Date: 2022-09-26 16:47+0000\n" "Last-Translator: Ville Ranki, 2025\n" "Language-Team: Finnish (https://app.transifex.com/authentik/teams/119923/fi/)\n" @@ -106,6 +106,10 @@ msgstr "" msgid "Web Certificate used by the authentik Core webserver." msgstr "Web-sertifikaatti, jota authentik Core -verkkopalvelin käyttää." +#: authentik/brands/models.py +msgid "Certificates used for client authentication." +msgstr "" + #: authentik/brands/models.py msgid "Brand" msgstr "Brändi" @@ -658,6 +662,33 @@ msgstr "Päätelaitteet" msgid "Verifying your browser..." msgstr "Selaintasi varmennetaan..." +#: authentik/enterprise/stages/mtls/models.py +msgid "" +"Configure certificate authorities to validate the certificate against. This " +"option has a higher priority than the `client_certificate` option on " +"`Brand`." +msgstr "" + +#: authentik/enterprise/stages/mtls/models.py +msgid "Mutual TLS Stage" +msgstr "" + +#: authentik/enterprise/stages/mtls/models.py +msgid "Mutual TLS Stages" +msgstr "" + +#: authentik/enterprise/stages/mtls/models.py +msgid "Permissions to pass Certificates for outposts." +msgstr "" + +#: authentik/enterprise/stages/mtls/stage.py +msgid "Certificate required but no certificate was given." +msgstr "" + +#: authentik/enterprise/stages/mtls/stage.py +msgid "No user found for certificate." +msgstr "" + #: authentik/enterprise/stages/source/models.py msgid "" "Amount of time a user can take to return from the source to continue the " @@ -996,9 +1027,12 @@ msgid "Starting full provider sync" msgstr "Käynnistetään palveluntarjoajan täysi synkronisointi" #: authentik/lib/sync/outgoing/tasks.py -#, python-brace-format -msgid "Syncing page {page} of users" -msgstr "Synkronoidaan käyttäjien sivua {page}" +msgid "Syncing users" +msgstr "" + +#: authentik/lib/sync/outgoing/tasks.py +msgid "Syncing groups" +msgstr "" #: authentik/lib/sync/outgoing/tasks.py #, python-brace-format @@ -2429,6 +2463,12 @@ msgid "" "Active Directory" msgstr "" +#: authentik/sources/ldap/models.py +msgid "" +"Delete authentik users and groups which were previously supplied by this " +"source, but are now missing from it." +msgstr "" + #: authentik/sources/ldap/models.py msgid "LDAP Source" msgstr "LDAP-lähde" @@ -2445,6 +2485,11 @@ msgstr "LDAP-lähteen ominaisuuskytkentä" msgid "LDAP Source Property Mappings" msgstr "LDAP-lähteen ominaisuuskytkennät" +#: authentik/sources/ldap/models.py +msgid "" +"Unique ID used while checking if this object still exists in the directory." +msgstr "" + #: authentik/sources/ldap/models.py msgid "User LDAP Source Connection" msgstr "" @@ -2837,6 +2882,11 @@ msgstr "Ryhmän SAML-lähteen yhteys" msgid "Group SAML Source Connections" msgstr "Ryhmän SAML-lähteen yhteydet" +#: authentik/sources/saml/views.py +#, python-brace-format +msgid "Continue to {source_name}" +msgstr "" + #: authentik/sources/scim/models.py msgid "SCIM Source" msgstr "SCIM-lähde" @@ -3216,6 +3266,10 @@ msgstr "Käyttäjän hyväksyntä" msgid "User Consents" msgstr "Käyttäjän hyväksynnät" +#: authentik/stages/consent/stage.py +msgid "Invalid consent token, re-showing prompt" +msgstr "" + #: authentik/stages/deny/models.py msgid "Deny Stage" msgstr "Kieltovaihe" @@ -3232,6 +3286,14 @@ msgstr "Valevaihe" msgid "Dummy Stages" msgstr "Valevaiheet" +#: authentik/stages/email/flow.py +msgid "Continue to confirm this email address." +msgstr "" + +#: authentik/stages/email/flow.py +msgid "Link was already used, please request a new link." +msgstr "" + #: authentik/stages/email/models.py msgid "Password Reset" msgstr "Salasanan nollaus" diff --git a/locale/fr/LC_MESSAGES/django.po b/locale/fr/LC_MESSAGES/django.po index ade9bb4bcd..3673dc95ed 100644 --- a/locale/fr/LC_MESSAGES/django.po +++ b/locale/fr/LC_MESSAGES/django.po @@ -19,7 +19,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2025-05-20 00:10+0000\n" +"POT-Creation-Date: 2025-05-28 11:25+0000\n" "PO-Revision-Date: 2022-09-26 16:47+0000\n" "Last-Translator: Marc Schmitt, 2025\n" "Language-Team: French (https://app.transifex.com/authentik/teams/119923/fr/)\n" @@ -1056,9 +1056,12 @@ msgid "Starting full provider sync" msgstr "Démarrage d'une synchronisation complète du fournisseur" #: authentik/lib/sync/outgoing/tasks.py -#, python-brace-format -msgid "Syncing page {page} of users" -msgstr "Synchronisation de la page {page} d'utilisateurs" +msgid "Syncing users" +msgstr "Synchronisation des utilisateurs" + +#: authentik/lib/sync/outgoing/tasks.py +msgid "Syncing groups" +msgstr "Synchronisation des groupes" #: authentik/lib/sync/outgoing/tasks.py #, python-brace-format @@ -2508,6 +2511,14 @@ msgstr "" "plutôt que sur un attribut de groupe. Cela permet la résolution des groupes " "imbriqués sur des systèmes tels que FreeIPA et Active Directory." +#: authentik/sources/ldap/models.py +msgid "" +"Delete authentik users and groups which were previously supplied by this " +"source, but are now missing from it." +msgstr "" +"Supprimer les utilisateurs et les groupes authentik qui étaient auparavant " +"fournis par cette source, mais qui en sont maintenant absents." + #: authentik/sources/ldap/models.py msgid "LDAP Source" msgstr "Source LDAP" @@ -2524,6 +2535,13 @@ msgstr "Mappage de propriété source LDAP" msgid "LDAP Source Property Mappings" msgstr "Mappages de propriété source LDAP" +#: authentik/sources/ldap/models.py +msgid "" +"Unique ID used while checking if this object still exists in the directory." +msgstr "" +"ID unique utilisé pour vérifier si cet objet existe toujours dans le " +"répertoire." + #: authentik/sources/ldap/models.py msgid "User LDAP Source Connection" msgstr "Connexion de l'utilisateur à la source LDAP" @@ -2918,6 +2936,11 @@ msgstr "Connexion du groupe à la source SAML" msgid "Group SAML Source Connections" msgstr "Connexions du groupe à la source SAML" +#: authentik/sources/saml/views.py +#, python-brace-format +msgid "Continue to {source_name}" +msgstr "Continuer vers {source_name}" + #: authentik/sources/scim/models.py msgid "SCIM Source" msgstr "Source SCIM" @@ -3308,6 +3331,10 @@ msgstr "Consentement Utilisateur" msgid "User Consents" msgstr "Consentements Utilisateur" +#: authentik/stages/consent/stage.py +msgid "Invalid consent token, re-showing prompt" +msgstr "Jeton de consentement invalide, réaffichage de l'invite" + #: authentik/stages/deny/models.py msgid "Deny Stage" msgstr "Étape de Refus" @@ -3324,6 +3351,14 @@ msgstr "Étape factice" msgid "Dummy Stages" msgstr "Étapes factices" +#: authentik/stages/email/flow.py +msgid "Continue to confirm this email address." +msgstr "Continuer pour confirmer cette adresse courriel." + +#: authentik/stages/email/flow.py +msgid "Link was already used, please request a new link." +msgstr "Ce lien a déjà été utilisé, veuillez en demander un nouveau." + #: authentik/stages/email/models.py msgid "Password Reset" msgstr "Réinitialiser le Mot de Passe" diff --git a/locale/it/LC_MESSAGES/django.po b/locale/it/LC_MESSAGES/django.po index 27bba97345..c1bddeed9a 100644 --- a/locale/it/LC_MESSAGES/django.po +++ b/locale/it/LC_MESSAGES/django.po @@ -20,7 +20,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2025-04-23 09:00+0000\n" +"POT-Creation-Date: 2025-05-28 11:25+0000\n" "PO-Revision-Date: 2022-09-26 16:47+0000\n" "Last-Translator: Kowalski Dragon (kowalski7cc) , 2025\n" "Language-Team: Italian (https://app.transifex.com/authentik/teams/119923/it/)\n" @@ -114,6 +114,10 @@ msgstr "" msgid "Web Certificate used by the authentik Core webserver." msgstr "Certificato Web utilizzato dal server Web authentik Core." +#: authentik/brands/models.py +msgid "Certificates used for client authentication." +msgstr "" + #: authentik/brands/models.py msgid "Brand" msgstr "Brand" @@ -672,6 +676,33 @@ msgstr "Dispositivi di Accesso" msgid "Verifying your browser..." msgstr "Verifica del tuo browser..." +#: authentik/enterprise/stages/mtls/models.py +msgid "" +"Configure certificate authorities to validate the certificate against. This " +"option has a higher priority than the `client_certificate` option on " +"`Brand`." +msgstr "" + +#: authentik/enterprise/stages/mtls/models.py +msgid "Mutual TLS Stage" +msgstr "" + +#: authentik/enterprise/stages/mtls/models.py +msgid "Mutual TLS Stages" +msgstr "" + +#: authentik/enterprise/stages/mtls/models.py +msgid "Permissions to pass Certificates for outposts." +msgstr "" + +#: authentik/enterprise/stages/mtls/stage.py +msgid "Certificate required but no certificate was given." +msgstr "" + +#: authentik/enterprise/stages/mtls/stage.py +msgid "No user found for certificate." +msgstr "" + #: authentik/enterprise/stages/source/models.py msgid "" "Amount of time a user can take to return from the source to continue the " @@ -1018,9 +1049,12 @@ msgid "Starting full provider sync" msgstr "Avvio della sincronizzazione completa del provider" #: authentik/lib/sync/outgoing/tasks.py -#, python-brace-format -msgid "Syncing page {page} of users" -msgstr "Sincronizzando pagina {page} degli utenti" +msgid "Syncing users" +msgstr "" + +#: authentik/lib/sync/outgoing/tasks.py +msgid "Syncing groups" +msgstr "" #: authentik/lib/sync/outgoing/tasks.py #, python-brace-format @@ -2463,6 +2497,12 @@ msgstr "" "attributo di gruppo. Questo consente la risoluzione di gruppi nidificati su " "sistemi come FreeIPA e Active Directory." +#: authentik/sources/ldap/models.py +msgid "" +"Delete authentik users and groups which were previously supplied by this " +"source, but are now missing from it." +msgstr "" + #: authentik/sources/ldap/models.py msgid "LDAP Source" msgstr "Sorgente LDAP" @@ -2479,6 +2519,11 @@ msgstr "Mappatura delle proprietà sorgente LDAP" msgid "LDAP Source Property Mappings" msgstr "Mappature delle proprietà della sorgente LDAP" +#: authentik/sources/ldap/models.py +msgid "" +"Unique ID used while checking if this object still exists in the directory." +msgstr "" + #: authentik/sources/ldap/models.py msgid "User LDAP Source Connection" msgstr "Connessione Sorgente LDAP Utente" @@ -2872,6 +2917,11 @@ msgstr "Connessione sorgente SAML di gruppo" msgid "Group SAML Source Connections" msgstr "Connessioni sorgente SAML di gruppo" +#: authentik/sources/saml/views.py +#, python-brace-format +msgid "Continue to {source_name}" +msgstr "" + #: authentik/sources/scim/models.py msgid "SCIM Source" msgstr "Sorgente SCIM" @@ -3269,6 +3319,10 @@ msgstr "Consenso utente" msgid "User Consents" msgstr "Consensi utente" +#: authentik/stages/consent/stage.py +msgid "Invalid consent token, re-showing prompt" +msgstr "" + #: authentik/stages/deny/models.py msgid "Deny Stage" msgstr "Fase di negazione" @@ -3285,6 +3339,14 @@ msgstr "Fase fittizia" msgid "Dummy Stages" msgstr "Fasi fittizie" +#: authentik/stages/email/flow.py +msgid "Continue to confirm this email address." +msgstr "" + +#: authentik/stages/email/flow.py +msgid "Link was already used, please request a new link." +msgstr "" + #: authentik/stages/email/models.py msgid "Password Reset" msgstr "Ripristino password" diff --git a/locale/ko/LC_MESSAGES/django.po b/locale/ko/LC_MESSAGES/django.po index ac8226ce05..d59e57eb9b 100644 --- a/locale/ko/LC_MESSAGES/django.po +++ b/locale/ko/LC_MESSAGES/django.po @@ -12,7 +12,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2025-04-23 09:00+0000\n" +"POT-Creation-Date: 2025-05-28 11:25+0000\n" "PO-Revision-Date: 2022-09-26 16:47+0000\n" "Last-Translator: NavyStack, 2023\n" "Language-Team: Korean (https://app.transifex.com/authentik/teams/119923/ko/)\n" @@ -99,6 +99,10 @@ msgstr "" msgid "Web Certificate used by the authentik Core webserver." msgstr "Authentik Core 웹서버에서 사용하는 웹 인증서." +#: authentik/brands/models.py +msgid "Certificates used for client authentication." +msgstr "" + #: authentik/brands/models.py msgid "Brand" msgstr "" @@ -625,6 +629,33 @@ msgstr "" msgid "Verifying your browser..." msgstr "" +#: authentik/enterprise/stages/mtls/models.py +msgid "" +"Configure certificate authorities to validate the certificate against. This " +"option has a higher priority than the `client_certificate` option on " +"`Brand`." +msgstr "" + +#: authentik/enterprise/stages/mtls/models.py +msgid "Mutual TLS Stage" +msgstr "" + +#: authentik/enterprise/stages/mtls/models.py +msgid "Mutual TLS Stages" +msgstr "" + +#: authentik/enterprise/stages/mtls/models.py +msgid "Permissions to pass Certificates for outposts." +msgstr "" + +#: authentik/enterprise/stages/mtls/stage.py +msgid "Certificate required but no certificate was given." +msgstr "" + +#: authentik/enterprise/stages/mtls/stage.py +msgid "No user found for certificate." +msgstr "" + #: authentik/enterprise/stages/source/models.py msgid "" "Amount of time a user can take to return from the source to continue the " @@ -946,8 +977,11 @@ msgid "Starting full provider sync" msgstr "" #: authentik/lib/sync/outgoing/tasks.py -#, python-brace-format -msgid "Syncing page {page} of users" +msgid "Syncing users" +msgstr "" + +#: authentik/lib/sync/outgoing/tasks.py +msgid "Syncing groups" msgstr "" #: authentik/lib/sync/outgoing/tasks.py @@ -2263,6 +2297,12 @@ msgid "" "Active Directory" msgstr "" +#: authentik/sources/ldap/models.py +msgid "" +"Delete authentik users and groups which were previously supplied by this " +"source, but are now missing from it." +msgstr "" + #: authentik/sources/ldap/models.py msgid "LDAP Source" msgstr "LDAP 소스" @@ -2279,6 +2319,11 @@ msgstr "" msgid "LDAP Source Property Mappings" msgstr "" +#: authentik/sources/ldap/models.py +msgid "" +"Unique ID used while checking if this object still exists in the directory." +msgstr "" + #: authentik/sources/ldap/models.py msgid "User LDAP Source Connection" msgstr "" @@ -2657,6 +2702,11 @@ msgstr "" msgid "Group SAML Source Connections" msgstr "" +#: authentik/sources/saml/views.py +#, python-brace-format +msgid "Continue to {source_name}" +msgstr "" + #: authentik/sources/scim/models.py msgid "SCIM Source" msgstr "" @@ -3017,6 +3067,10 @@ msgstr "사용자 동의" msgid "User Consents" msgstr "사용자 동의" +#: authentik/stages/consent/stage.py +msgid "Invalid consent token, re-showing prompt" +msgstr "" + #: authentik/stages/deny/models.py msgid "Deny Stage" msgstr "거부 스테이지" @@ -3033,6 +3087,14 @@ msgstr "더미 스테이지" msgid "Dummy Stages" msgstr "더미 스테이지" +#: authentik/stages/email/flow.py +msgid "Continue to confirm this email address." +msgstr "" + +#: authentik/stages/email/flow.py +msgid "Link was already used, please request a new link." +msgstr "" + #: authentik/stages/email/models.py msgid "Password Reset" msgstr "비밀번호 초기화" diff --git a/locale/nl/LC_MESSAGES/django.mo b/locale/nl/LC_MESSAGES/django.mo index 16fa94d0d1..cb7b2e43fb 100644 Binary files a/locale/nl/LC_MESSAGES/django.mo and b/locale/nl/LC_MESSAGES/django.mo differ diff --git a/locale/nl/LC_MESSAGES/django.po b/locale/nl/LC_MESSAGES/django.po index 0e3b36b4bc..0407f074fd 100644 --- a/locale/nl/LC_MESSAGES/django.po +++ b/locale/nl/LC_MESSAGES/django.po @@ -19,7 +19,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2025-04-11 00:10+0000\n" +"POT-Creation-Date: 2025-05-28 11:25+0000\n" "PO-Revision-Date: 2022-09-26 16:47+0000\n" "Last-Translator: Dany Sluijk, 2025\n" "Language-Team: Dutch (https://app.transifex.com/authentik/teams/119923/nl/)\n" @@ -113,6 +113,10 @@ msgstr "" msgid "Web Certificate used by the authentik Core webserver." msgstr "Webcertificaat gebruikt door de authentik Core-webserver." +#: authentik/brands/models.py +msgid "Certificates used for client authentication." +msgstr "" + #: authentik/brands/models.py msgid "Brand" msgstr "Merk" @@ -191,6 +195,7 @@ msgid "User's display name." msgstr "Weergavenaam van de gebruiker." #: authentik/core/models.py authentik/providers/oauth2/models.py +#: authentik/rbac/models.py msgid "User" msgstr "Gebruiker" @@ -379,6 +384,18 @@ msgstr "Eigenschapskoppeling" msgid "Property Mappings" msgstr "Eigenschapskoppelingen" +#: authentik/core/models.py +msgid "session data" +msgstr "" + +#: authentik/core/models.py +msgid "Session" +msgstr "Sessie" + +#: authentik/core/models.py +msgid "Sessions" +msgstr "Sessies" + #: authentik/core/models.py msgid "Authenticated Session" msgstr "Geauthenticeerde Sessie" @@ -486,6 +503,38 @@ msgstr "Licentie Gebruik" msgid "License Usage Records" msgstr "Licentie Gebruik Records" +#: authentik/enterprise/policies/unique_password/models.py +#: authentik/policies/password/models.py +msgid "Field key to check, field keys defined in Prompt stages are available." +msgstr "" +"Veldsleutel om te controleren, veldsleutels gedefinieerd in Prompt-stadia " +"zijn beschikbaar." + +#: authentik/enterprise/policies/unique_password/models.py +msgid "Number of passwords to check against." +msgstr "" + +#: authentik/enterprise/policies/unique_password/models.py +#: authentik/policies/password/models.py +msgid "Password not set in context" +msgstr "Wachtwoord niet ingesteld in context" + +#: authentik/enterprise/policies/unique_password/models.py +msgid "This password has been used previously. Please choose a different one." +msgstr "" + +#: authentik/enterprise/policies/unique_password/models.py +msgid "Password Uniqueness Policy" +msgstr "" + +#: authentik/enterprise/policies/unique_password/models.py +msgid "Password Uniqueness Policies" +msgstr "" + +#: authentik/enterprise/policies/unique_password/models.py +msgid "User Password History" +msgstr "" + #: authentik/enterprise/policy.py msgid "Enterprise required to access this feature." msgstr "Enterprise benodigd voor toegang tot deze functie." @@ -622,6 +671,33 @@ msgstr "" msgid "Verifying your browser..." msgstr "Uw browser wordt geverifieerd..." +#: authentik/enterprise/stages/mtls/models.py +msgid "" +"Configure certificate authorities to validate the certificate against. This " +"option has a higher priority than the `client_certificate` option on " +"`Brand`." +msgstr "" + +#: authentik/enterprise/stages/mtls/models.py +msgid "Mutual TLS Stage" +msgstr "" + +#: authentik/enterprise/stages/mtls/models.py +msgid "Mutual TLS Stages" +msgstr "" + +#: authentik/enterprise/stages/mtls/models.py +msgid "Permissions to pass Certificates for outposts." +msgstr "" + +#: authentik/enterprise/stages/mtls/stage.py +msgid "Certificate required but no certificate was given." +msgstr "" + +#: authentik/enterprise/stages/mtls/stage.py +msgid "No user found for certificate." +msgstr "" + #: authentik/enterprise/stages/source/models.py msgid "" "Amount of time a user can take to return from the source to continue the " @@ -963,8 +1039,11 @@ msgid "Starting full provider sync" msgstr "" #: authentik/lib/sync/outgoing/tasks.py -#, python-brace-format -msgid "Syncing page {page} of users" +msgid "Syncing users" +msgstr "" + +#: authentik/lib/sync/outgoing/tasks.py +msgid "Syncing groups" msgstr "" #: authentik/lib/sync/outgoing/tasks.py @@ -1265,12 +1344,6 @@ msgstr "" msgid "Clear Policy's cache metrics" msgstr "" -#: authentik/policies/password/models.py -msgid "Field key to check, field keys defined in Prompt stages are available." -msgstr "" -"Veldsleutel om te controleren, veldsleutels gedefinieerd in Prompt-stadia " -"zijn beschikbaar." - #: authentik/policies/password/models.py msgid "How many times the password hash is allowed to be on haveibeenpwned" msgstr "Hoe vaak het wachtwoordhash op haveibeenpwned mag voorkomen" @@ -1282,10 +1355,6 @@ msgstr "" "Als de zxcvbn-score gelijk is aan of lager is dan deze waarde, zal het " "beleid falen." -#: authentik/policies/password/models.py -msgid "Password not set in context" -msgstr "Wachtwoord niet ingesteld in context" - #: authentik/policies/password/models.py msgid "Invalid password." msgstr "" @@ -1327,20 +1396,6 @@ msgstr "Reputatie Score" msgid "Reputation Scores" msgstr "Reputatie Scores" -#: authentik/policies/templates/policies/buffer.html -msgid "Waiting for authentication..." -msgstr "" - -#: authentik/policies/templates/policies/buffer.html -msgid "" -"You're already authenticating in another tab. This page will refresh once " -"authentication is completed." -msgstr "" - -#: authentik/policies/templates/policies/buffer.html -msgid "Authenticate in this tab" -msgstr "" - #: authentik/policies/templates/policies/denied.html msgid "Permission denied" msgstr "Toestemming geweigerd" @@ -2160,6 +2215,10 @@ msgstr "" msgid "Roles" msgstr "" +#: authentik/rbac/models.py +msgid "Initial Permissions" +msgstr "" + #: authentik/rbac/models.py msgid "System permission" msgstr "" @@ -2392,6 +2451,12 @@ msgid "" "Active Directory" msgstr "" +#: authentik/sources/ldap/models.py +msgid "" +"Delete authentik users and groups which were previously supplied by this " +"source, but are now missing from it." +msgstr "" + #: authentik/sources/ldap/models.py msgid "LDAP Source" msgstr "LDAP-bron" @@ -2408,6 +2473,27 @@ msgstr "" msgid "LDAP Source Property Mappings" msgstr "" +#: authentik/sources/ldap/models.py +msgid "" +"Unique ID used while checking if this object still exists in the directory." +msgstr "" + +#: authentik/sources/ldap/models.py +msgid "User LDAP Source Connection" +msgstr "" + +#: authentik/sources/ldap/models.py +msgid "User LDAP Source Connections" +msgstr "" + +#: authentik/sources/ldap/models.py +msgid "Group LDAP Source Connection" +msgstr "" + +#: authentik/sources/ldap/models.py +msgid "Group LDAP Source Connections" +msgstr "" + #: authentik/sources/ldap/signals.py msgid "Password does not match Active Directory Complexity." msgstr "" @@ -2417,6 +2503,14 @@ msgstr "" msgid "No token received." msgstr "Geen token ontvangen." +#: authentik/sources/oauth/models.py +msgid "HTTP Basic Authentication" +msgstr "" + +#: authentik/sources/oauth/models.py +msgid "Include the client ID and secret as request parameters" +msgstr "" + #: authentik/sources/oauth/models.py msgid "Request Token URL" msgstr "URL voor aanvragen van token" @@ -2458,6 +2552,12 @@ msgstr "" msgid "Additional Scopes" msgstr "Aanvullende scopes" +#: authentik/sources/oauth/models.py +msgid "" +"How to perform authentication during an authorization_code token request " +"flow" +msgstr "" + #: authentik/sources/oauth/models.py msgid "OAuth Source" msgstr "OAuth-bron" @@ -2769,6 +2869,11 @@ msgstr "" msgid "Group SAML Source Connections" msgstr "" +#: authentik/sources/saml/views.py +#, python-brace-format +msgid "Continue to {source_name}" +msgstr "" + #: authentik/sources/scim/models.py msgid "SCIM Source" msgstr "" @@ -3142,6 +3247,10 @@ msgstr "Gebruikerstoestemming" msgid "User Consents" msgstr "Gebruikersinstemmingen" +#: authentik/stages/consent/stage.py +msgid "Invalid consent token, re-showing prompt" +msgstr "" + #: authentik/stages/deny/models.py msgid "Deny Stage" msgstr "Weigerfase" @@ -3158,6 +3267,14 @@ msgstr "Dummystadium" msgid "Dummy Stages" msgstr "Dummystadia" +#: authentik/stages/email/flow.py +msgid "Continue to confirm this email address." +msgstr "" + +#: authentik/stages/email/flow.py +msgid "Link was already used, please request a new link." +msgstr "" + #: authentik/stages/email/models.py msgid "Password Reset" msgstr "Wachtwoordherstel" @@ -3357,6 +3474,12 @@ msgstr "" "Wanneer ingeschakeld, slaagt de stap en gaat verder wanneer ongeldige " "gebruikersgegevens zijn ingevoerd." +#: authentik/stages/identification/models.py +msgid "" +"Show the user the 'Remember me on this device' toggle, allowing repeat users" +" to skip straight to entering their password." +msgstr "" + #: authentik/stages/identification/models.py msgid "Optional enrollment flow, which is linked at the bottom of the page." msgstr "Optionele inschrijvingsflow, die onderaan de pagina is gekoppeld." @@ -3742,6 +3865,14 @@ msgstr "" "Gebeurtenissen worden verwijderd na deze duur. (Indeling: " "weken=3;dagen=2;uren=3;seconden=2)." +#: authentik/tenants/models.py +msgid "Reputation cannot decrease lower than this value. Zero or negative." +msgstr "" + +#: authentik/tenants/models.py +msgid "Reputation cannot increase higher than this value. Zero or positive." +msgstr "" + #: authentik/tenants/models.py msgid "The option configures the footer links on the flow executor pages." msgstr "De optie stelt de voettekst links in op de flow uitvoer pagina's." diff --git a/locale/pt/LC_MESSAGES/django.po b/locale/pt/LC_MESSAGES/django.po index e5eb575eb3..5afafd7916 100644 --- a/locale/pt/LC_MESSAGES/django.po +++ b/locale/pt/LC_MESSAGES/django.po @@ -11,7 +11,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2025-04-23 09:00+0000\n" +"POT-Creation-Date: 2025-05-28 11:25+0000\n" "PO-Revision-Date: 2022-09-26 16:47+0000\n" "Last-Translator: Hugo Bicho, 2025\n" "Language-Team: Portuguese (https://app.transifex.com/authentik/teams/119923/pt/)\n" @@ -105,6 +105,10 @@ msgstr "" msgid "Web Certificate used by the authentik Core webserver." msgstr "Certificado Web usado pelo servidor web authentik Core." +#: authentik/brands/models.py +msgid "Certificates used for client authentication." +msgstr "" + #: authentik/brands/models.py msgid "Brand" msgstr "Marca" @@ -662,6 +666,33 @@ msgstr "Dispositivos do ponto de ligação" msgid "Verifying your browser..." msgstr "A verificar o seu browser..." +#: authentik/enterprise/stages/mtls/models.py +msgid "" +"Configure certificate authorities to validate the certificate against. This " +"option has a higher priority than the `client_certificate` option on " +"`Brand`." +msgstr "" + +#: authentik/enterprise/stages/mtls/models.py +msgid "Mutual TLS Stage" +msgstr "" + +#: authentik/enterprise/stages/mtls/models.py +msgid "Mutual TLS Stages" +msgstr "" + +#: authentik/enterprise/stages/mtls/models.py +msgid "Permissions to pass Certificates for outposts." +msgstr "" + +#: authentik/enterprise/stages/mtls/stage.py +msgid "Certificate required but no certificate was given." +msgstr "" + +#: authentik/enterprise/stages/mtls/stage.py +msgid "No user found for certificate." +msgstr "" + #: authentik/enterprise/stages/source/models.py msgid "" "Amount of time a user can take to return from the source to continue the " @@ -1007,9 +1038,12 @@ msgid "Starting full provider sync" msgstr "Iniciando a sincronização completa com o provedor" #: authentik/lib/sync/outgoing/tasks.py -#, python-brace-format -msgid "Syncing page {page} of users" -msgstr "A sincronizar a página {page} dos utilizadores" +msgid "Syncing users" +msgstr "" + +#: authentik/lib/sync/outgoing/tasks.py +msgid "Syncing groups" +msgstr "" #: authentik/lib/sync/outgoing/tasks.py #, python-brace-format @@ -2456,6 +2490,12 @@ msgstr "" " um atributo do grupo. Isto permite a resolução de grupos hierárquicos em " "sistemas como o FreeIPA e Active Directory." +#: authentik/sources/ldap/models.py +msgid "" +"Delete authentik users and groups which were previously supplied by this " +"source, but are now missing from it." +msgstr "" + #: authentik/sources/ldap/models.py msgid "LDAP Source" msgstr "Fonte LDAP" @@ -2472,6 +2512,11 @@ msgstr "Mapeamento de propriedades de fonte LDAP" msgid "LDAP Source Property Mappings" msgstr "Mapeamentos de propriedades de fonte LDAP" +#: authentik/sources/ldap/models.py +msgid "" +"Unique ID used while checking if this object still exists in the directory." +msgstr "" + #: authentik/sources/ldap/models.py msgid "User LDAP Source Connection" msgstr "Ligação à fonte LDAP de Utilizador" @@ -2865,6 +2910,11 @@ msgstr "Ligação à fonte SAML de Grupo" msgid "Group SAML Source Connections" msgstr "Ligações à fonte SAML de Grupo" +#: authentik/sources/saml/views.py +#, python-brace-format +msgid "Continue to {source_name}" +msgstr "" + #: authentik/sources/scim/models.py msgid "SCIM Source" msgstr "Fonte SCIM" @@ -3255,6 +3305,10 @@ msgstr "Consentimento do Utilizador" msgid "User Consents" msgstr "Consentimentos do Utilizador" +#: authentik/stages/consent/stage.py +msgid "Invalid consent token, re-showing prompt" +msgstr "" + #: authentik/stages/deny/models.py msgid "Deny Stage" msgstr "Etapa de negação" @@ -3271,6 +3325,14 @@ msgstr "Etapa fictícia" msgid "Dummy Stages" msgstr "Etapas fictícias" +#: authentik/stages/email/flow.py +msgid "Continue to confirm this email address." +msgstr "" + +#: authentik/stages/email/flow.py +msgid "Link was already used, please request a new link." +msgstr "" + #: authentik/stages/email/models.py msgid "Password Reset" msgstr "Redefinição de Palavra-Passe" diff --git a/locale/pt_BR/LC_MESSAGES/django.mo b/locale/pt_BR/LC_MESSAGES/django.mo index 737bbf5bd0..0c3f8d8c72 100644 Binary files a/locale/pt_BR/LC_MESSAGES/django.mo and b/locale/pt_BR/LC_MESSAGES/django.mo differ diff --git a/locale/pt_BR/LC_MESSAGES/django.po b/locale/pt_BR/LC_MESSAGES/django.po index 20c818f181..a51acae20d 100644 --- a/locale/pt_BR/LC_MESSAGES/django.po +++ b/locale/pt_BR/LC_MESSAGES/django.po @@ -8,19 +8,19 @@ # Josenivaldo Benito Junior, 2023 # Caio Lima, 2023 # Hacklab, 2023 -# Wagner Santos, 2024 # Rafael Mundel, 2024 # Anderson Silva Andrade , 2025 # Gil Poiares-Oliveira, 2025 +# Wagner Santos, 2025 # #, fuzzy msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2025-04-23 09:00+0000\n" +"POT-Creation-Date: 2025-05-28 11:25+0000\n" "PO-Revision-Date: 2022-09-26 16:47+0000\n" -"Last-Translator: Gil Poiares-Oliveira, 2025\n" +"Last-Translator: Wagner Santos, 2025\n" "Language-Team: Portuguese (Brazil) (https://app.transifex.com/authentik/teams/119923/pt_BR/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -112,6 +112,10 @@ msgstr "" msgid "Web Certificate used by the authentik Core webserver." msgstr "Certificado da Web usado pelo servidor da web authentik Core." +#: authentik/brands/models.py +msgid "Certificates used for client authentication." +msgstr "" + #: authentik/brands/models.py msgid "Brand" msgstr "Brand" @@ -271,11 +275,11 @@ msgstr "Aplicativos" #: authentik/core/models.py msgid "Application Entitlement" -msgstr "" +msgstr "Autorização de aplicação" #: authentik/core/models.py msgid "Application Entitlements" -msgstr "" +msgstr "Autorizações de aplicação" #: authentik/core/models.py msgid "Use the source-specific identifier" @@ -379,15 +383,15 @@ msgstr "Mapeamentos de propriedades" #: authentik/core/models.py msgid "session data" -msgstr "" +msgstr "dados de sessão" #: authentik/core/models.py msgid "Session" -msgstr "" +msgstr "Sessão" #: authentik/core/models.py msgid "Sessions" -msgstr "" +msgstr "Sessões" #: authentik/core/models.py msgid "Authenticated Session" @@ -505,7 +509,7 @@ msgstr "" #: authentik/enterprise/policies/unique_password/models.py msgid "Number of passwords to check against." -msgstr "" +msgstr "Número de senhas para verificar." #: authentik/enterprise/policies/unique_password/models.py #: authentik/policies/password/models.py @@ -514,19 +518,19 @@ msgstr "Senha não definida no contexto" #: authentik/enterprise/policies/unique_password/models.py msgid "This password has been used previously. Please choose a different one." -msgstr "" +msgstr "A senha já foi utilizada antes. Por favor, escolha uma diferente." #: authentik/enterprise/policies/unique_password/models.py msgid "Password Uniqueness Policy" -msgstr "" +msgstr "Política de exclusividade de senha" #: authentik/enterprise/policies/unique_password/models.py msgid "Password Uniqueness Policies" -msgstr "" +msgstr "Políticas de exclusividade de senha" #: authentik/enterprise/policies/unique_password/models.py msgid "User Password History" -msgstr "" +msgstr "Histórico de senhas do usuário" #: authentik/enterprise/policy.py msgid "Enterprise required to access this feature." @@ -610,39 +614,39 @@ msgstr "Chave de Assinatura" #: authentik/enterprise/providers/ssf/models.py msgid "Key used to sign the SSF Events." -msgstr "" +msgstr "Chave utilizada para assinar os eventos SSF." #: authentik/enterprise/providers/ssf/models.py msgid "Shared Signals Framework Provider" -msgstr "" +msgstr "Provedor de Shared Signals Framework" #: authentik/enterprise/providers/ssf/models.py msgid "Shared Signals Framework Providers" -msgstr "" +msgstr "Provedores de Shared Signals Framework" #: authentik/enterprise/providers/ssf/models.py msgid "Add stream to SSF provider" -msgstr "" +msgstr "Adicionar stream ao fornecedor SSF" #: authentik/enterprise/providers/ssf/models.py msgid "SSF Stream" -msgstr "" +msgstr "Stream SSF" #: authentik/enterprise/providers/ssf/models.py msgid "SSF Streams" -msgstr "" +msgstr "Streams SSF" #: authentik/enterprise/providers/ssf/models.py msgid "SSF Stream Event" -msgstr "" +msgstr "Evento de stream SSF" #: authentik/enterprise/providers/ssf/models.py msgid "SSF Stream Events" -msgstr "" +msgstr "Eventos de stream SSF" #: authentik/enterprise/providers/ssf/tasks.py msgid "Failed to send request" -msgstr "" +msgstr "Falha ao enviar requisição" #: authentik/enterprise/stages/authenticator_endpoint_gdtc/models.py msgid "Endpoint Authenticator Google Device Trust Connector Stage" @@ -664,6 +668,33 @@ msgstr "" msgid "Verifying your browser..." msgstr "" +#: authentik/enterprise/stages/mtls/models.py +msgid "" +"Configure certificate authorities to validate the certificate against. This " +"option has a higher priority than the `client_certificate` option on " +"`Brand`." +msgstr "" + +#: authentik/enterprise/stages/mtls/models.py +msgid "Mutual TLS Stage" +msgstr "" + +#: authentik/enterprise/stages/mtls/models.py +msgid "Mutual TLS Stages" +msgstr "" + +#: authentik/enterprise/stages/mtls/models.py +msgid "Permissions to pass Certificates for outposts." +msgstr "" + +#: authentik/enterprise/stages/mtls/stage.py +msgid "Certificate required but no certificate was given." +msgstr "" + +#: authentik/enterprise/stages/mtls/stage.py +msgid "No user found for certificate." +msgstr "" + #: authentik/enterprise/stages/source/models.py msgid "" "Amount of time a user can take to return from the source to continue the " @@ -681,7 +712,7 @@ msgstr "" #: authentik/events/api/tasks.py #, python-brace-format msgid "Successfully started task {name}." -msgstr "" +msgstr "Tarefa {name} iniciada com sucesso." #: authentik/events/models.py msgid "Event" @@ -713,12 +744,16 @@ msgid "" "Customize the body of the request. Mapping should return data that is JSON-" "serializable." msgstr "" +"Personalize o corpo do pedido. O mapeamento deve retornar dados que sejam " +"serializáveis em JSON." #: authentik/events/models.py msgid "" "Configure additional headers to be sent. Mapping should return a dictionary " "of key-value pairs" msgstr "" +"Configurar cabeçalhos adicionais a serem enviados. O mapeamento deve " +"retornar um dicionário de pares chave-valor" #: authentik/events/models.py msgid "" @@ -998,8 +1033,11 @@ msgid "Starting full provider sync" msgstr "" #: authentik/lib/sync/outgoing/tasks.py -#, python-brace-format -msgid "Syncing page {page} of users" +msgid "Syncing users" +msgstr "" + +#: authentik/lib/sync/outgoing/tasks.py +msgid "Syncing groups" msgstr "" #: authentik/lib/sync/outgoing/tasks.py @@ -1314,7 +1352,7 @@ msgstr "" #: authentik/policies/password/models.py #, python-brace-format msgid "Password exists on {count} online lists." -msgstr "" +msgstr "A senha está presente em {count} listas de senhas vulneráveis." #: authentik/policies/password/models.py msgid "Password is too weak." @@ -2396,6 +2434,12 @@ msgid "" "Active Directory" msgstr "" +#: authentik/sources/ldap/models.py +msgid "" +"Delete authentik users and groups which were previously supplied by this " +"source, but are now missing from it." +msgstr "" + #: authentik/sources/ldap/models.py msgid "LDAP Source" msgstr "Fonte LDAP" @@ -2412,6 +2456,11 @@ msgstr "" msgid "LDAP Source Property Mappings" msgstr "" +#: authentik/sources/ldap/models.py +msgid "" +"Unique ID used while checking if this object still exists in the directory." +msgstr "" + #: authentik/sources/ldap/models.py msgid "User LDAP Source Connection" msgstr "" @@ -2802,6 +2851,11 @@ msgstr "" msgid "Group SAML Source Connections" msgstr "" +#: authentik/sources/saml/views.py +#, python-brace-format +msgid "Continue to {source_name}" +msgstr "" + #: authentik/sources/scim/models.py msgid "SCIM Source" msgstr "" @@ -3174,6 +3228,10 @@ msgstr "Consentimento do usuário" msgid "User Consents" msgstr "Consentimentos do usuário" +#: authentik/stages/consent/stage.py +msgid "Invalid consent token, re-showing prompt" +msgstr "" + #: authentik/stages/deny/models.py msgid "Deny Stage" msgstr "Negar Estágio" @@ -3190,6 +3248,14 @@ msgstr "Palco fictício" msgid "Dummy Stages" msgstr "Fases fictícias" +#: authentik/stages/email/flow.py +msgid "Continue to confirm this email address." +msgstr "" + +#: authentik/stages/email/flow.py +msgid "Link was already used, please request a new link." +msgstr "" + #: authentik/stages/email/models.py msgid "Password Reset" msgstr "Redefinição de senha" diff --git a/locale/pt_PT/LC_MESSAGES/django.po b/locale/pt_PT/LC_MESSAGES/django.po index 3413ea33dd..19564313d3 100644 --- a/locale/pt_PT/LC_MESSAGES/django.po +++ b/locale/pt_PT/LC_MESSAGES/django.po @@ -4,89 +4,292 @@ # FIRST AUTHOR , YEAR. # # Translators: -# Gil Oliveira, 2022 +# Hélder Silva , 2024 +# Sergio Reis, 2024 +# Gil Poiares-Oliveira, 2025 +# Tiago Gaspar, 2025 # #, fuzzy msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2022-01-03 12:29+0000\n" -"PO-Revision-Date: 2021-10-09 18:10+0000\n" -"Last-Translator: Gil Oliveira, 2022\n" -"Language-Team: Portuguese (Portugal) (https://www.transifex.com/authentik/teams/119923/pt_PT/)\n" +"POT-Creation-Date: 2025-05-28 11:25+0000\n" +"PO-Revision-Date: 2022-09-26 16:47+0000\n" +"Last-Translator: Tiago Gaspar, 2025\n" +"Language-Team: Portuguese (Portugal) (https://app.transifex.com/authentik/teams/119923/pt_PT/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Language: pt_PT\n" "Plural-Forms: nplurals=3; plural=(n == 0 || n == 1) ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;\n" -#: authentik/admin/api/tasks.py:95 -#, python-format -msgid "Successfully re-scheduled Task %(name)s!" -msgstr "Tarefa %(name)s reagendada com sucesso!" +#: authentik/admin/models.py +msgid "Version history" +msgstr "Histórico de versões" -#: authentik/api/schema.py:21 +#: authentik/admin/tasks.py +#, python-brace-format +msgid "New version {version} available!" +msgstr "Nova versão {version} disponível!" + +#: authentik/api/schema.py msgid "Generic API Error" msgstr "Erro genérico da API" -#: authentik/api/schema.py:29 +#: authentik/api/schema.py msgid "Validation Error" msgstr "Erro de Validação" -#: authentik/core/api/providers.py:89 -msgid "SAML Provider from Metadata" -msgstr "Provedor SAML a partir de Metadados" +#: authentik/blueprints/api.py +msgid "Blueprint file does not exist" +msgstr "Ficheiro de modelos não existe" -#: authentik/core/api/providers.py:90 -msgid "Create a SAML Provider by importing its Metadata." -msgstr "Criar um Provedor SAML através da importação dos seus Metadados." +#: authentik/blueprints/api.py +msgid "Failed to validate blueprint" +msgstr "Falha na validação de modelo" -#: authentik/core/models.py:69 +#: authentik/blueprints/api.py +msgid "Either path or content must be set." +msgstr "O caminho ou o conteúdo devem ser definidos." + +#: authentik/blueprints/models.py +msgid "Managed by authentik" +msgstr "Gerido pelo authentik" + +#: authentik/blueprints/models.py +msgid "" +"Objects that are managed by authentik. These objects are created and updated" +" automatically. This flag only indicates that an object can be overwritten " +"by migrations. You can still modify the objects via the API, but expect " +"changes to be overwritten in a later update." +msgstr "" +"Objetos geridos pelo authentik. Estes objetos são criados e atualizados " +"automaticamente. Este sinalizador apenas indica que um objeto pode ser " +"substituído por migrações. Ainda é possível modificar objetos através da " +"API, mas espera-se que as alterações sejam substituídas na próxima " +"atualização." + +#: authentik/blueprints/models.py +msgid "Blueprint Instance" +msgstr "Instância de Modelo" + +#: authentik/blueprints/models.py +msgid "Blueprint Instances" +msgstr "Instâncias de Modelo" + +#: authentik/blueprints/v1/exporter.py +#, python-brace-format +msgid "authentik Export - {date}" +msgstr "Exportação do authentik - {date}" + +#: authentik/blueprints/v1/tasks.py authentik/crypto/tasks.py +#, python-brace-format +msgid "Successfully imported {count} files." +msgstr "{count} ficheiros importados com sucesso." + +#: authentik/brands/models.py +msgid "" +"Domain that activates this brand. Can be a superset, i.e. `a.b` for `aa.b` " +"and `ba.b`" +msgstr "" +"Domínio que ativa esta marca. Pode ser um superset, por exemplo `a.b` for " +"`aa.b` e `ba.b`" + +#: authentik/brands/models.py +msgid "" +"When set, external users will be redirected to this application after " +"authenticating." +msgstr "" +"Quando definido, utilizadores externos serão redirecionados para esta " +"aplicação após autenticação." + +#: authentik/brands/models.py +msgid "Web Certificate used by the authentik Core webserver." +msgstr "Certificado Web usado pelo servidor web authentik Core." + +#: authentik/brands/models.py +msgid "Certificates used for client authentication." +msgstr "" + +#: authentik/brands/models.py +msgid "Brand" +msgstr "Marca" + +#: authentik/brands/models.py +msgid "Brands" +msgstr "Marcas" + +#: authentik/core/api/application_entitlements.py +msgid "User does not have access to application." +msgstr "O Utilizador não tem acesso à aplicação." + +#: authentik/core/api/devices.py +msgid "Extra description not available" +msgstr "Descrição extra não disponível" + +#: authentik/core/api/groups.py +msgid "Cannot set group as parent of itself." +msgstr "Não é possível definir grupo como pai de si." + +#: authentik/core/api/providers.py +msgid "" +"When not set all providers are returned. When set to true, only backchannel " +"providers are returned. When set to false, backchannel providers are " +"excluded" +msgstr "" +"Quando não definido, todos os fornecedores são devolvidos. Quando definido " +"como verdadeiro, apenas os fornecedores de backchannel são devolvidos. " +"Quando definido como falso, os fornecedores de backchannel são excluídos" + +#: authentik/core/api/transactional_applications.py +#, python-brace-format +msgid "User lacks permission to create {model}" +msgstr "O Utilizador não tem permissão para criar {model}" + +#: authentik/core/api/users.py +msgid "No leading or trailing slashes allowed." +msgstr "Não são permitidas barras à esquerda ou à direita." + +#: authentik/core/api/users.py +msgid "No empty segments in user path allowed." +msgstr "Não são permitidos segmentos vazios no endereço do utilizador." + +#: authentik/core/models.py msgid "name" msgstr "nome" -#: authentik/core/models.py:71 +#: authentik/core/models.py msgid "Users added to this group will be superusers." msgstr "Utilizadores adicionados a este grupo serão superutilizadores." -#: authentik/core/models.py:129 +#: authentik/core/models.py +msgid "Group" +msgstr "Grupo" + +#: authentik/core/models.py +msgid "Groups" +msgstr "Grupos" + +#: authentik/core/models.py +msgid "Add user to group" +msgstr "Adicionar utilizador ao grupo" + +#: authentik/core/models.py +msgid "Remove user from group" +msgstr "Remover utilizador do grupo" + +#: authentik/core/models.py +msgid "Enable superuser status" +msgstr "Ativar o estatuto de superutilizador" + +#: authentik/core/models.py +msgid "Disable superuser status" +msgstr "Desativar o estatuto de superutilizador" + +#: authentik/core/models.py msgid "User's display name." msgstr "Nome de exibição do utilizador." -#: authentik/core/models.py:212 authentik/providers/oauth2/models.py:299 +#: authentik/core/models.py authentik/providers/oauth2/models.py +#: authentik/rbac/models.py msgid "User" msgstr "Utilizador" -#: authentik/core/models.py:213 +#: authentik/core/models.py msgid "Users" msgstr "Utilizadores" -#: authentik/core/models.py:224 +#: authentik/core/models.py +#: authentik/stages/email/templates/email/password_reset.html +msgid "Reset Password" +msgstr "Redefinir Palavra-Passe" + +#: authentik/core/models.py +msgid "Can impersonate other users" +msgstr "Pode personificar outros utilizadores" + +#: authentik/core/models.py authentik/rbac/models.py +msgid "Can assign permissions to users" +msgstr "Pode atribuir permissões a utilizadores" + +#: authentik/core/models.py authentik/rbac/models.py +msgid "Can unassign permissions from users" +msgstr "Pode remover permissões de utilizadores" + +#: authentik/core/models.py +msgid "Can preview user data sent to providers" +msgstr "Pode pré-visualizar dados de utilizador enviados a provedores" + +#: authentik/core/models.py +msgid "View applications the user has access to" +msgstr "Ver as aplicações a que o utilizador tem acesso" + +#: authentik/core/models.py +msgid "" +"Flow used for authentication when the associated application is accessed by " +"an un-authenticated user." +msgstr "" +"Fluxo utilizado para autenticação quando a aplicação associada é acedida por" +" um utilizador não autenticado." + +#: authentik/core/models.py msgid "Flow used when authorizing this provider." msgstr "Fluxo usado ao autorizar este provedor." -#: authentik/core/models.py:257 +#: authentik/core/models.py +msgid "Flow used ending the session from a provider." +msgstr "Fluxo utilizado para terminar a sessão de um fornecedor." + +#: authentik/core/models.py +msgid "" +"Accessed from applications; optional backchannel providers for protocols " +"like LDAP and SCIM." +msgstr "" +"Acedido a partir de aplicações; fornecedores opcionais de backchannel para " +"protocolos como LDAP e SCIM." + +#: authentik/core/models.py msgid "Application's display Name." msgstr "Nome de exibição da Aplicação." -#: authentik/core/models.py:258 +#: authentik/core/models.py msgid "Internal application name, used in URLs." msgstr "Nome interno da aplicação, usado em URLs." -#: authentik/core/models.py:311 +#: authentik/core/models.py +msgid "Open launch URL in a new browser tab or window." +msgstr "Abrir o URL de lançamento num novo separador ou janela do navegador." + +#: authentik/core/models.py msgid "Application" msgstr "Aplicação" -#: authentik/core/models.py:312 +#: authentik/core/models.py msgid "Applications" msgstr "Aplicações" -#: authentik/core/models.py:318 +#: authentik/core/models.py +msgid "Application Entitlement" +msgstr "" + +#: authentik/core/models.py +msgid "Application Entitlements" +msgstr "" + +#: authentik/core/models.py msgid "Use the source-specific identifier" msgstr "Utilizar o identificador específico da fonte" -#: authentik/core/models.py:326 +#: authentik/core/models.py +msgid "" +"Link to a user with identical email address. Can have security implications " +"when a source doesn't validate email addresses." +msgstr "" +"Link para um utilizador com endereço de e-mail idêntico. Pode ter " +"implicações de segurança quando uma fonte não valida endereços de e-mail." + +#: authentik/core/models.py msgid "" "Use the user's email address, but deny enrollment when the email address " "already exists." @@ -94,7 +297,16 @@ msgstr "" "Utilizar o endereço de e-mail do utilizador, mas negar a inscrição quando o " "endereço de e-mail já existir." -#: authentik/core/models.py:335 +#: authentik/core/models.py +msgid "" +"Link to a user with identical username. Can have security implications when " +"a username is used with another source." +msgstr "" +"Ligação a um utilizador com um nome de utilizador idêntico. Pode ter " +"implicações de segurança quando um nome de utilizador é utilizado com outra " +"fonte." + +#: authentik/core/models.py msgid "" "Use the user's username, but deny enrollment when the username already " "exists." @@ -102,128 +314,152 @@ msgstr "" "Usar o nome de utilizador, mas negar a inscrição quando o nome de utilizador" " já existir." -#: authentik/core/models.py:342 +#: authentik/core/models.py +msgid "" +"Link to a group with identical name. Can have security implications when a " +"group name is used with another source." +msgstr "" +"Ligação a um grupo com um nome idêntico. Pode ter implicações de segurança " +"quando um nome de grupo é utilizado com outra fonte." + +#: authentik/core/models.py +msgid "Use the group name, but deny enrollment when the name already exists." +msgstr "Utilizar o nome do grupo, mas recusar o registo se o nome já existir." + +#: authentik/core/models.py msgid "Source's display Name." msgstr "Nome de exibição da fonte." -#: authentik/core/models.py:343 +#: authentik/core/models.py msgid "Internal source name, used in URLs." msgstr "Nome interno da fonte, usado em URLs." -#: authentik/core/models.py:354 +#: authentik/core/models.py msgid "Flow to use when authenticating existing users." msgstr "Fluxo a usar ao autenticar utilizadores existentes." -#: authentik/core/models.py:363 +#: authentik/core/models.py msgid "Flow to use when enrolling new users." -msgstr "Fluxo a usar ao inscrever novos utilizadores" +msgstr "Fluxo a usar ao inscrever novos utilizadores." -#: authentik/core/models.py:501 +#: authentik/core/models.py +msgid "" +"How the source determines if an existing user should be authenticated or a " +"new user enrolled." +msgstr "" +"A forma como a fonte determina se um utilizador existente deve ser " +"autenticado ou se um novo utilizador deve ser registado." + +#: authentik/core/models.py +msgid "" +"How the source determines if an existing group should be used or a new group" +" created." +msgstr "" +"A forma como a fonte determina se um grupo existente deve ser utilizado ou " +"se deve ser criado um novo grupo." + +#: authentik/core/models.py msgid "Token" msgstr "Token" -#: authentik/core/models.py:502 +#: authentik/core/models.py msgid "Tokens" msgstr "Tokens" -#: authentik/core/models.py:545 +#: authentik/core/models.py +msgid "View token's key" +msgstr "Ver a chave do token" + +#: authentik/core/models.py msgid "Property Mapping" msgstr "Mapeamento de Propriedades" -#: authentik/core/models.py:546 +#: authentik/core/models.py msgid "Property Mappings" msgstr "Mapeamentos de Propriedades" -#: authentik/core/models.py:582 +#: authentik/core/models.py +msgid "session data" +msgstr "dados da sessão" + +#: authentik/core/models.py +msgid "Session" +msgstr "Sessão" + +#: authentik/core/models.py +msgid "Sessions" +msgstr "Sessões" + +#: authentik/core/models.py msgid "Authenticated Session" msgstr "Sessão Autenticada" -#: authentik/core/models.py:583 +#: authentik/core/models.py msgid "Authenticated Sessions" msgstr "Sessões Auntenticadas" -#: authentik/core/sources/flow_manager.py:166 -msgid "source" -msgstr "fonte" - -#: authentik/core/sources/flow_manager.py:220 -#: authentik/core/sources/flow_manager.py:258 -#, python-format -msgid "Successfully authenticated with %(source)s!" -msgstr "Autenticação bem sucedida com %(source)s!" - -#: authentik/core/sources/flow_manager.py:239 -#, python-format -msgid "Successfully linked %(source)s!" -msgstr "Ligação bem sucedida a %(source)s!" - -#: authentik/core/templates/error/generic.html:27 -msgid "Go to home" -msgstr "Ir para a página inicial" - -#: authentik/core/templates/if/admin.html:18 -#: authentik/core/templates/if/admin.html:24 -#: authentik/core/templates/if/flow.html:28 -#: authentik/core/templates/if/flow.html:34 -#: authentik/core/templates/if/user.html:18 -#: authentik/core/templates/if/user.html:24 -msgid "Loading..." -msgstr "A carregar..." - -#: authentik/core/templates/if/end_session.html:7 -msgid "End session" -msgstr "Terminar sessão" - -#: authentik/core/templates/if/end_session.html:11 -#, python-format +#: authentik/core/sources/flow_manager.py +#, python-brace-format msgid "" -"\n" -"You've logged out of %(application)s.\n" +"Request to authenticate with {source} has been denied. Please authenticate " +"with the source you've previously signed up with." msgstr "" -"\n" -"Encerrou a sessão de %(application)s.\n" -#: authentik/core/templates/if/end_session.html:19 -#, python-format -msgid "" -"\n" -" You've logged out of %(application)s. You can go back to the overview to launch another application, or log out of your authentik account.\n" -" " +#: authentik/core/sources/flow_manager.py +msgid "Configured flow does not exist." +msgstr "O fluxo configurado não existe." + +#: authentik/core/sources/flow_manager.py +#, python-brace-format +msgid "Successfully authenticated with {source}!" msgstr "" -"\n" -" Encerrou a sessão de %(application)s. Pode regressar à Visão Geral para abrir outra aplicação, ou para terminar a sessão da sua conta authentik." -#: authentik/core/templates/if/end_session.html:24 -msgid "Go back to overview" -msgstr "Regressar à Visão Geral" - -#: authentik/core/templates/if/end_session.html:26 -msgid "Log out of authentik" -msgstr "Encerrar a sessão do authentik" - -#: authentik/core/templates/if/end_session.html:30 -#, python-format -msgid "" -"\n" -" Log back into %(application)s\n" -" " +#: authentik/core/sources/flow_manager.py +#, python-brace-format +msgid "Successfully linked {source}!" msgstr "" -"\n" -" Retomar a sessão de %(application)s" -#: authentik/core/templates/login/base_full.html:65 +#: authentik/core/sources/flow_manager.py +msgid "Source is not configured for enrollment." +msgstr "" + +#: authentik/core/templates/if/error.html +msgid "Go home" +msgstr "Ir para início" + +#: authentik/core/templates/login/base_full.html +#: authentik/flows/templates/if/flow-sfe.html msgid "Powered by authentik" -msgstr "Providenciado pelo authentik" +msgstr "Desenvolvido pelo authentik" -#: authentik/crypto/api.py:132 +#: authentik/core/views/apps.py authentik/providers/oauth2/views/authorize.py +#: authentik/providers/oauth2/views/device_init.py +#: authentik/providers/saml/views/sso.py +#, python-format +msgid "You're about to sign into %(application)s." +msgstr "Está prestes a iniciar sessão em %(application)s." + +#: authentik/core/views/interface.py +msgid "Interface can only be accessed by internal users." +msgstr "A interface só pode ser acedida por utilizadores internos." + +#: authentik/crypto/api.py msgid "Subject-alt name" msgstr "Nome alternativo do sujeito" -#: authentik/crypto/models.py:34 +#: authentik/crypto/builder.py +msgid "rsa" +msgstr "rsa" + +#: authentik/crypto/builder.py +msgid "ecdsa" +msgstr "ecdsa" + +#: authentik/crypto/models.py msgid "PEM-encoded Certificate data" msgstr "Dados do certificado em codificação PEM" -#: authentik/crypto/models.py:37 +#: authentik/crypto/models.py msgid "" "Optional Private Key. If this is set, you can use this keypair for " "encryption." @@ -231,125 +467,466 @@ msgstr "" "Chave Privada Opcional. Se esta opção for configurada, pode utilizar este " "par de chaves para encriptação." -#: authentik/crypto/models.py:100 +#: authentik/crypto/models.py msgid "Certificate-Key Pair" -msgstr "Par de chaves de certificados" +msgstr "Par de Chaves do Certificado" -#: authentik/crypto/models.py:101 +#: authentik/crypto/models.py msgid "Certificate-Key Pairs" -msgstr "Pares de chaves de certificados" +msgstr "Pares de Chaves de Certificados" -#: authentik/crypto/tasks.py:93 -#, python-format -msgid "Successfully imported %(count)d files." -msgstr "%(count)d ficheiros importados com sucesso." +#: authentik/enterprise/api.py +msgid "Enterprise is required to create/update this object." +msgstr "Enterprise necessário para criar/atualizar este objeto." -#: authentik/events/models.py:285 +#: authentik/enterprise/models.py +msgid "License" +msgstr "Licença" + +#: authentik/enterprise/models.py +msgid "Licenses" +msgstr "Licenças" + +#: authentik/enterprise/models.py +msgid "License Usage" +msgstr "Uso de Licença" + +#: authentik/enterprise/models.py +msgid "License Usage Records" +msgstr "Registos de Uso de Licença" + +#: authentik/enterprise/policies/unique_password/models.py +#: authentik/policies/password/models.py +msgid "Field key to check, field keys defined in Prompt stages are available." +msgstr "" +"Chave do campo a ser verificada, estão disponíveis chaves de campo definidas" +" nas etapas de Solicitação." + +#: authentik/enterprise/policies/unique_password/models.py +msgid "Number of passwords to check against." +msgstr "Número de palavras-passe a verificar." + +#: authentik/enterprise/policies/unique_password/models.py +#: authentik/policies/password/models.py +msgid "Password not set in context" +msgstr "Palavra-passe não definida no contexto" + +#: authentik/enterprise/policies/unique_password/models.py +msgid "This password has been used previously. Please choose a different one." +msgstr "" +"Esta palavra-passe já foi utilizada anteriormente. Por favor, escolha uma " +"diferente." + +#: authentik/enterprise/policies/unique_password/models.py +msgid "Password Uniqueness Policy" +msgstr "Política de Exclusividade da Palavra-passe" + +#: authentik/enterprise/policies/unique_password/models.py +msgid "Password Uniqueness Policies" +msgstr "Políticas de Exclusividade da Palavra-passe" + +#: authentik/enterprise/policies/unique_password/models.py +msgid "User Password History" +msgstr "Histórico de Palavras-passe do Utilizador" + +#: authentik/enterprise/policy.py +msgid "Enterprise required to access this feature." +msgstr "Enterprise necessário para aceder a esta funcionalidade." + +#: authentik/enterprise/policy.py +msgid "Feature only accessible for internal users." +msgstr "Funcionalidade acessível apenas a utilizadores internos." + +#: authentik/enterprise/providers/google_workspace/models.py +msgid "Google Workspace Provider User" +msgstr "Utilizador do Provedor Google Workspace" + +#: authentik/enterprise/providers/google_workspace/models.py +msgid "Google Workspace Provider Users" +msgstr "Utilizadores do Provedor Google Workspace" + +#: authentik/enterprise/providers/google_workspace/models.py +msgid "Google Workspace Provider Group" +msgstr "Grupo do Provedor Google Workspace" + +#: authentik/enterprise/providers/google_workspace/models.py +msgid "Google Workspace Provider Groups" +msgstr "Grupos do Provedor Google Workspace" + +#: authentik/enterprise/providers/google_workspace/models.py +#: authentik/enterprise/providers/microsoft_entra/models.py +#: authentik/providers/scim/models.py +msgid "Property mappings used for group creation/updating." +msgstr "" +"Mapeamentos de propriedades utilizados para criação/atualização de grupos." + +#: authentik/enterprise/providers/google_workspace/models.py +msgid "Google Workspace Provider" +msgstr "Provedor Google Workspace" + +#: authentik/enterprise/providers/google_workspace/models.py +msgid "Google Workspace Providers" +msgstr "Provedores Google Workspace" + +#: authentik/enterprise/providers/google_workspace/models.py +msgid "Google Workspace Provider Mapping" +msgstr "Mapeamentos Provedores Google Workspace" + +#: authentik/enterprise/providers/google_workspace/models.py +msgid "Google Workspace Provider Mappings" +msgstr "Mapeamentos Provedores Google Workspace" + +#: authentik/enterprise/providers/microsoft_entra/models.py +msgid "Microsoft Entra Provider User" +msgstr "Utilizador do Provedor Microsoft Entra" + +#: authentik/enterprise/providers/microsoft_entra/models.py +msgid "Microsoft Entra Provider Group" +msgstr "Grupo do Provedor Microsoft Entra" + +#: authentik/enterprise/providers/microsoft_entra/models.py +msgid "Microsoft Entra Provider Groups" +msgstr "Grupos do Provedor Microsoft Entra" + +#: authentik/enterprise/providers/microsoft_entra/models.py +msgid "Microsoft Entra Provider" +msgstr "Provedor Microsoft Entra" + +#: authentik/enterprise/providers/microsoft_entra/models.py +msgid "Microsoft Entra Providers" +msgstr "Provedores Microsoft Entra" + +#: authentik/enterprise/providers/microsoft_entra/models.py +msgid "Microsoft Entra Provider Mapping" +msgstr "Mapeamento Provedor Microsoft Entra" + +#: authentik/enterprise/providers/microsoft_entra/models.py +msgid "Microsoft Entra Provider Mappings" +msgstr "Mapeamentos Provedores Microsoft Entra" + +#: authentik/enterprise/providers/ssf/models.py +#: authentik/providers/oauth2/models.py +msgid "Signing Key" +msgstr "Chave de Assinatura" + +#: authentik/enterprise/providers/ssf/models.py +msgid "Key used to sign the SSF Events." +msgstr "Chave utilizada para assinar os eventos SSF." + +#: authentik/enterprise/providers/ssf/models.py +msgid "Shared Signals Framework Provider" +msgstr "Fornecedor do Sistema de Sinais Partilhados" + +#: authentik/enterprise/providers/ssf/models.py +msgid "Shared Signals Framework Providers" +msgstr "Fornecedores do Sistema de Sinais Partilhados" + +#: authentik/enterprise/providers/ssf/models.py +msgid "Add stream to SSF provider" +msgstr "" + +#: authentik/enterprise/providers/ssf/models.py +msgid "SSF Stream" +msgstr "" + +#: authentik/enterprise/providers/ssf/models.py +msgid "SSF Streams" +msgstr "" + +#: authentik/enterprise/providers/ssf/models.py +msgid "SSF Stream Event" +msgstr "" + +#: authentik/enterprise/providers/ssf/models.py +msgid "SSF Stream Events" +msgstr "" + +#: authentik/enterprise/providers/ssf/tasks.py +msgid "Failed to send request" +msgstr "Falha no envio do pedido" + +#: authentik/enterprise/stages/authenticator_endpoint_gdtc/models.py +msgid "Endpoint Authenticator Google Device Trust Connector Stage" +msgstr "" + +#: authentik/enterprise/stages/authenticator_endpoint_gdtc/models.py +msgid "Endpoint Authenticator Google Device Trust Connector Stages" +msgstr "" + +#: authentik/enterprise/stages/authenticator_endpoint_gdtc/models.py +msgid "Endpoint Device" +msgstr "" + +#: authentik/enterprise/stages/authenticator_endpoint_gdtc/models.py +msgid "Endpoint Devices" +msgstr "" + +#: authentik/enterprise/stages/authenticator_endpoint_gdtc/stage.py +msgid "Verifying your browser..." +msgstr "" + +#: authentik/enterprise/stages/mtls/models.py +msgid "" +"Configure certificate authorities to validate the certificate against. This " +"option has a higher priority than the `client_certificate` option on " +"`Brand`." +msgstr "" + +#: authentik/enterprise/stages/mtls/models.py +msgid "Mutual TLS Stage" +msgstr "" + +#: authentik/enterprise/stages/mtls/models.py +msgid "Mutual TLS Stages" +msgstr "" + +#: authentik/enterprise/stages/mtls/models.py +msgid "Permissions to pass Certificates for outposts." +msgstr "" + +#: authentik/enterprise/stages/mtls/stage.py +msgid "Certificate required but no certificate was given." +msgstr "" + +#: authentik/enterprise/stages/mtls/stage.py +msgid "No user found for certificate." +msgstr "" + +#: authentik/enterprise/stages/source/models.py +msgid "" +"Amount of time a user can take to return from the source to continue the " +"flow (Format: hours=-1;minutes=-2;seconds=-3)" +msgstr "" + +#: authentik/enterprise/stages/source/models.py +msgid "Source Stage" +msgstr "" + +#: authentik/enterprise/stages/source/models.py +msgid "Source Stages" +msgstr "" + +#: authentik/events/api/tasks.py +#, python-brace-format +msgid "Successfully started task {name}." +msgstr "Tarefa {name} iniciada com sucesso." + +#: authentik/events/models.py msgid "Event" msgstr "Evento" -#: authentik/events/models.py:286 +#: authentik/events/models.py msgid "Events" msgstr "Eventos" -#: authentik/events/models.py:292 +#: authentik/events/models.py +msgid "authentik inbuilt notifications" +msgstr "" + +#: authentik/events/models.py msgid "Generic Webhook" msgstr "Webhook Genérico" -#: authentik/events/models.py:293 +#: authentik/events/models.py msgid "Slack Webhook (Slack/Discord)" msgstr "Webhook Genérico (Slack/Discord)" -#: authentik/events/models.py:294 +#: authentik/events/models.py +#: authentik/stages/authenticator_validate/models.py msgid "Email" msgstr "E-mail" -#: authentik/events/models.py:312 +#: authentik/events/models.py +msgid "" +"Customize the body of the request. Mapping should return data that is JSON-" +"serializable." +msgstr "" + +#: authentik/events/models.py +msgid "" +"Configure additional headers to be sent. Mapping should return a dictionary " +"of key-value pairs" +msgstr "" + +#: authentik/events/models.py msgid "" "Only send notification once, for example when sending a webhook into a chat " "channel." msgstr "" -"Enviar uma notificação apenas uma vez. Por exemplo, ao enviar um webhook in " -"canal de chat." +"Enviar notificação apenas uma vez, por exemplo, ao enviar um webhook para um" +" canal de chat." -#: authentik/events/models.py:357 +#: authentik/events/models.py msgid "Severity" msgstr "Severidade" -#: authentik/events/models.py:362 +#: authentik/events/models.py msgid "Dispatched for user" msgstr "Despachado para o utilizador" -#: authentik/events/models.py:439 +#: authentik/events/models.py +msgid "Event user" +msgstr "" + +#: authentik/events/models.py msgid "Notification Transport" msgstr "Transporte de Notificação" -#: authentik/events/models.py:440 +#: authentik/events/models.py msgid "Notification Transports" msgstr "Transportes de Notificação" -#: authentik/events/models.py:446 +#: authentik/events/models.py msgid "Notice" msgstr "Aviso" -#: authentik/events/models.py:447 +#: authentik/events/models.py msgid "Warning" msgstr "Advertência" -#: authentik/events/models.py:448 +#: authentik/events/models.py msgid "Alert" msgstr "Alerta" -#: authentik/events/models.py:468 +#: authentik/events/models.py msgid "Notification" msgstr "Notificação" -#: authentik/events/models.py:469 +#: authentik/events/models.py msgid "Notifications" msgstr "Notificações" -#: authentik/events/models.py:488 +#: authentik/events/models.py +msgid "" +"Select which transports should be used to notify the user. If none are " +"selected, the notification will only be shown in the authentik UI." +msgstr "" + +#: authentik/events/models.py msgid "Controls which severity level the created notifications will have." msgstr "Controla o nível de severidade que as notificações criadas vão ter." -#: authentik/events/models.py:508 +#: authentik/events/models.py +msgid "" +"Define which group of users this notification should be sent and shown to. " +"If left empty, Notification won't ben sent." +msgstr "" + +#: authentik/events/models.py msgid "Notification Rule" msgstr "Regra de Notificação" -#: authentik/events/models.py:509 +#: authentik/events/models.py msgid "Notification Rules" msgstr "Regras de Notificação" -#: authentik/events/models.py:530 -msgid "Notification Webhook Mapping" -msgstr "Mapeamento de Notificações de Webhooks" +#: authentik/events/models.py +msgid "Webhook Mapping" +msgstr "" -#: authentik/events/models.py:531 -msgid "Notification Webhook Mappings" -msgstr "Mapeamentos de Notificações de Webhooks" +#: authentik/events/models.py +msgid "Webhook Mappings" +msgstr "" -#: authentik/events/monitored_tasks.py:197 +#: authentik/events/models.py +msgid "Run task" +msgstr "" + +#: authentik/events/models.py +msgid "System Task" +msgstr "" + +#: authentik/events/models.py +msgid "System Tasks" +msgstr "" + +#: authentik/events/system_tasks.py msgid "Task has not been run yet." -msgstr "Esta tarefa ainda não foi corrida." +msgstr "Esta tarefa ainda não foi executada." -#: authentik/flows/api/flows.py:350 -#, python-format -msgid "Flow not applicable to current user/request: %(messages)s" -msgstr "Fluxo não aplicável ao utilizador/pedido atual: %(messages)s" +#: authentik/flows/api/flows.py +#, python-brace-format +msgid "Flow not applicable to current user/request: {messages}" +msgstr "" -#: authentik/flows/models.py:107 +#: authentik/flows/api/flows_diagram.py +#, python-brace-format +msgid "Policy ({type})" +msgstr "Política ({type})" + +#: authentik/flows/api/flows_diagram.py +#, python-brace-format +msgid "Binding {order}" +msgstr "" + +#: authentik/flows/api/flows_diagram.py +msgid "Policy passed" +msgstr "Política passada" + +#: authentik/flows/api/flows_diagram.py +#, python-brace-format +msgid "Stage ({type})" +msgstr "" + +#: authentik/flows/api/flows_diagram.py +msgid "Policy denied" +msgstr "Política negada" + +#: authentik/flows/api/flows_diagram.py +msgid "End of the flow" +msgstr "Fim do fluxo" + +#: authentik/flows/api/flows_diagram.py +msgid "Requirement not fulfilled" +msgstr "Requisito não cumprido" + +#: authentik/flows/api/flows_diagram.py +msgid "Flow authentication requirement" +msgstr "Requisito de fluxo de autenticação" + +#: authentik/flows/api/flows_diagram.py +msgid "Requirement fulfilled" +msgstr "Requisito cumprido" + +#: authentik/flows/api/flows_diagram.py +msgid "Pre-flow policies" +msgstr "Políticas pré-fluxo" + +#: authentik/flows/api/flows_diagram.py authentik/flows/models.py +msgid "Flow" +msgstr "Fluxo" + +#: authentik/flows/exceptions.py +msgid "Flow does not apply to current user." +msgstr "O fluxo não se aplica ao utilizador atual." + +#: authentik/flows/models.py +#, python-brace-format +msgid "Dynamic In-memory stage: {doc}" +msgstr "" + +#: authentik/flows/models.py msgid "Visible in the URL." msgstr "Visível no URL." -#: authentik/flows/models.py:109 +#: authentik/flows/models.py msgid "Shown as the Title in Flow pages." msgstr "Mostrado como Título nas páginas de Fluxo." -#: authentik/flows/models.py:126 +#: authentik/flows/models.py +msgid "" +"Decides what this Flow is used for. For example, the Authentication flow is " +"redirect to when an un-authenticated user visits authentik." +msgstr "" +"Determina para que é que este Fluxo é utilizado. Por exemplo, o fluxo de " +"Autenticação para o qual é redirecionado um utilizador não autenticado " +"quando visita o authentik." + +#: authentik/flows/models.py msgid "Background shown during execution" msgstr "Imagem de fundo mostrada durante a execução" -#: authentik/flows/models.py:133 +#: authentik/flows/models.py msgid "" "Enable compatibility mode, increases compatibility with password managers on" " mobile devices." @@ -357,19 +934,43 @@ msgstr "" "Permitir o modo de compatibilidade, aumenta a compatibilidade com gestores " "de palavras-passe de dispositivos móveis." -#: authentik/flows/models.py:178 -msgid "Flow" -msgstr "Fluxo" +#: authentik/flows/models.py +msgid "Configure what should happen when a flow denies access to a user." +msgstr "" -#: authentik/flows/models.py:179 +#: authentik/flows/models.py +msgid "Required level of authentication and authorization to access a flow." +msgstr "" + +#: authentik/flows/models.py msgid "Flows" msgstr "Fluxos" -#: authentik/flows/models.py:209 -msgid "Evaluate policies when the Stage is present to the user." -msgstr "Avaliar políticas quando a Etapa é apresentada ao utilizador." +#: authentik/flows/models.py +msgid "Can export a Flow" +msgstr "Pode exportar um Fluxo" -#: authentik/flows/models.py:216 +#: authentik/flows/models.py +msgid "Can inspect a Flow's execution" +msgstr "Pode inspecionar a execução de um Fluxo" + +#: authentik/flows/models.py +msgid "View Flow's cache metrics" +msgstr "Pode ver as métricas da cache do Fluxo." + +#: authentik/flows/models.py +msgid "Clear Flow's cache metrics" +msgstr "Pode limpar as métricas da cache do Fluxo." + +#: authentik/flows/models.py +msgid "Evaluate policies during the Flow planning process." +msgstr "" + +#: authentik/flows/models.py +msgid "Evaluate policies when the Stage is presented to the user." +msgstr "" + +#: authentik/flows/models.py msgid "" "Configure how the flow executor should handle an invalid response to a " "challenge. RETRY returns the error message and a similar challenge to the " @@ -381,57 +982,114 @@ msgstr "" "similiar ao executor. RESTART reinicia o fluxo desde o início, e " "RESTART_WITH_CONTEXT reinicia o fluxo mantendo o contexto atual." -#: authentik/flows/models.py:240 +#: authentik/flows/models.py msgid "Flow Stage Binding" msgstr "Vinculação da Etapa do Fluxo" -#: authentik/flows/models.py:241 +#: authentik/flows/models.py msgid "Flow Stage Bindings" msgstr "Vinculações de Etapas de Fluxos" -#: authentik/flows/models.py:291 +#: authentik/flows/models.py +msgid "" +"Flow used by an authenticated user to configure this Stage. If empty, user " +"will not be able to configure this stage." +msgstr "" +"Fluxo usado por um utilizador autenticado para configurar esta Etapa. Se " +"estiver em branco, o utilizador não será capaz de configurar esta etapa." + +#: authentik/flows/models.py msgid "Flow Token" msgstr "Token de Fluxo" -#: authentik/flows/models.py:292 +#: authentik/flows/models.py msgid "Flow Tokens" msgstr "Tokens de Fluxo" -#: authentik/flows/templates/flows/error.html:12 -msgid "Whoops!" -msgstr "Ooops!" +#: authentik/flows/views/executor.py +msgid "Invalid next URL" +msgstr "" -#: authentik/flows/templates/flows/error.html:17 -msgid "Something went wrong! Please try again later." -msgstr "Algo correu mal! Por favor tente novamente mais tarde." +#: authentik/lib/sync/outgoing/models.py +msgid "" +"When enabled, provider will not modify or create objects in the remote " +"system." +msgstr "" -#: authentik/lib/utils/time.py:24 +#: authentik/lib/sync/outgoing/tasks.py +msgid "Starting full provider sync" +msgstr "" + +#: authentik/lib/sync/outgoing/tasks.py +msgid "Syncing users" +msgstr "" + +#: authentik/lib/sync/outgoing/tasks.py +msgid "Syncing groups" +msgstr "" + +#: authentik/lib/sync/outgoing/tasks.py +#, python-brace-format +msgid "Syncing page {page} of groups" +msgstr "" + +#: authentik/lib/sync/outgoing/tasks.py +msgid "Dropping mutating request due to dry run" +msgstr "" + +#: authentik/lib/sync/outgoing/tasks.py +#, python-brace-format +msgid "Stopping sync due to error: {error}" +msgstr "" + +#: authentik/lib/utils/time.py #, python-format msgid "%(value)s is not in the correct format of 'hours=3;minutes=1'." msgstr "%(value)s não está na formatação correta: 'hours=3;minutes=1'." -#: authentik/managed/models.py:12 -msgid "Managed by authentik" -msgstr "Gerido pelo authentik" +#: authentik/lib/validators.py +#, python-brace-format +msgid "The fields {field_names} must be used together." +msgstr "" -#: authentik/outposts/api/service_connections.py:131 +#: authentik/outposts/api/service_connections.py msgid "" "You can only use an empty kubeconfig when connecting to a local cluster." msgstr "Só pode utilizar um kubeconfig vazio ao ligar a um cluster local." -#: authentik/outposts/api/service_connections.py:139 +#: authentik/outposts/api/service_connections.py msgid "Invalid kubeconfig" msgstr "Kubeconfig inválido" -#: authentik/outposts/models.py:151 +#: authentik/outposts/models.py +msgid "" +"If enabled, use the local connection. Required Docker socket/Kubernetes " +"Integration" +msgstr "" + +#: authentik/outposts/models.py msgid "Outpost Service-Connection" msgstr "Conecção de Serviço de Terminal" -#: authentik/outposts/models.py:152 +#: authentik/outposts/models.py msgid "Outpost Service-Connections" msgstr "Conecções de Serviço de Terminal" -#: authentik/outposts/models.py:188 +#: authentik/outposts/models.py +msgid "" +"Can be in the format of 'unix://' when connecting to a local docker " +"daemon, or 'https://:2376' when connecting to a remote system." +msgstr "" + +#: authentik/outposts/models.py +msgid "" +"CA which the endpoint's Certificate is verified against. Can be left empty " +"for no validation." +msgstr "" +"CA com o qual Certificado do terminal é verificado. Pode ser deixado em " +"branco para que não haja validação." + +#: authentik/outposts/models.py msgid "" "Certificate/Key used for authentication. Can be left empty for no " "authentication." @@ -439,165 +1097,286 @@ msgstr "" "Certificado/Chave usados para autententicação. Pode ser deixado vazio para " "não autenticar." -#: authentik/outposts/models.py:201 +#: authentik/outposts/models.py msgid "Docker Service-Connection" msgstr "Conecção de Serviço Docker" -#: authentik/outposts/models.py:202 +#: authentik/outposts/models.py msgid "Docker Service-Connections" msgstr "Conecção de Serviço Docker" -#: authentik/outposts/models.py:227 +#: authentik/outposts/models.py +msgid "" +"Paste your kubeconfig here. authentik will automatically use the currently " +"selected context." +msgstr "" + +#: authentik/outposts/models.py +msgid "Verify SSL Certificates of the Kubernetes API endpoint" +msgstr "" + +#: authentik/outposts/models.py msgid "Kubernetes Service-Connection" msgstr "Conecção de Serviço Kubernetes" -#: authentik/outposts/models.py:228 +#: authentik/outposts/models.py msgid "Kubernetes Service-Connections" msgstr "Conecções de Serviço Kubernetes" -#: authentik/policies/denied.py:24 +#: authentik/outposts/models.py +msgid "" +"Select Service-Connection authentik should use to manage this outpost. Leave" +" empty if authentik should not handle the deployment." +msgstr "" + +#: authentik/outposts/models.py +msgid "Outpost" +msgstr "" + +#: authentik/outposts/models.py +msgid "Outposts" +msgstr "" + +#: authentik/policies/denied.py msgid "Access denied" msgstr "Acesso negado" -#: authentik/policies/dummy/models.py:45 +#: authentik/policies/dummy/models.py msgid "Dummy Policy" msgstr "Política Fictícia" -#: authentik/policies/dummy/models.py:46 +#: authentik/policies/dummy/models.py msgid "Dummy Policies" msgstr "Políticas Fictícias" -#: authentik/policies/event_matcher/models.py:80 +#: authentik/policies/event_matcher/api.py +#: authentik/policies/event_matcher/models.py +msgid "" +"Match events created by selected application. When left empty, all " +"applications are matched." +msgstr "" + +#: authentik/policies/event_matcher/api.py +#: authentik/policies/event_matcher/models.py +msgid "" +"Match events created by selected model. When left empty, all models are " +"matched. When an app is selected, all the application's models are matched." +msgstr "" + +#: authentik/policies/event_matcher/api.py +msgid "At least one criteria must be set." +msgstr "" + +#: authentik/policies/event_matcher/models.py +msgid "" +"Match created events with this action type. When left empty, all action " +"types will be matched." +msgstr "" + +#: authentik/policies/event_matcher/models.py +msgid "" +"Matches Event's Client IP (strict matching, for network matching use an " +"Expression Policy)" +msgstr "" + +#: authentik/policies/event_matcher/models.py msgid "Event Matcher Policy" msgstr "Política de Associação de Eventos" -#: authentik/policies/event_matcher/models.py:81 +#: authentik/policies/event_matcher/models.py msgid "Event Matcher Policies" msgstr "Políticas de Associação de Eventos" -#: authentik/policies/expiry/models.py:46 -msgid "days" -msgstr "dias" +#: authentik/policies/expiry/models.py +#, python-brace-format +msgid "Password expired {days} days ago. Please update your password." +msgstr "" -#: authentik/policies/expiry/models.py:49 +#: authentik/policies/expiry/models.py msgid "Password has expired." msgstr "A palavra-passe expirou." -#: authentik/policies/expiry/models.py:54 +#: authentik/policies/expiry/models.py msgid "Password Expiry Policy" msgstr "Política de Expiração de Palavras-Passe" -#: authentik/policies/expiry/models.py:55 +#: authentik/policies/expiry/models.py msgid "Password Expiry Policies" msgstr "Políticas de Expiração de Palavras-Passe" -#: authentik/policies/expression/models.py:41 +#: authentik/policies/expression/models.py msgid "Expression Policy" msgstr "Política de Expressão" -#: authentik/policies/expression/models.py:42 +#: authentik/policies/expression/models.py msgid "Expression Policies" msgstr "Políticas de Expressão" -#: authentik/policies/hibp/models.py:22 -#: authentik/policies/password/models.py:24 -msgid "Field key to check, field keys defined in Prompt stages are available." +#: authentik/policies/geoip/models.py +msgid "GeoIP: client IP not found in ASN database." msgstr "" -"Chave do campo a ser verificada, estão disponíveis chaves de campo definidas" -" nas etapas de Solicitação." -#: authentik/policies/hibp/models.py:47 -#: authentik/policies/password/models.py:57 -msgid "Password not set in context" -msgstr "Palavra-passe não definida no contexto" +#: authentik/policies/geoip/models.py +msgid "Client IP is not part of an allowed autonomous system." +msgstr "" -#: authentik/policies/hibp/models.py:60 -#, python-format -msgid "Password exists on %(count)d online lists." -msgstr "A palavra-passe existe em %(count)d listas online." +#: authentik/policies/geoip/models.py +msgid "GeoIP: client IP address not found in City database." +msgstr "" -#: authentik/policies/hibp/models.py:66 -msgid "Have I Been Pwned Policy" -msgstr "Política \"Have I Been Pwned\"" +#: authentik/policies/geoip/models.py +msgid "Client IP is not in an allowed country." +msgstr "" -#: authentik/policies/hibp/models.py:67 -msgid "Have I Been Pwned Policies" -msgstr "Políticas \"Have I Been Pwned\"" +#: authentik/policies/geoip/models.py +msgid "Distance from previous authentication is larger than threshold." +msgstr "" -#: authentik/policies/models.py:23 -msgid "ALL, all policies must pass" -msgstr "TODAS, todas as políticas devem ser cumpridas" +#: authentik/policies/geoip/models.py +msgid "Distance is further than possible." +msgstr "" -#: authentik/policies/models.py:25 -msgid "ANY, any policy must pass" -msgstr "QUALQUER, qualquer uma das políticas deve ser cumprida" +#: authentik/policies/geoip/models.py +msgid "GeoIP Policy" +msgstr "" -#: authentik/policies/models.py:45 +#: authentik/policies/geoip/models.py +msgid "GeoIP Policies" +msgstr "" + +#: authentik/policies/models.py +msgid "all, all policies must pass" +msgstr "" + +#: authentik/policies/models.py +msgid "any, any policy must pass" +msgstr "" + +#: authentik/policies/models.py msgid "Policy Binding Model" msgstr "Modelo de Associação de Políticas" -#: authentik/policies/models.py:46 +#: authentik/policies/models.py msgid "Policy Binding Models" msgstr "Modelos de Associação de Políticas" -#: authentik/policies/models.py:85 +#: authentik/policies/models.py msgid "Negates the outcome of the policy. Messages are unaffected." msgstr "Nega o resultado da política. As mensagens não são afetadas." -#: authentik/policies/models.py:88 +#: authentik/policies/models.py msgid "Timeout after which Policy execution is terminated." msgstr "Tempo de expiração após o qual a execução da Política é terminada." -#: authentik/policies/models.py:141 +#: authentik/policies/models.py +msgid "Result if the Policy execution fails." +msgstr "" + +#: authentik/policies/models.py msgid "Policy Binding" msgstr "Associação de Políticas" -#: authentik/policies/models.py:142 +#: authentik/policies/models.py msgid "Policy Bindings" msgstr "Ligações de Políticas" -#: authentik/policies/models.py:181 +#: authentik/policies/models.py +msgid "" +"When this option is enabled, all executions of this policy will be logged. " +"By default, only execution errors are logged." +msgstr "" + +#: authentik/policies/models.py msgid "Policy" msgstr "Política" -#: authentik/policies/models.py:182 +#: authentik/policies/models.py msgid "Policies" msgstr "Políticas" -#: authentik/policies/password/models.py:89 +#: authentik/policies/models.py +msgid "View Policy's cache metrics" +msgstr "" + +#: authentik/policies/models.py +msgid "Clear Policy's cache metrics" +msgstr "" + +#: authentik/policies/password/models.py +msgid "How many times the password hash is allowed to be on haveibeenpwned" +msgstr "" + +#: authentik/policies/password/models.py +msgid "" +"If the zxcvbn score is equal or less than this value, the policy will fail." +msgstr "" + +#: authentik/policies/password/models.py +msgid "Invalid password." +msgstr "" + +#: authentik/policies/password/models.py +#, python-brace-format +msgid "Password exists on {count} online lists." +msgstr "" + +#: authentik/policies/password/models.py +msgid "Password is too weak." +msgstr "" + +#: authentik/policies/password/models.py msgid "Password Policy" msgstr "Política de Palavras-Passe" -#: authentik/policies/password/models.py:90 +#: authentik/policies/password/models.py msgid "Password Policies" msgstr "Políticas de Palavras-Passe" -#: authentik/policies/reputation/models.py:54 +#: authentik/policies/reputation/api.py +msgid "Either IP or Username must be checked" +msgstr "" + +#: authentik/policies/reputation/models.py msgid "Reputation Policy" msgstr "Política de Reputação" -#: authentik/policies/reputation/models.py:55 +#: authentik/policies/reputation/models.py msgid "Reputation Policies" msgstr "Políticas de Reputação" -#: authentik/policies/templates/policies/denied.html:7 -#: authentik/policies/templates/policies/denied.html:11 +#: authentik/policies/reputation/models.py +msgid "Reputation Score" +msgstr "" + +#: authentik/policies/reputation/models.py +msgid "Reputation Scores" +msgstr "" + +#: authentik/policies/templates/policies/denied.html msgid "Permission denied" msgstr "Permissão negada" -#: authentik/policies/templates/policies/denied.html:20 +#: authentik/policies/templates/policies/denied.html +msgid "User's avatar" +msgstr "" + +#: authentik/policies/templates/policies/denied.html +msgid "Not you?" +msgstr "" + +#: authentik/policies/templates/policies/denied.html msgid "Request has been denied." msgstr "O pedido foi negado." -#: authentik/policies/templates/policies/denied.html:31 +#: authentik/policies/templates/policies/denied.html msgid "Messages:" msgstr "Mensagens:" -#: authentik/policies/templates/policies/denied.html:41 +#: authentik/policies/templates/policies/denied.html msgid "Explanation:" msgstr "Explicação:" -#: authentik/policies/templates/policies/denied.html:45 +#: authentik/policies/templates/policies/denied.html #, python-format msgid "" "\n" @@ -607,233 +1386,354 @@ msgstr "" "\n" " A política que associa \"%(name)s\" devolveu o resultado \"%(result)s\"" -#: authentik/policies/views.py:68 +#: authentik/policies/views.py msgid "Failed to resolve application" msgstr "Falha ao resolver a aplicação" -#: authentik/providers/ldap/models.py:25 +#: authentik/providers/ldap/models.py msgid "DN under which objects are accessible." msgstr "DN sobre o qual os objetos são acessíveis." -#: authentik/providers/ldap/models.py:34 +#: authentik/providers/ldap/models.py msgid "" -"Users in this group can do search queries. If not set, every user can " -"execute search queries." -msgstr "" -"Os utilizadores neste grupo podem fazer queries de pesquisa. Se não for " -"definido, qualquer um dos utilizadores pode executar queries de pesquisa." - -#: authentik/providers/ldap/models.py:53 -msgid "" -"The start for uidNumbers, this number is added to the user.Pk to make sure " +"The start for uidNumbers, this number is added to the user.pk to make sure " "that the numbers aren't too low for POSIX users. Default is 2000 to ensure " "that we don't collide with local users uidNumber" msgstr "" -#: authentik/providers/ldap/models.py:62 +#: authentik/providers/ldap/models.py msgid "" "The start for gidNumbers, this number is added to a number generated from " -"the group.Pk to make sure that the numbers aren't too low for POSIX groups. " +"the group.pk to make sure that the numbers aren't too low for POSIX groups. " "Default is 4000 to ensure that we don't collide with local groups or users " "primary groups gidNumber" msgstr "" -#: authentik/providers/ldap/models.py:97 +#: authentik/providers/ldap/models.py authentik/providers/radius/models.py +msgid "" +"When enabled, code-based multi-factor authentication can be used by " +"appending a semicolon and the TOTP code to the password. This should only be" +" enabled if all users that will bind to this provider have a TOTP device " +"configured, as otherwise a password may incorrectly be rejected if it " +"contains a semicolon." +msgstr "" + +#: authentik/providers/ldap/models.py msgid "LDAP Provider" msgstr "Provedor LDAP" -#: authentik/providers/ldap/models.py:98 +#: authentik/providers/ldap/models.py msgid "LDAP Providers" msgstr "Provedores LDAP" -#: authentik/providers/oauth2/models.py:36 -msgid "Confidential" -msgstr "Confidencial" +#: authentik/providers/ldap/models.py +msgid "Search full LDAP directory" +msgstr "" -#: authentik/providers/oauth2/models.py:37 -msgid "Public" -msgstr "Público" +#: authentik/providers/oauth2/api/providers.py +#, python-brace-format +msgid "Invalid Regex Pattern: {url}" +msgstr "" -#: authentik/providers/oauth2/models.py:51 +#: authentik/providers/oauth2/id_token.py msgid "Based on the Hashed User ID" msgstr "Baseado na Hash do ID de Utilizador" -#: authentik/providers/oauth2/models.py:52 +#: authentik/providers/oauth2/id_token.py +msgid "Based on user ID" +msgstr "" + +#: authentik/providers/oauth2/id_token.py +msgid "Based on user UUID" +msgstr "" + +#: authentik/providers/oauth2/id_token.py msgid "Based on the username" msgstr "Baseado no nome de utilizador" -#: authentik/providers/oauth2/models.py:55 +#: authentik/providers/oauth2/id_token.py msgid "Based on the User's Email. This is recommended over the UPN method." msgstr "" "Baseado no E-Mail do Utililzador. Recomendado em relação ao método UPN." -#: authentik/providers/oauth2/models.py:71 +#: authentik/providers/oauth2/id_token.py +msgid "" +"Based on the User's UPN, only works if user has a 'upn' attribute set. Use " +"this method only if you have different UPN and Mail domains." +msgstr "" +"Baseado na UPN do Utilizador, só funciona se o utilizador tiver um atributo " +"\"upn\" definido. Utilize este método apenas se tiver diferentes domínios de" +" UPN e de Mail." + +#: authentik/providers/oauth2/models.py +msgid "Confidential" +msgstr "Confidencial" + +#: authentik/providers/oauth2/models.py +msgid "Public" +msgstr "Público" + +#: authentik/providers/oauth2/models.py msgid "Same identifier is used for all providers" msgstr "O mesmo identificador é utilizado em todos os provedores" -#: authentik/providers/oauth2/models.py:73 +#: authentik/providers/oauth2/models.py msgid "Each provider has a different issuer, based on the application slug." msgstr "Cada provedor tem um emissor diferente, baseado no slug da aplicação." -#: authentik/providers/oauth2/models.py:80 +#: authentik/providers/oauth2/models.py +msgid "Strict URL comparison" +msgstr "" + +#: authentik/providers/oauth2/models.py +msgid "Regular Expression URL matching" +msgstr "" + +#: authentik/providers/oauth2/models.py msgid "code (Authorization Code Flow)" msgstr "código (Fluxo de Autorização de Código)" -#: authentik/providers/oauth2/models.py:81 +#: authentik/providers/oauth2/models.py msgid "id_token (Implicit Flow)" msgstr "id_token (Fluxo Implícito)" -#: authentik/providers/oauth2/models.py:82 +#: authentik/providers/oauth2/models.py msgid "id_token token (Implicit Flow)" msgstr "token id_token (Fluxo Implícito)" -#: authentik/providers/oauth2/models.py:83 +#: authentik/providers/oauth2/models.py msgid "code token (Hybrid Flow)" msgstr "token de código (Fluxo Híbrido)" -#: authentik/providers/oauth2/models.py:84 +#: authentik/providers/oauth2/models.py msgid "code id_token (Hybrid Flow)" msgstr "code id_token (Fluxo Híbrido)" -#: authentik/providers/oauth2/models.py:85 +#: authentik/providers/oauth2/models.py msgid "code id_token token (Hybrid Flow)" msgstr "token id_code de codígo (Fluxo Híbrido)" -#: authentik/providers/oauth2/models.py:91 +#: authentik/providers/oauth2/models.py msgid "HS256 (Symmetric Encryption)" msgstr "HS256 (Encriptação Simétrica)" -#: authentik/providers/oauth2/models.py:92 +#: authentik/providers/oauth2/models.py msgid "RS256 (Asymmetric Encryption)" msgstr "RS256 (Encriptação Assimétrica)" -#: authentik/providers/oauth2/models.py:93 +#: authentik/providers/oauth2/models.py msgid "ES256 (Asymmetric Encryption)" msgstr "ES256 (Encriptação Assimétrica)" -#: authentik/providers/oauth2/models.py:99 +#: authentik/providers/oauth2/models.py +msgid "ES384 (Asymmetric Encryption)" +msgstr "" + +#: authentik/providers/oauth2/models.py +msgid "ES512 (Asymmetric Encryption)" +msgstr "" + +#: authentik/providers/oauth2/models.py msgid "Scope used by the client" msgstr "Âmbito usado pelo cliente" -#: authentik/providers/oauth2/models.py:125 +#: authentik/providers/oauth2/models.py +msgid "" +"Description shown to the user when consenting. If left empty, the user won't" +" be informed." +msgstr "" +"Descrição mostrada ao utilizador durante o consentimento. Se deixado em " +"branco, o utilizador não será informado." + +#: authentik/providers/oauth2/models.py msgid "Scope Mapping" msgstr "Mapeamento de Âmbito" -#: authentik/providers/oauth2/models.py:126 +#: authentik/providers/oauth2/models.py msgid "Scope Mappings" msgstr "Mapeamentos de Âmbito" -#: authentik/providers/oauth2/models.py:136 +#: authentik/providers/oauth2/models.py msgid "Client Type" msgstr "Tipo de Cliente" -#: authentik/providers/oauth2/models.py:142 +#: authentik/providers/oauth2/models.py +msgid "" +"Confidential clients are capable of maintaining the confidentiality of their" +" credentials. Public clients are incapable" +msgstr "" + +#: authentik/providers/oauth2/models.py msgid "Client ID" msgstr "ID do cliente" -#: authentik/providers/oauth2/models.py:148 +#: authentik/providers/oauth2/models.py msgid "Client Secret" msgstr "Segredo do Cliente" -#: authentik/providers/oauth2/models.py:154 +#: authentik/providers/oauth2/models.py msgid "Redirect URIs" msgstr "URIs de Redireção" -#: authentik/providers/oauth2/models.py:155 -msgid "Enter each URI on a new line." -msgstr "Introduza cada URI numa nova linha." - -#: authentik/providers/oauth2/models.py:160 +#: authentik/providers/oauth2/models.py msgid "Include claims in id_token" msgstr "Inclua claims no id_token" -#: authentik/providers/oauth2/models.py:208 -msgid "RSA Key" -msgstr "Chave RSA" - -#: authentik/providers/oauth2/models.py:212 +#: authentik/providers/oauth2/models.py msgid "" -"Key used to sign the tokens. Only required when JWT Algorithm is set to " -"RS256." +"Include User claims from scopes in the id_token, for applications that don't" +" access the userinfo endpoint." msgstr "" -"Chave utilizada para assinar os tokens. Só é necessária quando o Algoritmo " -"JWT estiver definido como RS256." -#: authentik/providers/oauth2/models.py:291 +#: authentik/providers/oauth2/models.py +msgid "" +"Access codes not valid on or after current time + this value (Format: " +"hours=1;minutes=2;seconds=3)." +msgstr "" + +#: authentik/providers/oauth2/models.py +msgid "" +"Tokens not valid on or after current time + this value (Format: " +"hours=1;minutes=2;seconds=3)." +msgstr "" + +#: authentik/providers/oauth2/models.py +msgid "" +"Configure what data should be used as unique User Identifier. For most " +"cases, the default should be fine." +msgstr "" +"Configurar quais os dados que devem ser usados como Identificador de " +"Utilizador único. Na maioria dos casos, os valores pré-definidos devem " +"funcionar bem." + +#: authentik/providers/oauth2/models.py +msgid "Configure how the issuer field of the ID Token should be filled." +msgstr "" +"Configurar como é que o campo do emissor do ID Token deve ser preenchido." + +#: authentik/providers/oauth2/models.py +msgid "Key used to sign the tokens." +msgstr "" + +#: authentik/providers/oauth2/models.py +msgid "Encryption Key" +msgstr "" + +#: authentik/providers/oauth2/models.py +msgid "" +"Key used to encrypt the tokens. When set, tokens will be encrypted and " +"returned as JWEs." +msgstr "" + +#: authentik/providers/oauth2/models.py +msgid "" +"Any JWT signed by the JWK of the selected source can be used to " +"authenticate." +msgstr "" + +#: authentik/providers/oauth2/models.py msgid "OAuth2/OpenID Provider" msgstr "Provedor OAuth2/OpenID" -#: authentik/providers/oauth2/models.py:292 +#: authentik/providers/oauth2/models.py msgid "OAuth2/OpenID Providers" msgstr "Provedores OAuth2/OpenID" -#: authentik/providers/oauth2/models.py:300 +#: authentik/providers/oauth2/models.py msgid "Scopes" msgstr "Âmbitos" -#: authentik/providers/oauth2/models.py:319 +#: authentik/providers/oauth2/models.py msgid "Code" msgstr "Código" -#: authentik/providers/oauth2/models.py:320 +#: authentik/providers/oauth2/models.py msgid "Nonce" msgstr "Nonce" -#: authentik/providers/oauth2/models.py:321 -msgid "Is Authentication?" -msgstr "É Autenticação?" - -#: authentik/providers/oauth2/models.py:322 +#: authentik/providers/oauth2/models.py msgid "Code Challenge" msgstr "Desafio de Código" -#: authentik/providers/oauth2/models.py:324 +#: authentik/providers/oauth2/models.py msgid "Code Challenge Method" msgstr "Método de Desafio de Código" -#: authentik/providers/oauth2/models.py:338 +#: authentik/providers/oauth2/models.py msgid "Authorization Code" msgstr "Código de Autorização" -#: authentik/providers/oauth2/models.py:339 +#: authentik/providers/oauth2/models.py msgid "Authorization Codes" msgstr "Códigos de Autorização" -#: authentik/providers/oauth2/models.py:382 -msgid "Access Token" -msgstr "Token de Acesso" +#: authentik/providers/oauth2/models.py +msgid "OAuth2 Access Token" +msgstr "" -#: authentik/providers/oauth2/models.py:383 -msgid "Refresh Token" -msgstr "Token de Atualização" +#: authentik/providers/oauth2/models.py +msgid "OAuth2 Access Tokens" +msgstr "" -#: authentik/providers/oauth2/models.py:384 +#: authentik/providers/oauth2/models.py msgid "ID Token" msgstr "Token ID" -#: authentik/providers/oauth2/models.py:387 -msgid "OAuth2 Token" -msgstr "Token OAuth2" +#: authentik/providers/oauth2/models.py +msgid "OAuth2 Refresh Token" +msgstr "" -#: authentik/providers/oauth2/models.py:388 -msgid "OAuth2 Tokens" -msgstr "Tokens OAuth2" +#: authentik/providers/oauth2/models.py +msgid "OAuth2 Refresh Tokens" +msgstr "" -#: authentik/providers/oauth2/views/authorize.py:458 -#: authentik/providers/saml/views/sso.py:69 -#, python-format -msgid "You're about to sign into %(application)s." -msgstr "Está prestes a iniciar sessão em %(application)s." +#: authentik/providers/oauth2/models.py +msgid "Device Token" +msgstr "" -#: authentik/providers/proxy/models.py:52 +#: authentik/providers/oauth2/models.py +msgid "Device Tokens" +msgstr "" + +#: authentik/providers/oauth2/views/authorize.py +#: authentik/providers/saml/views/flows.py +#, python-brace-format +msgid "Redirecting to {app}..." +msgstr "" + +#: authentik/providers/oauth2/views/device_init.py +msgid "Invalid code" +msgstr "" + +#: authentik/providers/oauth2/views/userinfo.py +msgid "GitHub Compatibility: Access your User Information" +msgstr "" + +#: authentik/providers/oauth2/views/userinfo.py +msgid "GitHub Compatibility: Access you Email addresses" +msgstr "" + +#: authentik/providers/oauth2/views/userinfo.py +msgid "GitHub Compatibility: Access your Groups" +msgstr "" + +#: authentik/providers/proxy/api.py +msgid "User and password attributes must be set when basic auth is enabled." +msgstr "" + +#: authentik/providers/proxy/api.py +msgid "Internal host cannot be empty when forward auth is disabled." +msgstr "" + +#: authentik/providers/proxy/models.py msgid "Validate SSL Certificates of upstream servers" msgstr "Validar Certificados SSL dos servidores a montante" -#: authentik/providers/proxy/models.py:53 +#: authentik/providers/proxy/models.py msgid "Internal host SSL Validation" msgstr "Validação SSL do anfitrião interno" -#: authentik/providers/proxy/models.py:59 +#: authentik/providers/proxy/models.py msgid "" "Enable support for forwardAuth in traefik and nginx auth_request. Exclusive " "with internal_host." @@ -841,11 +1741,23 @@ msgstr "" "Ative o suporte para forwardAuth no traefik e nginx auth_request. Exclusivo " "com internal_host." -#: authentik/providers/proxy/models.py:77 +#: authentik/providers/proxy/models.py +msgid "" +"Regular expressions for which authentication is not required. Each new line " +"is interpreted as a new Regular Expression." +msgstr "" + +#: authentik/providers/proxy/models.py +msgid "" +"When enabled, this provider will intercept the authorization header and " +"authenticate requests based on its value." +msgstr "" + +#: authentik/providers/proxy/models.py msgid "Set HTTP-Basic Authentication" msgstr "Definir Autenticação HTTP-Basic" -#: authentik/providers/proxy/models.py:79 +#: authentik/providers/proxy/models.py msgid "" "Set a custom HTTP-Basic Authentication header based on values from " "authentik." @@ -853,131 +1765,511 @@ msgstr "" "Definir um cabeçalho personalizado de Autenticação HTTP-Basic com base nos " "valores do authentik." -#: authentik/providers/proxy/models.py:84 +#: authentik/providers/proxy/models.py msgid "HTTP-Basic Username Key" msgstr "Chave de Nome de Utilizador HTTP-Basic" -#: authentik/providers/proxy/models.py:94 +#: authentik/providers/proxy/models.py +msgid "" +"User/Group Attribute used for the user part of the HTTP-Basic Header. If not" +" set, the user's Email address is used." +msgstr "" + +#: authentik/providers/proxy/models.py msgid "HTTP-Basic Password Key" msgstr "Chave de Palavra-Passe HTTP-Basic" -#: authentik/providers/proxy/models.py:149 +#: authentik/providers/proxy/models.py +msgid "" +"User/Group Attribute used for the password part of the HTTP-Basic Header." +msgstr "" + +#: authentik/providers/proxy/models.py msgid "Proxy Provider" msgstr "Provedor de Proxy" -#: authentik/providers/proxy/models.py:150 +#: authentik/providers/proxy/models.py msgid "Proxy Providers" msgstr "Provedores de Proxy" -#: authentik/providers/saml/api.py:176 +#: authentik/providers/rac/models.py authentik/stages/user_login/models.py +msgid "" +"Determines how long a session lasts. Default of 0 means that the sessions " +"lasts until the browser is closed. (Format: hours=-1;minutes=-2;seconds=-3)" +msgstr "" +"Determina a duração de uma sessão. O valor por omissão de 0 significa que as" +" sessões duram até que o navegador seja fechado. (Formato: " +"hours=-1;minutes=-2;seconds=-3)" + +#: authentik/providers/rac/models.py +msgid "When set to true, connection tokens will be deleted upon disconnect." +msgstr "" + +#: authentik/providers/rac/models.py +msgid "RAC Provider" +msgstr "Provedor RAC" + +#: authentik/providers/rac/models.py +msgid "RAC Providers" +msgstr "Provedores RAC" + +#: authentik/providers/rac/models.py +msgid "RAC Endpoint" +msgstr "Endpoint RAC" + +#: authentik/providers/rac/models.py +msgid "RAC Endpoints" +msgstr "Endpoints RAC" + +#: authentik/providers/rac/models.py +msgid "RAC Provider Property Mapping" +msgstr "" + +#: authentik/providers/rac/models.py +msgid "RAC Provider Property Mappings" +msgstr "" + +#: authentik/providers/rac/models.py +msgid "RAC Connection token" +msgstr "" + +#: authentik/providers/rac/models.py +msgid "RAC Connection tokens" +msgstr "" + +#: authentik/providers/rac/views.py +msgid "Maximum connection limit reached." +msgstr "" + +#: authentik/providers/rac/views.py +msgid "(You are already connected in another tab/window)" +msgstr "" + +#: authentik/providers/radius/models.py +msgid "Shared secret between clients and server to hash packets." +msgstr "" + +#: authentik/providers/radius/models.py +msgid "" +"List of CIDRs (comma-separated) that clients can connect from. A more " +"specific CIDR will match before a looser one. Clients connecting from a non-" +"specified CIDR will be dropped." +msgstr "" + +#: authentik/providers/radius/models.py +msgid "Radius Provider" +msgstr "Provedor Radius" + +#: authentik/providers/radius/models.py +msgid "Radius Providers" +msgstr "Provedores Radius" + +#: authentik/providers/radius/models.py +msgid "Radius Provider Property Mapping" +msgstr "" + +#: authentik/providers/radius/models.py +msgid "Radius Provider Property Mappings" +msgstr "" + +#: authentik/providers/saml/api/providers.py +msgid "" +"With a signing keypair selected, at least one of 'Sign assertion' and 'Sign " +"Response' must be selected." +msgstr "" + +#: authentik/providers/saml/api/providers.py msgid "Invalid XML Syntax" msgstr "Sintaxe HTML Inválida" -#: authentik/providers/saml/api.py:186 -#, python-format -msgid "Failed to import Metadata: %(message)s" -msgstr "Falha ao importar Metadados: %(message)s" +#: authentik/providers/saml/api/providers.py +#, python-brace-format +msgid "Failed to import Metadata: {messages}" +msgstr "" -#: authentik/providers/saml/models.py:38 +#: authentik/providers/saml/models.py msgid "ACS URL" msgstr "ACS URL" -#: authentik/providers/saml/models.py:49 +#: authentik/providers/saml/models.py +msgid "" +"Value of the audience restriction field of the assertion. When left empty, " +"no audience restriction will be added." +msgstr "" + +#: authentik/providers/saml/models.py msgid "Also known as EntityID" msgstr "Também conhecido como EntityID" -#: authentik/providers/saml/models.py:53 +#: authentik/providers/saml/models.py msgid "Service Provider Binding" msgstr "Vinculação de Provedores de Serviço" -#: authentik/providers/saml/models.py:65 +#: authentik/providers/saml/models.py +msgid "" +"This determines how authentik sends the response back to the Service " +"Provider." +msgstr "" + +#: authentik/providers/saml/models.py msgid "NameID Property Mapping" msgstr "Mapeamento de Propriedade NameID" -#: authentik/providers/saml/models.py:109 authentik/sources/saml/models.py:128 +#: authentik/providers/saml/models.py +msgid "" +"Configure how the NameID value will be created. When left empty, the " +"NameIDPolicy of the incoming request will be considered" +msgstr "" + +#: authentik/providers/saml/models.py +msgid "AuthnContextClassRef Property Mapping" +msgstr "" + +#: authentik/providers/saml/models.py +msgid "" +"Configure how the AuthnContextClassRef value will be created. When left " +"empty, the AuthnContextClassRef will be set based on which authentication " +"methods the user used to authenticate." +msgstr "" + +#: authentik/providers/saml/models.py +msgid "" +"Assertion valid not before current time + this value (Format: " +"hours=-1;minutes=-2;seconds=-3)." +msgstr "" + +#: authentik/providers/saml/models.py +msgid "" +"Assertion not valid on or after current time + this value (Format: " +"hours=1;minutes=2;seconds=3)." +msgstr "" +"A asserção não é válida durante ou após a hora atual + este valor (Formato: " +"horas=1;minutos=2;segundos=3);" + +#: authentik/providers/saml/models.py +msgid "" +"Session not valid on or after current time + this value (Format: " +"hours=1;minutes=2;seconds=3)." +msgstr "" + +#: authentik/providers/saml/models.py authentik/sources/saml/models.py msgid "SHA1" msgstr "SHA1" -#: authentik/providers/saml/models.py:110 authentik/sources/saml/models.py:129 +#: authentik/providers/saml/models.py authentik/sources/saml/models.py msgid "SHA256" msgstr "SHA256" -#: authentik/providers/saml/models.py:111 authentik/sources/saml/models.py:130 +#: authentik/providers/saml/models.py authentik/sources/saml/models.py msgid "SHA384" msgstr "SHA384" -#: authentik/providers/saml/models.py:112 authentik/sources/saml/models.py:131 +#: authentik/providers/saml/models.py authentik/sources/saml/models.py msgid "SHA512" msgstr "SHA512" -#: authentik/providers/saml/models.py:119 authentik/sources/saml/models.py:138 +#: authentik/providers/saml/models.py authentik/sources/saml/models.py msgid "RSA-SHA1" msgstr "RSA-SHA1" -#: authentik/providers/saml/models.py:120 authentik/sources/saml/models.py:139 +#: authentik/providers/saml/models.py authentik/sources/saml/models.py msgid "RSA-SHA256" msgstr "RSA-SHA256" -#: authentik/providers/saml/models.py:121 authentik/sources/saml/models.py:140 +#: authentik/providers/saml/models.py authentik/sources/saml/models.py msgid "RSA-SHA384" msgstr "RSA-SHA384" -#: authentik/providers/saml/models.py:122 authentik/sources/saml/models.py:141 +#: authentik/providers/saml/models.py authentik/sources/saml/models.py msgid "RSA-SHA512" msgstr "RSA-SHA512" -#: authentik/providers/saml/models.py:123 authentik/sources/saml/models.py:142 +#: authentik/providers/saml/models.py authentik/sources/saml/models.py +msgid "ECDSA-SHA1" +msgstr "" + +#: authentik/providers/saml/models.py authentik/sources/saml/models.py +msgid "ECDSA-SHA256" +msgstr "" + +#: authentik/providers/saml/models.py authentik/sources/saml/models.py +msgid "ECDSA-SHA384" +msgstr "" + +#: authentik/providers/saml/models.py authentik/sources/saml/models.py +msgid "ECDSA-SHA512" +msgstr "" + +#: authentik/providers/saml/models.py authentik/sources/saml/models.py msgid "DSA-SHA1" msgstr "DSA-SHA1" -#: authentik/providers/saml/models.py:140 +#: authentik/providers/saml/models.py authentik/sources/saml/models.py +msgid "" +"When selected, incoming assertion's Signatures will be validated against " +"this certificate. To allow unsigned Requests, leave on default." +msgstr "" + +#: authentik/providers/saml/models.py authentik/sources/saml/models.py msgid "Verification Certificate" msgstr "Certificado de Verificação" -#: authentik/providers/saml/models.py:148 +#: authentik/providers/saml/models.py msgid "Keypair used to sign outgoing Responses going to the Service Provider." msgstr "" "Par de chaves usado para assinar Respostas de saída dirigidas ao Provedor de" " Serviço" -#: authentik/providers/saml/models.py:150 authentik/sources/saml/models.py:118 +#: authentik/providers/saml/models.py authentik/sources/saml/models.py msgid "Signing Keypair" msgstr "Par de Chaves de Assinatura" -#: authentik/providers/saml/models.py:180 +#: authentik/providers/saml/models.py authentik/sources/saml/models.py +msgid "" +"When selected, incoming assertions are encrypted by the IdP using the public" +" key of the encryption keypair. The assertion is decrypted by the SP using " +"the the private key." +msgstr "" + +#: authentik/providers/saml/models.py authentik/sources/saml/models.py +msgid "Encryption Keypair" +msgstr "" + +#: authentik/providers/saml/models.py +msgid "Default relay_state value for IDP-initiated logins" +msgstr "" + +#: authentik/providers/saml/models.py msgid "SAML Provider" msgstr "Provedor SAML" -#: authentik/providers/saml/models.py:181 +#: authentik/providers/saml/models.py msgid "SAML Providers" msgstr "Provedores SAML" -#: authentik/providers/saml/models.py:206 -msgid "SAML Property Mapping" -msgstr "Mapeamento de Propriedades SAML" +#: authentik/providers/saml/models.py +msgid "SAML Provider Property Mapping" +msgstr "" -#: authentik/providers/saml/models.py:207 -msgid "SAML Property Mappings" -msgstr "Mapeamentos de Propriedades SAML" +#: authentik/providers/saml/models.py +msgid "SAML Provider Property Mappings" +msgstr "" -#: authentik/recovery/management/commands/create_admin_group.py:11 +#: authentik/providers/saml/models.py +msgid "SAML Provider from Metadata" +msgstr "Provedor SAML a partir de Metadados" + +#: authentik/providers/saml/models.py +msgid "SAML Providers from Metadata" +msgstr "Provedores SAML a partir de Metadados" + +#: authentik/providers/scim/models.py +msgid "Default" +msgstr "Pré-definido" + +#: authentik/providers/scim/models.py +msgid "AWS" +msgstr "" + +#: authentik/providers/scim/models.py +msgid "Slack" +msgstr "" + +#: authentik/providers/scim/models.py +msgid "Base URL to SCIM requests, usually ends in /v2" +msgstr "" + +#: authentik/providers/scim/models.py +msgid "Authentication token" +msgstr "" + +#: authentik/providers/scim/models.py +msgid "SCIM Compatibility Mode" +msgstr "" + +#: authentik/providers/scim/models.py +msgid "Alter authentik behavior for vendor-specific SCIM implementations." +msgstr "" + +#: authentik/providers/scim/models.py +msgid "SCIM Provider" +msgstr "Provedor SCIM" + +#: authentik/providers/scim/models.py +msgid "SCIM Providers" +msgstr "Provedores SCIM" + +#: authentik/providers/scim/models.py +msgid "SCIM Provider Mapping" +msgstr "" + +#: authentik/providers/scim/models.py +msgid "SCIM Provider Mappings" +msgstr "" + +#: authentik/rbac/models.py +msgid "Role" +msgstr "" + +#: authentik/rbac/models.py +msgid "Roles" +msgstr "" + +#: authentik/rbac/models.py +msgid "Initial Permissions" +msgstr "" + +#: authentik/rbac/models.py +msgid "System permission" +msgstr "" + +#: authentik/rbac/models.py +msgid "System permissions" +msgstr "" + +#: authentik/rbac/models.py +msgid "Can view system info" +msgstr "" + +#: authentik/rbac/models.py +msgid "Can access admin interface" +msgstr "" + +#: authentik/rbac/models.py +msgid "Can view system settings" +msgstr "" + +#: authentik/rbac/models.py +msgid "Can edit system settings" +msgstr "" + +#: authentik/recovery/management/commands/create_admin_group.py msgid "Create admin group if the default group gets deleted." msgstr "Criar um grupo admin caso o grupo pré-definido seja apagado" -#: authentik/recovery/management/commands/create_recovery_key.py:17 +#: authentik/recovery/management/commands/create_recovery_key.py msgid "Create a Key which can be used to restore access to authentik." msgstr "" "Criar uma Chave que possa ser utilizada para restaurar acesso ao authentik." -#: authentik/recovery/views.py:24 +#: authentik/recovery/views.py msgid "Used recovery-link to authenticate." msgstr "Recovery-link utilizado para autenticar." -#: authentik/sources/ldap/models.py:32 +#: authentik/sources/kerberos/models.py +msgid "Kerberos realm" +msgstr "" + +#: authentik/sources/kerberos/models.py +msgid "Custom krb5.conf to use. Uses the system one by default" +msgstr "" + +#: authentik/sources/kerberos/models.py +msgid "KAdmin server type" +msgstr "" + +#: authentik/sources/kerberos/models.py +msgid "Sync users from Kerberos into authentik" +msgstr "" + +#: authentik/sources/kerberos/models.py +msgid "When a user changes their password, sync it back to Kerberos" +msgstr "" + +#: authentik/sources/kerberos/models.py +msgid "Principal to authenticate to kadmin for sync." +msgstr "" + +#: authentik/sources/kerberos/models.py +msgid "Password to authenticate to kadmin for sync" +msgstr "" + +#: authentik/sources/kerberos/models.py +msgid "" +"Keytab to authenticate to kadmin for sync. Must be base64-encoded or in the " +"form TYPE:residual" +msgstr "" + +#: authentik/sources/kerberos/models.py +msgid "" +"Credentials cache to authenticate to kadmin for sync. Must be in the form " +"TYPE:residual" +msgstr "" + +#: authentik/sources/kerberos/models.py +msgid "" +"Force the use of a specific server name for SPNEGO. Must be in the form " +"HTTP@hostname" +msgstr "" + +#: authentik/sources/kerberos/models.py +msgid "SPNEGO keytab base64-encoded or path to keytab in the form FILE:path" +msgstr "" + +#: authentik/sources/kerberos/models.py +msgid "Credential cache to use for SPNEGO in form type:residual" +msgstr "" + +#: authentik/sources/kerberos/models.py +msgid "" +"If enabled, the authentik-stored password will be updated upon login with " +"the Kerberos password backend" +msgstr "" + +#: authentik/sources/kerberos/models.py +msgid "Kerberos Source" +msgstr "" + +#: authentik/sources/kerberos/models.py +msgid "Kerberos Sources" +msgstr "" + +#: authentik/sources/kerberos/models.py +msgid "Kerberos Source Property Mapping" +msgstr "" + +#: authentik/sources/kerberos/models.py +msgid "Kerberos Source Property Mappings" +msgstr "" + +#: authentik/sources/kerberos/models.py +msgid "User Kerberos Source Connection" +msgstr "" + +#: authentik/sources/kerberos/models.py +msgid "User Kerberos Source Connections" +msgstr "" + +#: authentik/sources/kerberos/models.py +msgid "Group Kerberos Source Connection" +msgstr "" + +#: authentik/sources/kerberos/models.py +msgid "Group Kerberos Source Connections" +msgstr "" + +#: authentik/sources/kerberos/views.py +msgid "SPNEGO authentication required" +msgstr "" + +#: authentik/sources/kerberos/views.py +msgid "" +"\n" +" Make sure you have valid tickets (obtainable via kinit)\n" +" and configured the browser correctly.\n" +" Please contact your administrator.\n" +" " +msgstr "" + +#: authentik/sources/ldap/api.py +msgid "Only a single LDAP Source with password synchronization is allowed" +msgstr "" + +#: authentik/sources/ldap/models.py msgid "Server URI" msgstr "URI do servidor" -#: authentik/sources/ldap/models.py:40 +#: authentik/sources/ldap/models.py msgid "" "Optionally verify the LDAP Server's Certificate against the CA Chain in this" " keypair." @@ -985,81 +2277,141 @@ msgstr "" "Opcionalmente verificar o Certificado do Servidor LDAP contra a Cadeia CA " "neste par de chaves." -#: authentik/sources/ldap/models.py:45 -msgid "Bind CN" -msgstr "Bind CN" +#: authentik/sources/ldap/models.py +msgid "" +"Client certificate to authenticate against the LDAP Server's Certificate." +msgstr "" -#: authentik/sources/ldap/models.py:47 +#: authentik/sources/ldap/models.py +msgid "Bind CN" +msgstr "CN de Vínculo" + +#: authentik/sources/ldap/models.py msgid "Enable Start TLS" msgstr "Ativar Start TLS" -#: authentik/sources/ldap/models.py:49 +#: authentik/sources/ldap/models.py +msgid "Use Server URI for SNI verification" +msgstr "" + +#: authentik/sources/ldap/models.py msgid "Base DN" msgstr "Base DN" -#: authentik/sources/ldap/models.py:51 +#: authentik/sources/ldap/models.py msgid "Prepended to Base DN for User-queries." msgstr "Prefixado ao DN Base para consultas de Utilizadores." -#: authentik/sources/ldap/models.py:52 +#: authentik/sources/ldap/models.py msgid "Addition User DN" -msgstr "Adição de DN de Utilizador" +msgstr "Adição de User DN" -#: authentik/sources/ldap/models.py:56 +#: authentik/sources/ldap/models.py msgid "Prepended to Base DN for Group-queries." msgstr "Prefixado ao DN Base para consultas de Grupos." -#: authentik/sources/ldap/models.py:57 +#: authentik/sources/ldap/models.py msgid "Addition Group DN" -msgstr "Adição de DN de Grupo" +msgstr "Adição de Group DN" -#: authentik/sources/ldap/models.py:63 +#: authentik/sources/ldap/models.py msgid "Consider Objects matching this filter to be Users." msgstr "" "Considerar Objetos que correspondam a este filtro como sendo Utilizadores." -#: authentik/sources/ldap/models.py:66 +#: authentik/sources/ldap/models.py msgid "Field which contains members of a group." msgstr "Campo que contém membros de um grupo." -#: authentik/sources/ldap/models.py:70 +#: authentik/sources/ldap/models.py msgid "Consider Objects matching this filter to be Groups." msgstr "Considerar Objetos que correspondam a este filtro como sendo Grupos." -#: authentik/sources/ldap/models.py:73 +#: authentik/sources/ldap/models.py msgid "Field which contains a unique Identifier." msgstr "Campo que contém um Identificador único." -#: authentik/sources/ldap/models.py:80 -msgid "Property mappings used for group creation/updating." +#: authentik/sources/ldap/models.py +msgid "Update internal authentik password when login succeeds with LDAP" msgstr "" -"Mapeamentos de propriedades utilizados para criação/atualização de grupos." -#: authentik/sources/ldap/models.py:145 +#: authentik/sources/ldap/models.py +msgid "" +"When a user changes their password, sync it back to LDAP. This can only be " +"enabled on a single LDAP source." +msgstr "" + +#: authentik/sources/ldap/models.py +msgid "" +"Lookup group membership based on a user attribute instead of a group " +"attribute. This allows nested group resolution on systems like FreeIPA and " +"Active Directory" +msgstr "" + +#: authentik/sources/ldap/models.py +msgid "" +"Delete authentik users and groups which were previously supplied by this " +"source, but are now missing from it." +msgstr "" + +#: authentik/sources/ldap/models.py msgid "LDAP Source" msgstr "Fonte LDAP" -#: authentik/sources/ldap/models.py:146 +#: authentik/sources/ldap/models.py msgid "LDAP Sources" msgstr "Fontes LDAP" -#: authentik/sources/ldap/models.py:169 -msgid "LDAP Property Mapping" -msgstr "Mapeamento de Propriedades LDAP" +#: authentik/sources/ldap/models.py +msgid "LDAP Source Property Mapping" +msgstr "" -#: authentik/sources/ldap/models.py:170 -msgid "LDAP Property Mappings" -msgstr "Mapeamentos de Propriedades LDAP" +#: authentik/sources/ldap/models.py +msgid "LDAP Source Property Mappings" +msgstr "" -#: authentik/sources/ldap/signals.py:58 +#: authentik/sources/ldap/models.py +msgid "" +"Unique ID used while checking if this object still exists in the directory." +msgstr "" + +#: authentik/sources/ldap/models.py +msgid "User LDAP Source Connection" +msgstr "" + +#: authentik/sources/ldap/models.py +msgid "User LDAP Source Connections" +msgstr "" + +#: authentik/sources/ldap/models.py +msgid "Group LDAP Source Connection" +msgstr "" + +#: authentik/sources/ldap/models.py +msgid "Group LDAP Source Connections" +msgstr "" + +#: authentik/sources/ldap/signals.py msgid "Password does not match Active Directory Complexity." msgstr "A palavra-passe não corresponde à Complexidade do Active Directory." -#: authentik/sources/oauth/models.py:24 +#: authentik/sources/oauth/clients/oauth2.py +msgid "No token received." +msgstr "" + +#: authentik/sources/oauth/models.py +msgid "HTTP Basic Authentication" +msgstr "Autenticação básica HTTP" + +#: authentik/sources/oauth/models.py +msgid "Include the client ID and secret as request parameters" +msgstr "" + +#: authentik/sources/oauth/models.py msgid "Request Token URL" msgstr "URL de Pedido de Token" -#: authentik/sources/oauth/models.py:26 +#: authentik/sources/oauth/models.py msgid "" "URL used to request the initial token. This URL is only required for OAuth " "1." @@ -1067,193 +2419,282 @@ msgstr "" "URL utilizado para pedir o token inicial. Este URL é apenas necesssário para" " OAuth 1." -#: authentik/sources/oauth/models.py:32 +#: authentik/sources/oauth/models.py msgid "Authorization URL" msgstr "URL de Autorização" -#: authentik/sources/oauth/models.py:33 +#: authentik/sources/oauth/models.py msgid "URL the user is redirect to to conest the flow." msgstr "URL para o qual o utilizador é redirecionado para contestar o fluxo" -#: authentik/sources/oauth/models.py:38 +#: authentik/sources/oauth/models.py msgid "Access Token URL" msgstr "URL do Token de Acesso" -#: authentik/sources/oauth/models.py:39 +#: authentik/sources/oauth/models.py msgid "URL used by authentik to retrieve tokens." msgstr "URL utilizado pelo authentik para obter tokens." -#: authentik/sources/oauth/models.py:44 +#: authentik/sources/oauth/models.py msgid "Profile URL" msgstr "URL do Perfil" -#: authentik/sources/oauth/models.py:45 +#: authentik/sources/oauth/models.py msgid "URL used by authentik to get user information." msgstr "" "URL utilizado pelo authentik para obter informação sobre utilizadores." -#: authentik/sources/oauth/models.py:97 +#: authentik/sources/oauth/models.py +msgid "Additional Scopes" +msgstr "" + +#: authentik/sources/oauth/models.py +msgid "" +"How to perform authentication during an authorization_code token request " +"flow" +msgstr "" + +#: authentik/sources/oauth/models.py msgid "OAuth Source" msgstr "Fonte OAuth" -#: authentik/sources/oauth/models.py:98 +#: authentik/sources/oauth/models.py msgid "OAuth Sources" msgstr "Fontes OAuth" -#: authentik/sources/oauth/models.py:107 +#: authentik/sources/oauth/models.py msgid "GitHub OAuth Source" msgstr "Fonte OAuth GitHub" -#: authentik/sources/oauth/models.py:108 +#: authentik/sources/oauth/models.py msgid "GitHub OAuth Sources" msgstr "Fontes OAuth GitHub" -#: authentik/sources/oauth/models.py:117 +#: authentik/sources/oauth/models.py +msgid "GitLab OAuth Source" +msgstr "" + +#: authentik/sources/oauth/models.py +msgid "GitLab OAuth Sources" +msgstr "" + +#: authentik/sources/oauth/models.py +msgid "Twitch OAuth Source" +msgstr "" + +#: authentik/sources/oauth/models.py +msgid "Twitch OAuth Sources" +msgstr "" + +#: authentik/sources/oauth/models.py +msgid "Mailcow OAuth Source" +msgstr "" + +#: authentik/sources/oauth/models.py +msgid "Mailcow OAuth Sources" +msgstr "" + +#: authentik/sources/oauth/models.py msgid "Twitter OAuth Source" msgstr "Fonte OAuth Twitter" -#: authentik/sources/oauth/models.py:118 +#: authentik/sources/oauth/models.py msgid "Twitter OAuth Sources" msgstr "Fontes OAuth Twitter" -#: authentik/sources/oauth/models.py:127 +#: authentik/sources/oauth/models.py msgid "Facebook OAuth Source" msgstr "Fonte OAuth Facebook" -#: authentik/sources/oauth/models.py:128 +#: authentik/sources/oauth/models.py msgid "Facebook OAuth Sources" msgstr "Fontes OAuth Facebook" -#: authentik/sources/oauth/models.py:137 +#: authentik/sources/oauth/models.py msgid "Discord OAuth Source" msgstr "Fonte OAuth Discord" -#: authentik/sources/oauth/models.py:138 +#: authentik/sources/oauth/models.py msgid "Discord OAuth Sources" msgstr "Fontes OAuth Discord" -#: authentik/sources/oauth/models.py:147 +#: authentik/sources/oauth/models.py +msgid "Patreon OAuth Source" +msgstr "" + +#: authentik/sources/oauth/models.py +msgid "Patreon OAuth Sources" +msgstr "" + +#: authentik/sources/oauth/models.py msgid "Google OAuth Source" msgstr "Fonte OAuth Google" -#: authentik/sources/oauth/models.py:148 +#: authentik/sources/oauth/models.py msgid "Google OAuth Sources" msgstr "Fontes OAuth Google" -#: authentik/sources/oauth/models.py:157 +#: authentik/sources/oauth/models.py msgid "Azure AD OAuth Source" msgstr "Fonte OAuth Azure AD" -#: authentik/sources/oauth/models.py:158 +#: authentik/sources/oauth/models.py msgid "Azure AD OAuth Sources" msgstr "Fontes OAuth Azure AD" -#: authentik/sources/oauth/models.py:167 +#: authentik/sources/oauth/models.py msgid "OpenID OAuth Source" msgstr "Fonte OAuth OpenID" -#: authentik/sources/oauth/models.py:168 +#: authentik/sources/oauth/models.py msgid "OpenID OAuth Sources" msgstr "Fontes OAuth OpenID" -#: authentik/sources/oauth/models.py:177 +#: authentik/sources/oauth/models.py msgid "Apple OAuth Source" msgstr "Fonte OAuth Apple" -#: authentik/sources/oauth/models.py:178 +#: authentik/sources/oauth/models.py msgid "Apple OAuth Sources" msgstr "Fontes OAuth Apple" -#: authentik/sources/oauth/models.py:187 +#: authentik/sources/oauth/models.py msgid "Okta OAuth Source" msgstr "Fonte OAuth Okta" -#: authentik/sources/oauth/models.py:188 +#: authentik/sources/oauth/models.py msgid "Okta OAuth Sources" msgstr "Fontes OAuth Okta" -#: authentik/sources/oauth/models.py:203 +#: authentik/sources/oauth/models.py +msgid "Reddit OAuth Source" +msgstr "" + +#: authentik/sources/oauth/models.py +msgid "Reddit OAuth Sources" +msgstr "" + +#: authentik/sources/oauth/models.py +msgid "OAuth Source Property Mapping" +msgstr "" + +#: authentik/sources/oauth/models.py +msgid "OAuth Source Property Mappings" +msgstr "" + +#: authentik/sources/oauth/models.py msgid "User OAuth Source Connection" msgstr "Conexão de Fonte OAuth de Utilizador" -#: authentik/sources/oauth/models.py:204 +#: authentik/sources/oauth/models.py msgid "User OAuth Source Connections" msgstr "Conexões de Fonte OAuth de Utilizador" -#: authentik/sources/oauth/views/callback.py:98 -msgid "Authentication Failed." -msgstr "Autenticação Falhada." +#: authentik/sources/oauth/models.py +msgid "Group OAuth Source Connection" +msgstr "" -#: authentik/sources/plex/models.py:37 +#: authentik/sources/oauth/models.py +msgid "Group OAuth Source Connections" +msgstr "" + +#: authentik/sources/oauth/views/callback.py +#, python-brace-format +msgid "Authentication failed: {reason}" +msgstr "" + +#: authentik/sources/plex/models.py msgid "Client identifier used to talk to Plex." msgstr "Identificador de cliente utilizado para comunicar com o Plex." -#: authentik/sources/plex/models.py:52 +#: authentik/sources/plex/models.py +msgid "" +"Which servers a user has to be a member of to be granted access. Empty list " +"allows every server." +msgstr "" + +#: authentik/sources/plex/models.py msgid "Allow friends to authenticate, even if you don't share a server." msgstr "" -"Permitir que amigos de autentiquem, mesmo que não partilhem um servidor." +"Permitir que amigos se autentiquem, mesmo que não partilhem um servidor." -#: authentik/sources/plex/models.py:54 +#: authentik/sources/plex/models.py msgid "Plex token used to check friends" msgstr "Token Plex utilizado para verificar amigos" -#: authentik/sources/plex/models.py:92 +#: authentik/sources/plex/models.py msgid "Plex Source" msgstr "Fonte Plex" -#: authentik/sources/plex/models.py:93 +#: authentik/sources/plex/models.py msgid "Plex Sources" msgstr "Fontes Plex" -#: authentik/sources/plex/models.py:104 +#: authentik/sources/plex/models.py +msgid "Plex Source Property Mapping" +msgstr "" + +#: authentik/sources/plex/models.py +msgid "Plex Source Property Mappings" +msgstr "" + +#: authentik/sources/plex/models.py msgid "User Plex Source Connection" msgstr "Conexão de Fonte de Utilizador Plex" -#: authentik/sources/plex/models.py:105 +#: authentik/sources/plex/models.py msgid "User Plex Source Connections" msgstr "Conexões de Fonte de Utilizador Plex" -#: authentik/sources/saml/models.py:36 +#: authentik/sources/plex/models.py +msgid "Group Plex Source Connection" +msgstr "" + +#: authentik/sources/plex/models.py +msgid "Group Plex Source Connections" +msgstr "" + +#: authentik/sources/saml/models.py msgid "Redirect Binding" msgstr "Associação de Reencaminhamento" -#: authentik/sources/saml/models.py:37 +#: authentik/sources/saml/models.py msgid "POST Binding" msgstr "Associação POST" -#: authentik/sources/saml/models.py:38 +#: authentik/sources/saml/models.py msgid "POST Binding with auto-confirmation" msgstr "Associação POST com autoconfirmação" -#: authentik/sources/saml/models.py:57 +#: authentik/sources/saml/models.py msgid "Flow used before authentication." msgstr "Fluxo utilizado antes da autenticação" -#: authentik/sources/saml/models.py:64 +#: authentik/sources/saml/models.py msgid "Issuer" msgstr "Emissor" -#: authentik/sources/saml/models.py:65 +#: authentik/sources/saml/models.py msgid "Also known as Entity ID. Defaults the Metadata URL." msgstr "Também conhecido como ID de Entidade. Pré-define o URL de Metadados." -#: authentik/sources/saml/models.py:69 +#: authentik/sources/saml/models.py msgid "SSO URL" msgstr "URL SSO" -#: authentik/sources/saml/models.py:70 +#: authentik/sources/saml/models.py msgid "URL that the initial Login request is sent to." msgstr "URL para o qual o pedido inicial de Início de Sessão é enviado." -#: authentik/sources/saml/models.py:76 +#: authentik/sources/saml/models.py msgid "SLO URL" msgstr "URL SLO" -#: authentik/sources/saml/models.py:77 +#: authentik/sources/saml/models.py msgid "Optional URL if your IDP supports Single-Logout." msgstr "URL opcional se o seu IDP suportar Single-Logout." -#: authentik/sources/saml/models.py:83 +#: authentik/sources/saml/models.py msgid "" "Allows authentication flows initiated by the IdP. This can be a security " "risk, as no validation of the request ID is done." @@ -1261,7 +2702,7 @@ msgstr "" "Permite fluxos de autenticação iniciados pelo IdP. Isto pode ser um risco de" " segurança uma vez que não é feita nenhuma validação do ID do pedido." -#: authentik/sources/saml/models.py:91 +#: authentik/sources/saml/models.py msgid "" "NameID Policy sent to the IdP. Can be unset, in which case no Policy is " "sent." @@ -1269,228 +2710,488 @@ msgstr "" "Política NameID enviada para o IdP. Pode ser desfeito. Nesse caso, nenhuma " "Política é enviada." -#: authentik/sources/saml/models.py:102 +#: authentik/sources/saml/models.py msgid "Delete temporary users after" msgstr "Eliminar utilizadores temporários após" -#: authentik/sources/saml/models.py:120 +#: authentik/sources/saml/models.py msgid "" -"Keypair which is used to sign outgoing requests. Leave empty to disable " -"signing." +"Time offset when temporary users should be deleted. This only applies if " +"your IDP uses the NameID Format 'transient', and the user doesn't log out " +"manually. (Format: hours=1;minutes=2;seconds=3)." msgstr "" -"Par de chaves utilizado para assinar pedidos enviados. Deixar em branco para" -" desativar a assinatura." -#: authentik/sources/saml/models.py:188 +#: authentik/sources/saml/models.py +msgid "" +"Keypair used to sign outgoing Responses going to the Identity Provider." +msgstr "" + +#: authentik/sources/saml/models.py msgid "SAML Source" msgstr "Fonte SAML" -#: authentik/sources/saml/models.py:189 +#: authentik/sources/saml/models.py msgid "SAML Sources" msgstr "Fontes SAML" -#: authentik/stages/authenticator_duo/models.py:64 +#: authentik/sources/saml/models.py +msgid "SAML Source Property Mapping" +msgstr "" + +#: authentik/sources/saml/models.py +msgid "SAML Source Property Mappings" +msgstr "" + +#: authentik/sources/saml/models.py +msgid "User SAML Source Connection" +msgstr "" + +#: authentik/sources/saml/models.py +msgid "User SAML Source Connections" +msgstr "" + +#: authentik/sources/saml/models.py +msgid "Group SAML Source Connection" +msgstr "" + +#: authentik/sources/saml/models.py +msgid "Group SAML Source Connections" +msgstr "" + +#: authentik/sources/saml/views.py +#, python-brace-format +msgid "Continue to {source_name}" +msgstr "" + +#: authentik/sources/scim/models.py +msgid "SCIM Source" +msgstr "Fonte SCIM" + +#: authentik/sources/scim/models.py +msgid "SCIM Sources" +msgstr "Fontes SCIM" + +#: authentik/sources/scim/models.py +msgid "SCIM Source Property Mapping" +msgstr "" + +#: authentik/sources/scim/models.py +msgid "SCIM Source Property Mappings" +msgstr "" + +#: authentik/stages/authenticator_duo/models.py msgid "Duo Authenticator Setup Stage" msgstr "Etapa de Configuração do Duo Authenticator" -#: authentik/stages/authenticator_duo/models.py:65 +#: authentik/stages/authenticator_duo/models.py msgid "Duo Authenticator Setup Stages" msgstr "Etapas de Configuração do Duo Authenticator" -#: authentik/stages/authenticator_duo/models.py:82 +#: authentik/stages/authenticator_duo/models.py msgid "Duo Device" msgstr "Dispositivo Duo" -#: authentik/stages/authenticator_duo/models.py:83 +#: authentik/stages/authenticator_duo/models.py msgid "Duo Devices" msgstr "Dispositivos Duo" -#: authentik/stages/authenticator_sms/models.py:157 -msgid "SMS Authenticator Setup Stage" -msgstr "Etapa de Configuração do Autenticador por SMS" +#: authentik/stages/authenticator_email/models.py +msgid "Email OTP" +msgstr "OTP Email" -#: authentik/stages/authenticator_sms/models.py:158 -msgid "SMS Authenticator Setup Stages" -msgstr "Etapas de Configuração do Autenticador por SMS" +#: authentik/stages/authenticator_email/models.py +#: authentik/stages/email/models.py +msgid "" +"When enabled, global Email connection settings will be used and connection " +"settings below will be ignored." +msgstr "" -#: authentik/stages/authenticator_sms/models.py:175 -msgid "SMS Device" -msgstr "Dispositivo SMS" +#: authentik/stages/authenticator_email/models.py +#: authentik/stages/email/models.py +msgid "Time the token sent is valid (Format: hours=3,minutes=17,seconds=300)." +msgstr "" -#: authentik/stages/authenticator_sms/models.py:176 -msgid "SMS Devices" -msgstr "Dispositivos SMS" +#: authentik/stages/authenticator_email/models.py +msgid "Email Authenticator Setup Stage" +msgstr "" -#: authentik/stages/authenticator_sms/stage.py:54 -#: authentik/stages/authenticator_totp/stage.py:45 +#: authentik/stages/authenticator_email/models.py +msgid "Email Authenticator Setup Stages" +msgstr "" + +#: authentik/stages/authenticator_email/models.py +#: authentik/stages/authenticator_email/stage.py +#: authentik/stages/email/stage.py +msgid "Exception occurred while rendering E-mail template" +msgstr "" + +#: authentik/stages/authenticator_email/models.py +msgid "Email Device" +msgstr "Dispositivo de e-mail" + +#: authentik/stages/authenticator_email/models.py +msgid "Email Devices" +msgstr "Dispositivos de E-mail" + +#: authentik/stages/authenticator_email/stage.py +#: authentik/stages/authenticator_sms/stage.py +#: authentik/stages/authenticator_totp/stage.py msgid "Code does not match" msgstr "O código não corresponde" -#: authentik/stages/authenticator_static/models.py:47 -msgid "Static Authenticator Stage" -msgstr "Etapa de Autenticador Estático" +#: authentik/stages/authenticator_email/stage.py +msgid "Invalid email" +msgstr "E-mail inválido." -#: authentik/stages/authenticator_static/models.py:48 -msgid "Static Authenticator Stages" -msgstr "Etapa de Autenticador Estático" +#: authentik/stages/authenticator_email/templates/email/email_otp.html +#: authentik/stages/email/templates/email/password_reset.html +#, python-format +msgid "" +"\n" +" Hi %(username)s,\n" +" " +msgstr "" +"\n" +" Olá %(username)s,\n" +" " -#: authentik/stages/authenticator_totp/models.py:16 +#: authentik/stages/authenticator_email/templates/email/email_otp.html +msgid "" +"\n" +" Email MFA code.\n" +" " +msgstr "" + +#: authentik/stages/authenticator_email/templates/email/email_otp.html +#, python-format +msgid "" +"\n" +" If you did not request this code, please ignore this email. The code above is valid for %(expires)s.\n" +" " +msgstr "" + +#: authentik/stages/authenticator_email/templates/email/email_otp.txt +#: authentik/stages/email/templates/email/password_reset.txt +#, python-format +msgid "Hi %(username)s," +msgstr "Olá %(username)s," + +#: authentik/stages/authenticator_email/templates/email/email_otp.txt +msgid "" +"\n" +"Email MFA code\n" +msgstr "" + +#: authentik/stages/authenticator_email/templates/email/email_otp.txt +#, python-format +msgid "" +"\n" +"If you did not request this code, please ignore this email. The code above is valid for %(expires)s.\n" +msgstr "" + +#: authentik/stages/authenticator_sms/models.py +msgid "" +"When enabled, the Phone number is only used during enrollment to verify the " +"users authenticity. Only a hash of the phone number is saved to ensure it is" +" not reused in the future." +msgstr "" + +#: authentik/stages/authenticator_sms/models.py +msgid "Optionally modify the payload being sent to custom providers." +msgstr "" + +#: authentik/stages/authenticator_sms/models.py +#, python-brace-format +msgid "Use this code to authenticate in authentik: {token}" +msgstr "" + +#: authentik/stages/authenticator_sms/models.py +msgid "SMS Authenticator Setup Stage" +msgstr "Etapa de Configuração do Autenticador por SMS" + +#: authentik/stages/authenticator_sms/models.py +msgid "SMS Authenticator Setup Stages" +msgstr "Etapas de Configuração do Autenticador por SMS" + +#: authentik/stages/authenticator_sms/models.py +msgid "SMS Device" +msgstr "Dispositivo SMS" + +#: authentik/stages/authenticator_sms/models.py +msgid "SMS Devices" +msgstr "Dispositivos SMS" + +#: authentik/stages/authenticator_sms/stage.py +msgid "Invalid phone number" +msgstr "" + +#: authentik/stages/authenticator_static/models.py +msgid "Static Authenticator Setup Stage" +msgstr "" + +#: authentik/stages/authenticator_static/models.py +msgid "Static Authenticator Setup Stages" +msgstr "" + +#: authentik/stages/authenticator_static/models.py +msgid "Static Device" +msgstr "" + +#: authentik/stages/authenticator_static/models.py +msgid "Static Devices" +msgstr "" + +#: authentik/stages/authenticator_static/models.py +msgid "Static Token" +msgstr "" + +#: authentik/stages/authenticator_static/models.py +msgid "Static Tokens" +msgstr "" + +#: authentik/stages/authenticator_totp/models.py msgid "6 digits, widely compatible" msgstr "6 dígitos, alta compatibilidade" -#: authentik/stages/authenticator_totp/models.py:17 +#: authentik/stages/authenticator_totp/models.py msgid "8 digits, not compatible with apps like Google Authenticator" msgstr "8 dígitos, não compatível com apps como o Google Authenticator" -#: authentik/stages/authenticator_totp/models.py:54 +#: authentik/stages/authenticator_totp/models.py msgid "TOTP Authenticator Setup Stage" msgstr "Etapa de Configuração de Autenticador TOTP" -#: authentik/stages/authenticator_totp/models.py:55 +#: authentik/stages/authenticator_totp/models.py msgid "TOTP Authenticator Setup Stages" msgstr "Etapa de Configuração de Autenticador TOTP" -#: authentik/stages/authenticator_validate/challenge.py:99 -msgid "Invalid Token" -msgstr "Token Inválido" +#: authentik/stages/authenticator_totp/models.py +msgid "TOTP Device" +msgstr "" -#: authentik/stages/authenticator_validate/models.py:17 +#: authentik/stages/authenticator_totp/models.py +msgid "TOTP Devices" +msgstr "" + +#: authentik/stages/authenticator_validate/challenge.py +msgid "" +"Invalid Token. Please ensure the time on your device is accurate and try " +"again." +msgstr "" + +#: authentik/stages/authenticator_validate/challenge.py +#: authentik/stages/authenticator_webauthn/stage.py +#, python-brace-format +msgid "Invalid device type. Contact your {brand} administrator for help." +msgstr "" + +#: authentik/stages/authenticator_validate/models.py +msgid "Static" +msgstr "Estático" + +#: authentik/stages/authenticator_validate/models.py msgid "TOTP" msgstr "TOTP" -#: authentik/stages/authenticator_validate/models.py:18 +#: authentik/stages/authenticator_validate/models.py msgid "WebAuthn" msgstr "WebAuthn" -#: authentik/stages/authenticator_validate/models.py:19 +#: authentik/stages/authenticator_validate/models.py msgid "Duo" msgstr "Duo" -#: authentik/stages/authenticator_validate/models.py:20 +#: authentik/stages/authenticator_validate/models.py msgid "SMS" msgstr "SMS" -#: authentik/stages/authenticator_validate/models.py:58 +#: authentik/stages/authenticator_validate/models.py +msgid "" +"Stages used to configure Authenticator when user doesn't have any compatible" +" devices. After this configuration Stage passes, the user is not prompted " +"again." +msgstr "" +"Etapas utiizadas para configurar o autenticador caso o utilizador não tenha " +"nenhum dispositivo compatível. Após etapa de configuração estar concluída, " +"deixa de ser pedido ao utilizador." + +#: authentik/stages/authenticator_validate/models.py msgid "Device classes which can be used to authenticate" msgstr "Classes de dispositivos que possam ser utilizados para autenticar" -#: authentik/stages/authenticator_validate/models.py:80 +#: authentik/stages/authenticator_validate/models.py +msgid "" +"If any of the user's device has been used within this threshold, this stage " +"will be skipped" +msgstr "" + +#: authentik/stages/authenticator_validate/models.py +msgid "Enforce user verification for WebAuthn devices." +msgstr "" + +#: authentik/stages/authenticator_validate/models.py msgid "Authenticator Validation Stage" msgstr "Etapa de Validação do Autenticador" -#: authentik/stages/authenticator_validate/models.py:81 +#: authentik/stages/authenticator_validate/models.py msgid "Authenticator Validation Stages" msgstr "Etapa de Validação do Autenticador" -#: authentik/stages/authenticator_webauthn/models.py:71 +#: authentik/stages/authenticator_validate/stage.py +msgid "No (allowed) MFA authenticator configured." +msgstr "" + +#: authentik/stages/authenticator_webauthn/models.py msgid "WebAuthn Authenticator Setup Stage" msgstr "Etapa de Configuração de Autenticador WebAuthn" -#: authentik/stages/authenticator_webauthn/models.py:72 +#: authentik/stages/authenticator_webauthn/models.py msgid "WebAuthn Authenticator Setup Stages" msgstr "Etapa de Configuração de Autenticador WebAuthn" -#: authentik/stages/authenticator_webauthn/models.py:105 +#: authentik/stages/authenticator_webauthn/models.py msgid "WebAuthn Device" msgstr "Dispositivo WebAuthn" -#: authentik/stages/authenticator_webauthn/models.py:106 +#: authentik/stages/authenticator_webauthn/models.py msgid "WebAuthn Devices" msgstr "Dispositivos WebAuthn" -#: authentik/stages/captcha/models.py:15 -msgid "" -"Public key, acquired from https://www.google.com/recaptcha/intro/v3.html" +#: authentik/stages/authenticator_webauthn/models.py +msgid "WebAuthn Device type" msgstr "" -"Chave pública, adquirida em https://www.google.com/recaptcha/intro/v3.html" -#: authentik/stages/captcha/models.py:18 -msgid "" -"Private key, acquired from https://www.google.com/recaptcha/intro/v3.html" +#: authentik/stages/authenticator_webauthn/models.py +msgid "WebAuthn Device types" msgstr "" -"Chave privada, adquirida em https://www.google.com/recaptcha/intro/v3.html" -#: authentik/stages/captcha/models.py:39 +#: authentik/stages/captcha/models.py +msgid "Public key, acquired your captcha Provider." +msgstr "Chave pública, adquirida pelo seu Provedor de CAPTCHA." + +#: authentik/stages/captcha/models.py +msgid "Private key, acquired your captcha Provider." +msgstr "Chave privada, adquirida pelo seu Provedor de CAPTCHA." + +#: authentik/stages/captcha/models.py +msgid "" +"When enabled and the received captcha score is outside of the given " +"threshold, the stage will show an error message. When not enabled, the flow " +"will continue, but the data from the captcha will be available in the " +"context for policy decisions" +msgstr "" + +#: authentik/stages/captcha/models.py msgid "Captcha Stage" msgstr "Etapa Captcha" -#: authentik/stages/captcha/models.py:40 +#: authentik/stages/captcha/models.py msgid "Captcha Stages" msgstr "Etapas Captcha" -#: authentik/stages/consent/models.py:52 +#: authentik/stages/captcha/stage.py +msgid "Invalid captcha response. Retrying may solve this issue." +msgstr "" + +#: authentik/stages/captcha/stage.py +msgid "Invalid captcha response" +msgstr "" + +#: authentik/stages/captcha/stage.py +msgid "Failed to validate token" +msgstr "" + +#: authentik/stages/consent/models.py +msgid "" +"Offset after which consent expires. (Format: hours=1;minutes=2;seconds=3)." +msgstr "" + +#: authentik/stages/consent/models.py msgid "Consent Stage" msgstr "Etapa de Consentimento" -#: authentik/stages/consent/models.py:53 +#: authentik/stages/consent/models.py msgid "Consent Stages" -msgstr "Etapa de Consentiment" +msgstr "Etapas de Consentimento" -#: authentik/stages/consent/models.py:68 +#: authentik/stages/consent/models.py msgid "User Consent" msgstr "Consentimento do Utilizador" -#: authentik/stages/consent/models.py:69 +#: authentik/stages/consent/models.py msgid "User Consents" msgstr "Consentimentos do Utilizador" -#: authentik/stages/deny/models.py:31 +#: authentik/stages/consent/stage.py +msgid "Invalid consent token, re-showing prompt" +msgstr "" + +#: authentik/stages/deny/models.py msgid "Deny Stage" msgstr "Etapa de Negação" -#: authentik/stages/deny/models.py:32 +#: authentik/stages/deny/models.py msgid "Deny Stages" msgstr "Etapas de Negação" -#: authentik/stages/dummy/models.py:33 +#: authentik/stages/dummy/models.py msgid "Dummy Stage" msgstr "Etapa Fictícia" -#: authentik/stages/dummy/models.py:34 +#: authentik/stages/dummy/models.py msgid "Dummy Stages" msgstr "Etapas Fictícia" -#: authentik/stages/email/models.py:25 +#: authentik/stages/email/flow.py +msgid "Continue to confirm this email address." +msgstr "" + +#: authentik/stages/email/flow.py +msgid "Link was already used, please request a new link." +msgstr "" + +#: authentik/stages/email/models.py msgid "Password Reset" msgstr "Redefinição de Palavra-Passe" -#: authentik/stages/email/models.py:29 +#: authentik/stages/email/models.py msgid "Account Confirmation" msgstr "Confirmação de Conta" -#: authentik/stages/email/models.py:75 +#: authentik/stages/email/models.py msgid "Activate users upon completion of stage." msgstr "Ativar utilizadores após completarem a etapa." -#: authentik/stages/email/models.py:79 -msgid "Time in minutes the token sent is valid." -msgstr "Tempo, em minutos, durante o qual o token enviado é válido." - -#: authentik/stages/email/models.py:125 +#: authentik/stages/email/models.py msgid "Email Stage" -msgstr "Etapa de E-Mail" +msgstr "Etapa de E-mail" -#: authentik/stages/email/models.py:126 +#: authentik/stages/email/models.py msgid "Email Stages" -msgstr "Etapas de E-Mail" +msgstr "Etapas de E-mail" -#: authentik/stages/email/stage.py:106 +#: authentik/stages/email/stage.py msgid "Successfully verified Email." msgstr "E-mail verificado com sucesso." -#: authentik/stages/email/stage.py:113 authentik/stages/email/stage.py:135 +#: authentik/stages/email/stage.py msgid "No pending user." -msgstr "Nenhum utilizador prendente." +msgstr "Nenhum utilizador pendente." -#: authentik/stages/email/stage.py:125 +#: authentik/stages/email/stage.py msgid "Email sent." msgstr "E-mail enviado." -#: authentik/stages/email/templates/email/account_confirmation.html:9 +#: authentik/stages/email/stage.py +msgid "Email Successfully sent." +msgstr "E-mail enviado com sucesso." + +#: authentik/stages/email/templates/email/account_confirmation.html +#: authentik/stages/email/templates/email/account_confirmation.txt msgid "Welcome!" msgstr "Bem-vindos!" -#: authentik/stages/email/templates/email/account_confirmation.html:12 +#: authentik/stages/email/templates/email/account_confirmation.html msgid "" "We're excited to have you get started. First, you need to confirm your " "account. Just press the button below." @@ -1498,11 +3199,11 @@ msgstr "" "Estamos entusiasmados para que você comece. Primeiro, precisa de confirmar a" " sua conta. Basta premir o botão abaixo." -#: authentik/stages/email/templates/email/account_confirmation.html:21 +#: authentik/stages/email/templates/email/account_confirmation.html msgid "Confirm Account" msgstr "Confirmar Conta" -#: authentik/stages/email/templates/email/account_confirmation.html:30 +#: authentik/stages/email/templates/email/account_confirmation.html #, python-format msgid "" "\n" @@ -1512,294 +3213,542 @@ msgstr "" "\n" " Se essa ligação não funcionar, copie e cole a ligação seguinte no seu navegador: %(url)s" -#: authentik/stages/email/templates/email/account_confirmation.html:35 +#: authentik/stages/email/templates/email/account_confirmation.txt msgid "" -"If you have any questions, just reply to this email—we're always happy to " -"help out." +"We're excited to have you get started. First, you need to confirm your " +"account. Just open the link below." msgstr "" -"Se tiver alguma questão, basta responder a este e-mail - temos todo o gosto " -"em ajudar." -#: authentik/stages/email/templates/email/generic.html:24 -msgid "Additional Information" -msgstr "Informação Adicional" - -#: authentik/stages/email/templates/email/password_reset.html:9 +#: authentik/stages/email/templates/email/event_notification.html #, python-format msgid "" "\n" -" Hi %(username)s,\n" -" " +" This email was sent from the notification transport %(name)s.\n" +" " msgstr "" -"\n" -" Olá %(username)s," -#: authentik/stages/email/templates/email/password_reset.html:19 -msgid "" -"\n" -" You recently requested to change your password for you authentik account. Use the button below to set a new password.\n" -" " -msgstr "" -"\n" -" Solicitou recentemente a alteração da palavra-passe da sua conta authentik. Utilize o botão abaixo para definir uma nova palavra-passe." +#: authentik/stages/email/templates/email/event_notification.txt +msgid "Dear authentik user," +msgstr "Caro utilizador authentik," -#: authentik/stages/email/templates/email/password_reset.html:33 -msgid "Reset Password" -msgstr "Redefinir Palavra-Passe" +#: authentik/stages/email/templates/email/event_notification.txt +msgid "The following notification was created:" +msgstr "A seguinte notificação foi criada:" -#: authentik/stages/email/templates/email/password_reset.html:45 +#: authentik/stages/email/templates/email/event_notification.txt +msgid "Additional attributes:" +msgstr "Atributos adicionais:" + +#: authentik/stages/email/templates/email/event_notification.txt #, python-format msgid "" "\n" -" If you did not request a password change, please ignore this Email. The link above is valid for %(expires)s.\n" -" " +"This email was sent from the notification transport %(name)s.\n" msgstr "" -"\n" -" Se não solicitou uma alteração de palavra-passe, por favor ignore este e-mail. A hiperligação acima é válida por %(expires)s." -#: authentik/stages/email/templates/email/setup.html:9 +#: authentik/stages/email/templates/email/password_reset.html +msgid "" +"\n" +" You recently requested to change your password for your authentik account. Use the button below to set a new password.\n" +" " +msgstr "" + +#: authentik/stages/email/templates/email/password_reset.html +#, python-format +msgid "" +"\n" +" If you did not request a password change, please ignore this email. The link above is valid for %(expires)s.\n" +" " +msgstr "" + +#: authentik/stages/email/templates/email/password_reset.txt +msgid "" +"\n" +"You recently requested to change your password for your authentik account. Use the link below to set a new password.\n" +msgstr "" + +#: authentik/stages/email/templates/email/password_reset.txt +#, python-format +msgid "" +"\n" +"If you did not request a password change, please ignore this email. The link above is valid for %(expires)s.\n" +msgstr "" + +#: authentik/stages/email/templates/email/setup.html msgid "authentik Test-Email" msgstr "E-mail de Teste do authentik" -#: authentik/stages/email/templates/email/setup.html:17 +#: authentik/stages/email/templates/email/setup.html msgid "" "\n" " This is a test email to inform you, that you've successfully configured authentik emails.\n" " " msgstr "" "\n" -" Este é um e-mail de teste para lhe informar que configurou corretamente os e-mails do authentik." +" Este é um e-mail de teste para o informar que configurou corretamente os e-mails do authentik." -#: authentik/stages/identification/models.py:42 +#: authentik/stages/email/templates/email/setup.txt msgid "" -"When set, shows a password field, instead of showing the password field as " -"seaprate step." +"\n" +"This is a test email to inform you, that you've successfully configured authentik emails.\n" msgstr "" -"Quando definido, mostra um campo de palavra-passe, em vez de mostrar o campo" -" de palavra-passe no passo à parte." +"\n" +"Este é um e-mail de teste para o informar que configurou corretamente os e-mails do authentik.\n" -#: authentik/stages/identification/models.py:48 +#: authentik/stages/identification/api.py +msgid "When no user fields are selected, at least one source must be selected" +msgstr "" + +#: authentik/stages/identification/models.py +msgid "" +"Fields of the user object to match against. (Hold shift to select multiple " +"options)" +msgstr "" + +#: authentik/stages/identification/models.py msgid "When enabled, user fields are matched regardless of their casing." msgstr "" "Quando ativado, os campos de utilizador são correspondidos ignorando " "maiúsculas." -#: authentik/stages/identification/models.py:68 +#: authentik/stages/identification/models.py +msgid "" +"When a valid username/email has been entered, and this option is enabled, " +"the user's username and avatar will be shown. Otherwise, the text that the " +"user entered will be shown" +msgstr "" + +#: authentik/stages/identification/models.py +msgid "" +"When enabled, the stage will succeed and continue even when incorrect user " +"info is entered." +msgstr "" + +#: authentik/stages/identification/models.py +msgid "" +"Show the user the 'Remember me on this device' toggle, allowing repeat users" +" to skip straight to entering their password." +msgstr "" + +#: authentik/stages/identification/models.py msgid "Optional enrollment flow, which is linked at the bottom of the page." msgstr "" "Fluxo de inscrição opcional, ao qual corresponde uma ligação no final da " "página." -#: authentik/stages/identification/models.py:77 +#: authentik/stages/identification/models.py msgid "Optional recovery flow, which is linked at the bottom of the page." msgstr "" "Fluxo de recuperação opcional, ao qual corresponde uma ligação no final da " "página." -#: authentik/stages/identification/models.py:86 +#: authentik/stages/identification/models.py msgid "Optional passwordless flow, which is linked at the bottom of the page." msgstr "" "Fluxo opcional que sem palavra-passe, ao qual corresponde uma ligação no " "final da página." -#: authentik/stages/identification/models.py:90 +#: authentik/stages/identification/models.py msgid "Specify which sources should be shown." msgstr "Especifica quais as fontes que devem ser mostradas." -#: authentik/stages/identification/models.py:112 +#: authentik/stages/identification/models.py msgid "Identification Stage" -msgstr "Etapa de Indentificação" +msgstr "Etapa de Identificação" -#: authentik/stages/identification/models.py:113 +#: authentik/stages/identification/models.py msgid "Identification Stages" -msgstr "Etapa de Indentifiação" +msgstr "Etapas de Identificação" -#: authentik/stages/identification/stage.py:175 +#: authentik/stages/identification/stage.py msgid "Log in" msgstr "Iniciar sessão" -#: authentik/stages/invitation/models.py:46 +#: authentik/stages/identification/stage.py +msgid "Continue" +msgstr "Continuar" + +#: authentik/stages/invitation/models.py +msgid "" +"If this flag is set, this Stage will jump to the next Stage when no " +"Invitation is given. By default this Stage will cancel the Flow when no " +"invitation is given." +msgstr "" +"Se esta opção estiver ativa, esta fase vai saltar para a próxima fase quando" +" nenhum convite for fornecido. Por omissão, esta fase vai cancelar o fluxo " +"quando não for fornecido nenhum convite." + +#: authentik/stages/invitation/models.py msgid "Invitation Stage" msgstr "Etapa de Convite" -#: authentik/stages/invitation/models.py:47 +#: authentik/stages/invitation/models.py msgid "Invitation Stages" msgstr "Etapas de Convite" -#: authentik/stages/invitation/models.py:57 +#: authentik/stages/invitation/models.py +msgid "When set, only the configured flow can use this invitation." +msgstr "" + +#: authentik/stages/invitation/models.py msgid "When enabled, the invitation will be deleted after usage." -msgstr "Quando ativado, o convite será apagado após ser utilizado" +msgstr "Quando ativado, o convite será apagado após ser utilizado." -#: authentik/stages/invitation/models.py:64 +#: authentik/stages/invitation/models.py msgid "Optional fixed data to enforce on user enrollment." -msgstr "Data fixa opcional para ser imposta na inscrição de utilizadores" +msgstr "Data fixa opcional para ser imposta na inscrição de utilizadores." -#: authentik/stages/invitation/models.py:72 +#: authentik/stages/invitation/models.py msgid "Invitation" msgstr "Convite" -#: authentik/stages/invitation/models.py:73 +#: authentik/stages/invitation/models.py msgid "Invitations" msgstr "Convites" -#: authentik/stages/password/models.py:20 +#: authentik/stages/invitation/stage.py +msgid "Invalid invite/invite not found" +msgstr "Convite inválido/não encontrado." + +#: authentik/stages/password/models.py msgid "User database + standard password" msgstr "Base de dados de utilizadores + palavra-passe padrão" -#: authentik/stages/password/models.py:24 +#: authentik/stages/password/models.py msgid "User database + app passwords" msgstr "Base de dados de utilizadores + palavras-passe de aplicação" -#: authentik/stages/password/models.py:28 +#: authentik/stages/password/models.py msgid "User database + LDAP password" msgstr "Base de dados de utilizadores + palavras-passe LDAP" -#: authentik/stages/password/models.py:38 +#: authentik/stages/password/models.py +msgid "User database + Kerberos password" +msgstr "" + +#: authentik/stages/password/models.py msgid "Selection of backends to test the password against." msgstr "Seleção de back-ends contra os quais é testada a palavra-passe." -#: authentik/stages/password/models.py:78 +#: authentik/stages/password/models.py +msgid "" +"How many attempts a user has before the flow is canceled. To lock the user " +"out, use a reputation policy and a user_write stage." +msgstr "" +"O número de tentativas que o utilizador tem antes do fluxo ser cancelado. " +"Para bloquear um utilizador, use uma política de reputação ou uma etapa " +"user_write." + +#: authentik/stages/password/models.py +msgid "" +"When enabled, provides a 'show password' button with the password input " +"field." +msgstr "" + +#: authentik/stages/password/models.py msgid "Password Stage" msgstr "Etapa de Palavra-Passe" -#: authentik/stages/password/models.py:79 +#: authentik/stages/password/models.py msgid "Password Stages" msgstr "Etapas de Palavra-Passe" -#: authentik/stages/password/stage.py:152 +#: authentik/stages/password/stage.py msgid "Invalid password" msgstr "Palavra-passe inválida" -#: authentik/stages/prompt/models.py:29 +#: authentik/stages/prompt/models.py msgid "Text: Simple Text input" msgstr "Texto: entrada de Texto Simples" -#: authentik/stages/prompt/models.py:32 +#: authentik/stages/prompt/models.py +msgid "Text area: Multiline Text Input." +msgstr "Área de texto: Entrada de Texto Multilinha." + +#: authentik/stages/prompt/models.py msgid "Text (read-only): Simple Text input, but cannot be edited." msgstr "" "Texto (só de leitura): entrada de Texto Simples, mas que não pode ser " "editado." -#: authentik/stages/prompt/models.py:39 +#: authentik/stages/prompt/models.py +msgid "Text area (read-only): Multiline Text input, but cannot be edited." +msgstr "" +"Área de texto (só de leitura): Entrada de Texto Multilinha, mas que não pode" +" ser editado." + +#: authentik/stages/prompt/models.py +msgid "" +"Username: Same as Text input, but checks for and prevents duplicate " +"usernames." +msgstr "" +"Nome de utilizador: Idêntico à entrada de Texto, mas com verificação e " +"prevenção de nomes de utilizadores duplicados." + +#: authentik/stages/prompt/models.py msgid "Email: Text field with Email type." msgstr "E-mail: Campo de texto do tipo E-mail." -#: authentik/stages/prompt/models.py:55 +#: authentik/stages/prompt/models.py +msgid "" +"Password: Masked input, multiple inputs of this type on the same prompt need" +" to be identical." +msgstr "" +"Palavra-passe: Entrada mascarada, entradas múltiplas deste tipo no mesmo " +"formulário necessitam de ser idênticas." + +#: authentik/stages/prompt/models.py +msgid "Fixed choice field rendered as a group of radio buttons." +msgstr "Campo de escolha fixa renderizado como um grupo de botões de opção." + +#: authentik/stages/prompt/models.py +msgid "Fixed choice field rendered as a dropdown." +msgstr "Campo de escolha fixa renderizado como um menu suspenso." + +#: authentik/stages/prompt/models.py +msgid "" +"File: File upload for arbitrary files. File content will be available in " +"flow context as data-URI" +msgstr "" +"Ficheiro: Envio de ficheiro para ficheiros arbitrários. O conteúdo dos " +"ficheiros será disponibilizado no contexto do fluxo como um URI de dados." + +#: authentik/stages/prompt/models.py msgid "Separator: Static Separator Line" msgstr "Separador: Linha Separadora Estática" -#: authentik/stages/prompt/models.py:56 +#: authentik/stages/prompt/models.py msgid "Hidden: Hidden field, can be used to insert data into form." msgstr "" "Oculto: Campo oculto, pode ser utilizado para inserir dados no formulário." -#: authentik/stages/prompt/models.py:57 +#: authentik/stages/prompt/models.py msgid "Static: Static value, displayed as-is." msgstr "Estático: Valor estático, mostrado tal como é." -#: authentik/stages/prompt/models.py:66 +#: authentik/stages/prompt/models.py +msgid "authentik: Selection of locales authentik supports" +msgstr "authentik: Seleção de localizações suportadas" + +#: authentik/stages/prompt/models.py msgid "Name of the form field, also used to store the value" msgstr "Nome do campo do formulário, também utilizado para armazenar o valor." -#: authentik/stages/prompt/models.py:131 +#: authentik/stages/prompt/models.py +msgid "" +"Optionally provide a short hint that describes the expected input value. " +"When creating a fixed choice field, enable interpreting as expression and " +"return a list to return multiple choices." +msgstr "" +"Fornecer opcionalmente uma pequena pista que descreve o valor de entrada " +"esperado. Ao criar um campo de escolha fixa, ativar interpretação como " +"expressão e devolver uma lista que devolva escolhas múltiplas." + +#: authentik/stages/prompt/models.py +msgid "" +"Optionally pre-fill the input with an initial value. When creating a fixed " +"choice field, enable interpreting as expression and return a list to return " +"multiple default choices." +msgstr "" +"Pré-preencher opcionalmente a entrada com um valor inicial. Ao criar um " +"campo de escolha fixa, permitir a interpretação como expressão e retornar " +"uma lista que retorne múltiplas escolhas pré-definidas." + +#: authentik/stages/prompt/models.py msgid "Prompt" msgstr "Solicitação" -#: authentik/stages/prompt/models.py:132 +#: authentik/stages/prompt/models.py msgid "Prompts" msgstr "Solicitações" -#: authentik/stages/prompt/models.py:160 +#: authentik/stages/prompt/models.py msgid "Prompt Stage" msgstr "Etapa de Solicitação" -#: authentik/stages/prompt/models.py:161 +#: authentik/stages/prompt/models.py msgid "Prompt Stages" msgstr "Etapas de Solicitação" -#: authentik/stages/prompt/stage.py:94 +#: authentik/stages/prompt/stage.py msgid "Passwords don't match." msgstr "As palavras-passe não correspondem." -#: authentik/stages/user_delete/models.py:32 +#: authentik/stages/redirect/api.py +msgid "Target URL should be present when mode is Static." +msgstr "" + +#: authentik/stages/redirect/api.py +msgid "Target Flow should be present when mode is Flow." +msgstr "" + +#: authentik/stages/redirect/models.py +msgid "Redirect Stage" +msgstr "" + +#: authentik/stages/redirect/models.py +msgid "Redirect Stages" +msgstr "" + +#: authentik/stages/user_delete/models.py msgid "User Delete Stage" msgstr "Etapa de Eliminação de Utilizador" -#: authentik/stages/user_delete/models.py:33 +#: authentik/stages/user_delete/models.py msgid "User Delete Stages" msgstr "Etapas de Eliminação de Utilizador" -#: authentik/stages/user_delete/stage.py:24 +#: authentik/stages/user_delete/stage.py msgid "No Pending User." msgstr "Nenhum Utilizador Pendente." -#: authentik/stages/user_login/models.py:19 -msgid "" -"Determines how long a session lasts. Default of 0 means that the sessions " -"lasts until the browser is closed. (Format: hours=-1;minutes=-2;seconds=-3)" +#: authentik/stages/user_login/models.py +msgid "Bind sessions created by this stage to the configured network" msgstr "" -"Determina a duração de uma sessão. O valor por omissão de 0 significa que as" -" sessões duram até que o navegador seja fechado. (Formato: " -"hours=-1;minutes=-2;seconds=-3)" -#: authentik/stages/user_login/models.py:43 +#: authentik/stages/user_login/models.py +msgid "Bind sessions created by this stage to the configured GeoIP location" +msgstr "" + +#: authentik/stages/user_login/models.py +msgid "Terminate all other sessions of the user logging in." +msgstr "" + +#: authentik/stages/user_login/models.py +msgid "" +"Offset the session will be extended by when the user picks the remember me " +"option. Default of 0 means that the remember me option will not be shown. " +"(Format: hours=-1;minutes=-2;seconds=-3)" +msgstr "" + +#: authentik/stages/user_login/models.py msgid "User Login Stage" msgstr "Etapa de Início de Sessão de Utilizador" -#: authentik/stages/user_login/models.py:44 +#: authentik/stages/user_login/models.py msgid "User Login Stages" msgstr "Etapas de Início de Sessão de Utilizador" -#: authentik/stages/user_login/stage.py:29 +#: authentik/stages/user_login/stage.py msgid "No Pending user to login." msgstr "Nenhum utilizador pendente para iniciar sessão." -#: authentik/stages/user_login/stage.py:57 +#: authentik/stages/user_login/stage.py msgid "Successfully logged in!" msgstr "Início de sessão bem sucedido!" -#: authentik/stages/user_logout/models.py:31 +#: authentik/stages/user_logout/models.py msgid "User Logout Stage" msgstr "Etapa de Término de Sessão de Utilizador" -#: authentik/stages/user_logout/models.py:32 +#: authentik/stages/user_logout/models.py msgid "User Logout Stages" msgstr "Etapas de Término de Sessão de Utilizador" -#: authentik/stages/user_write/models.py:18 +#: authentik/stages/user_write/models.py msgid "When set, newly created users are inactive and cannot login." msgstr "" "Quando definido, os utilizadores recém-criados ficam inativos e são " "incapazes de iniciar sessão." -#: authentik/stages/user_write/models.py:26 +#: authentik/stages/user_write/models.py msgid "Optionally add newly created users to this group." msgstr "Opcionalmente adicionar utilizadores recém-criados a este grupo." -#: authentik/stages/user_write/models.py:47 +#: authentik/stages/user_write/models.py msgid "User Write Stage" msgstr "Etapa de Escrita de Utilizador" -#: authentik/stages/user_write/models.py:48 +#: authentik/stages/user_write/models.py msgid "User Write Stages" msgstr "Etapas de Escrita de Utilizador" -#: authentik/stages/user_write/stage.py:53 +#: authentik/stages/user_write/stage.py msgid "No Pending data." msgstr "Nenhum dado pendente." -#: authentik/tenants/models.py:18 -msgid "" -"Domain that activates this tenant. Can be a superset, i.e. `a.b` for `aa.b` " -"and `ba.b`" +#: authentik/stages/user_write/stage.py +msgid "No user found and can't create new user." msgstr "" -"Domínio que ativa este inquilino. Pode ser um superconjunto, ou seja, `a.b` " -"para `aa.b` e `ba.b`" -#: authentik/tenants/models.py:70 +#: authentik/stages/user_write/stage.py +msgid "Failed to update user. Please try again later." +msgstr "" + +#: authentik/tenants/models.py +msgid "" +"Schema name must start with t_, only contain lowercase letters and numbers " +"and be less than 63 characters." +msgstr "" + +#: authentik/tenants/models.py +msgid "Configure how authentik should show avatars for users." +msgstr "" + +#: authentik/tenants/models.py +msgid "Enable the ability for users to change their name." +msgstr "" + +#: authentik/tenants/models.py +msgid "Enable the ability for users to change their email address." +msgstr "" + +#: authentik/tenants/models.py +msgid "Enable the ability for users to change their username." +msgstr "" + +#: authentik/tenants/models.py +msgid "" +"Events will be deleted after this duration.(Format: " +"weeks=3;days=2;hours=3,seconds=2)." +msgstr "" + +#: authentik/tenants/models.py +msgid "Reputation cannot decrease lower than this value. Zero or negative." +msgstr "" + +#: authentik/tenants/models.py +msgid "Reputation cannot increase higher than this value. Zero or positive." +msgstr "" + +#: authentik/tenants/models.py +msgid "The option configures the footer links on the flow executor pages." +msgstr "" + +#: authentik/tenants/models.py +msgid "" +"When enabled, all the events caused by a user will be deleted upon the " +"user's deletion." +msgstr "" + +#: authentik/tenants/models.py +msgid "Globally enable/disable impersonation." +msgstr "" + +#: authentik/tenants/models.py +msgid "Require administrators to provide a reason for impersonating a user." +msgstr "" + +#: authentik/tenants/models.py +msgid "Default token duration" +msgstr "" + +#: authentik/tenants/models.py +msgid "Default token length" +msgstr "" + +#: authentik/tenants/models.py msgid "Tenant" msgstr "Inquilino" -#: authentik/tenants/models.py:71 +#: authentik/tenants/models.py msgid "Tenants" msgstr "Inquilinos" + +#: authentik/tenants/models.py +msgid "Domain" +msgstr "Domínio" + +#: authentik/tenants/models.py +msgid "Domains" +msgstr "" diff --git a/locale/ru/LC_MESSAGES/django.po b/locale/ru/LC_MESSAGES/django.po index 601d02b6cc..e251fe5baf 100644 --- a/locale/ru/LC_MESSAGES/django.po +++ b/locale/ru/LC_MESSAGES/django.po @@ -18,7 +18,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2025-04-23 09:00+0000\n" +"POT-Creation-Date: 2025-05-28 11:25+0000\n" "PO-Revision-Date: 2022-09-26 16:47+0000\n" "Last-Translator: Marc Schmitt, 2025\n" "Language-Team: Russian (https://app.transifex.com/authentik/teams/119923/ru/)\n" @@ -111,6 +111,10 @@ msgstr "" msgid "Web Certificate used by the authentik Core webserver." msgstr "Web Certificate используемый для authentik Core webserver." +#: authentik/brands/models.py +msgid "Certificates used for client authentication." +msgstr "" + #: authentik/brands/models.py msgid "Brand" msgstr "Бренд" @@ -669,6 +673,33 @@ msgstr "Конечные устройства" msgid "Verifying your browser..." msgstr "Проверка вашего браузера..." +#: authentik/enterprise/stages/mtls/models.py +msgid "" +"Configure certificate authorities to validate the certificate against. This " +"option has a higher priority than the `client_certificate` option on " +"`Brand`." +msgstr "" + +#: authentik/enterprise/stages/mtls/models.py +msgid "Mutual TLS Stage" +msgstr "" + +#: authentik/enterprise/stages/mtls/models.py +msgid "Mutual TLS Stages" +msgstr "" + +#: authentik/enterprise/stages/mtls/models.py +msgid "Permissions to pass Certificates for outposts." +msgstr "" + +#: authentik/enterprise/stages/mtls/stage.py +msgid "Certificate required but no certificate was given." +msgstr "" + +#: authentik/enterprise/stages/mtls/stage.py +msgid "No user found for certificate." +msgstr "" + #: authentik/enterprise/stages/source/models.py msgid "" "Amount of time a user can take to return from the source to continue the " @@ -1009,8 +1040,11 @@ msgid "Starting full provider sync" msgstr "Запуск полной синхронизации провайдера" #: authentik/lib/sync/outgoing/tasks.py -#, python-brace-format -msgid "Syncing page {page} of users" +msgid "Syncing users" +msgstr "" + +#: authentik/lib/sync/outgoing/tasks.py +msgid "Syncing groups" msgstr "" #: authentik/lib/sync/outgoing/tasks.py @@ -2430,6 +2464,12 @@ msgid "" "Active Directory" msgstr "" +#: authentik/sources/ldap/models.py +msgid "" +"Delete authentik users and groups which were previously supplied by this " +"source, but are now missing from it." +msgstr "" + #: authentik/sources/ldap/models.py msgid "LDAP Source" msgstr "Источник LDAP" @@ -2446,6 +2486,11 @@ msgstr "Сопоставление свойства LDAP источника" msgid "LDAP Source Property Mappings" msgstr "Сопоставление свойств LDAP источника" +#: authentik/sources/ldap/models.py +msgid "" +"Unique ID used while checking if this object still exists in the directory." +msgstr "" + #: authentik/sources/ldap/models.py msgid "User LDAP Source Connection" msgstr "" @@ -2842,6 +2887,11 @@ msgstr "Групповое подключение к источнику SAML" msgid "Group SAML Source Connections" msgstr "Групповые подключения к источнику SAML" +#: authentik/sources/saml/views.py +#, python-brace-format +msgid "Continue to {source_name}" +msgstr "" + #: authentik/sources/scim/models.py msgid "SCIM Source" msgstr "Источник SCIM" @@ -3219,6 +3269,10 @@ msgstr "Согласие пользователя" msgid "User Consents" msgstr "Согласия пользователя" +#: authentik/stages/consent/stage.py +msgid "Invalid consent token, re-showing prompt" +msgstr "" + #: authentik/stages/deny/models.py msgid "Deny Stage" msgstr "Этап отказа" @@ -3235,6 +3289,14 @@ msgstr "Фиктивный этап" msgid "Dummy Stages" msgstr "Фиктивные этапы" +#: authentik/stages/email/flow.py +msgid "Continue to confirm this email address." +msgstr "" + +#: authentik/stages/email/flow.py +msgid "Link was already used, please request a new link." +msgstr "" + #: authentik/stages/email/models.py msgid "Password Reset" msgstr "Сброс пароля" diff --git a/locale/tr/LC_MESSAGES/django.po b/locale/tr/LC_MESSAGES/django.po index 7e6c0de74b..515af471dd 100644 --- a/locale/tr/LC_MESSAGES/django.po +++ b/locale/tr/LC_MESSAGES/django.po @@ -13,7 +13,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2025-04-23 09:00+0000\n" +"POT-Creation-Date: 2025-05-28 11:25+0000\n" "PO-Revision-Date: 2022-09-26 16:47+0000\n" "Last-Translator: Jens L. , 2025\n" "Language-Team: Turkish (https://app.transifex.com/authentik/teams/119923/tr/)\n" @@ -107,6 +107,10 @@ msgstr "" msgid "Web Certificate used by the authentik Core webserver." msgstr "Authentik Core web sunucusu tarafından kullanılan Web Sertifikası." +#: authentik/brands/models.py +msgid "Certificates used for client authentication." +msgstr "" + #: authentik/brands/models.py msgid "Brand" msgstr "Marka" @@ -659,6 +663,33 @@ msgstr "Uç Nokta Cihazları" msgid "Verifying your browser..." msgstr "Tarayıcınız doğrulanıyor..." +#: authentik/enterprise/stages/mtls/models.py +msgid "" +"Configure certificate authorities to validate the certificate against. This " +"option has a higher priority than the `client_certificate` option on " +"`Brand`." +msgstr "" + +#: authentik/enterprise/stages/mtls/models.py +msgid "Mutual TLS Stage" +msgstr "" + +#: authentik/enterprise/stages/mtls/models.py +msgid "Mutual TLS Stages" +msgstr "" + +#: authentik/enterprise/stages/mtls/models.py +msgid "Permissions to pass Certificates for outposts." +msgstr "" + +#: authentik/enterprise/stages/mtls/stage.py +msgid "Certificate required but no certificate was given." +msgstr "" + +#: authentik/enterprise/stages/mtls/stage.py +msgid "No user found for certificate." +msgstr "" + #: authentik/enterprise/stages/source/models.py msgid "" "Amount of time a user can take to return from the source to continue the " @@ -1000,8 +1031,11 @@ msgid "Starting full provider sync" msgstr "Tam sağlayıcı senkronizasyonunu başlatma" #: authentik/lib/sync/outgoing/tasks.py -#, python-brace-format -msgid "Syncing page {page} of users" +msgid "Syncing users" +msgstr "" + +#: authentik/lib/sync/outgoing/tasks.py +msgid "Syncing groups" msgstr "" #: authentik/lib/sync/outgoing/tasks.py @@ -2430,6 +2464,12 @@ msgid "" "Active Directory" msgstr "" +#: authentik/sources/ldap/models.py +msgid "" +"Delete authentik users and groups which were previously supplied by this " +"source, but are now missing from it." +msgstr "" + #: authentik/sources/ldap/models.py msgid "LDAP Source" msgstr "LDAP Kaynağı" @@ -2446,6 +2486,11 @@ msgstr "LDAP Kaynak Özellik Eşlemesi" msgid "LDAP Source Property Mappings" msgstr "LDAP Kaynak Özellik Eşlemeleri" +#: authentik/sources/ldap/models.py +msgid "" +"Unique ID used while checking if this object still exists in the directory." +msgstr "" + #: authentik/sources/ldap/models.py msgid "User LDAP Source Connection" msgstr "" @@ -2837,6 +2882,11 @@ msgstr "Grup SAML Kaynak Bağlantısı" msgid "Group SAML Source Connections" msgstr "Grup SAML Kaynak Bağlantıları" +#: authentik/sources/saml/views.py +#, python-brace-format +msgid "Continue to {source_name}" +msgstr "" + #: authentik/sources/scim/models.py msgid "SCIM Source" msgstr "SCIM Kaynak" @@ -3211,6 +3261,10 @@ msgstr "Kullanıcı Onayı" msgid "User Consents" msgstr "Kullanıcı Onayları" +#: authentik/stages/consent/stage.py +msgid "Invalid consent token, re-showing prompt" +msgstr "" + #: authentik/stages/deny/models.py msgid "Deny Stage" msgstr "Aşama Alanını Reddet" @@ -3227,6 +3281,14 @@ msgstr "Kukla Aşaması" msgid "Dummy Stages" msgstr "Kukla Aşamaları" +#: authentik/stages/email/flow.py +msgid "Continue to confirm this email address." +msgstr "" + +#: authentik/stages/email/flow.py +msgid "Link was already used, please request a new link." +msgstr "" + #: authentik/stages/email/models.py msgid "Password Reset" msgstr "Parola Sıfırlama" diff --git a/locale/zh-Hans/LC_MESSAGES/django.po b/locale/zh-Hans/LC_MESSAGES/django.po index 8cf414c79f..7bd9c4af90 100644 --- a/locale/zh-Hans/LC_MESSAGES/django.po +++ b/locale/zh-Hans/LC_MESSAGES/django.po @@ -15,7 +15,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2025-05-20 00:10+0000\n" +"POT-Creation-Date: 2025-05-28 11:25+0000\n" "PO-Revision-Date: 2022-09-26 16:47+0000\n" "Last-Translator: deluxghost, 2025\n" "Language-Team: Chinese Simplified (https://app.transifex.com/authentik/teams/119923/zh-Hans/)\n" @@ -975,9 +975,12 @@ msgid "Starting full provider sync" msgstr "开始全量提供程序同步" #: authentik/lib/sync/outgoing/tasks.py -#, python-brace-format -msgid "Syncing page {page} of users" -msgstr "正在同步用户页面 {page}" +msgid "Syncing users" +msgstr "" + +#: authentik/lib/sync/outgoing/tasks.py +msgid "Syncing groups" +msgstr "" #: authentik/lib/sync/outgoing/tasks.py #, python-brace-format @@ -2285,6 +2288,12 @@ msgid "" "Active Directory" msgstr "基于用户属性而非组属性查询组成员身份。这允许在 FreeIPA 或 Active Directory 等系统上支持嵌套组决策" +#: authentik/sources/ldap/models.py +msgid "" +"Delete authentik users and groups which were previously supplied by this " +"source, but are now missing from it." +msgstr "" + #: authentik/sources/ldap/models.py msgid "LDAP Source" msgstr "LDAP 源" @@ -2301,6 +2310,11 @@ msgstr "LDAP 源属性映射" msgid "LDAP Source Property Mappings" msgstr "LDAP 源属性映射" +#: authentik/sources/ldap/models.py +msgid "" +"Unique ID used while checking if this object still exists in the directory." +msgstr "" + #: authentik/sources/ldap/models.py msgid "User LDAP Source Connection" msgstr "用户 LDAP 源连接" @@ -2678,6 +2692,11 @@ msgstr "组 SAML 源连接" msgid "Group SAML Source Connections" msgstr "组 SAML 源连接" +#: authentik/sources/saml/views.py +#, python-brace-format +msgid "Continue to {source_name}" +msgstr "" + #: authentik/sources/scim/models.py msgid "SCIM Source" msgstr "SCIM 源" @@ -3044,6 +3063,10 @@ msgstr "用户同意授权" msgid "User Consents" msgstr "用户同意授权" +#: authentik/stages/consent/stage.py +msgid "Invalid consent token, re-showing prompt" +msgstr "" + #: authentik/stages/deny/models.py msgid "Deny Stage" msgstr "拒绝阶段" @@ -3060,6 +3083,14 @@ msgstr "虚拟阶段" msgid "Dummy Stages" msgstr "虚拟阶段" +#: authentik/stages/email/flow.py +msgid "Continue to confirm this email address." +msgstr "" + +#: authentik/stages/email/flow.py +msgid "Link was already used, please request a new link." +msgstr "" + #: authentik/stages/email/models.py msgid "Password Reset" msgstr "密码重置" diff --git a/locale/zh_CN/LC_MESSAGES/django.mo b/locale/zh_CN/LC_MESSAGES/django.mo index 1c4164729c..c2453d608e 100644 Binary files a/locale/zh_CN/LC_MESSAGES/django.mo and b/locale/zh_CN/LC_MESSAGES/django.mo differ diff --git a/locale/zh_CN/LC_MESSAGES/django.po b/locale/zh_CN/LC_MESSAGES/django.po index 9979ca8b05..61aacf409d 100644 --- a/locale/zh_CN/LC_MESSAGES/django.po +++ b/locale/zh_CN/LC_MESSAGES/django.po @@ -14,7 +14,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2025-05-20 00:10+0000\n" +"POT-Creation-Date: 2025-05-28 11:25+0000\n" "PO-Revision-Date: 2022-09-26 16:47+0000\n" "Last-Translator: deluxghost, 2025\n" "Language-Team: Chinese (China) (https://app.transifex.com/authentik/teams/119923/zh_CN/)\n" @@ -974,9 +974,12 @@ msgid "Starting full provider sync" msgstr "开始全量提供程序同步" #: authentik/lib/sync/outgoing/tasks.py -#, python-brace-format -msgid "Syncing page {page} of users" -msgstr "正在同步用户页面 {page}" +msgid "Syncing users" +msgstr "正在同步用户" + +#: authentik/lib/sync/outgoing/tasks.py +msgid "Syncing groups" +msgstr "正在同步组" #: authentik/lib/sync/outgoing/tasks.py #, python-brace-format @@ -2284,6 +2287,12 @@ msgid "" "Active Directory" msgstr "基于用户属性而非组属性查询组成员身份。这允许在 FreeIPA 或 Active Directory 等系统上支持嵌套组决策" +#: authentik/sources/ldap/models.py +msgid "" +"Delete authentik users and groups which were previously supplied by this " +"source, but are now missing from it." +msgstr "删除之前由此源提供,但现已缺失的用户和组。" + #: authentik/sources/ldap/models.py msgid "LDAP Source" msgstr "LDAP 源" @@ -2300,6 +2309,11 @@ msgstr "LDAP 源属性映射" msgid "LDAP Source Property Mappings" msgstr "LDAP 源属性映射" +#: authentik/sources/ldap/models.py +msgid "" +"Unique ID used while checking if this object still exists in the directory." +msgstr "检查此对象是否仍在目录中时使用的唯一 ID。" + #: authentik/sources/ldap/models.py msgid "User LDAP Source Connection" msgstr "用户 LDAP 源连接" @@ -2677,6 +2691,11 @@ msgstr "组 SAML 源连接" msgid "Group SAML Source Connections" msgstr "组 SAML 源连接" +#: authentik/sources/saml/views.py +#, python-brace-format +msgid "Continue to {source_name}" +msgstr "继续前往 {source_name}" + #: authentik/sources/scim/models.py msgid "SCIM Source" msgstr "SCIM 源" @@ -3043,6 +3062,10 @@ msgstr "用户同意授权" msgid "User Consents" msgstr "用户同意授权" +#: authentik/stages/consent/stage.py +msgid "Invalid consent token, re-showing prompt" +msgstr "无效的同意令牌,将重新显示输入" + #: authentik/stages/deny/models.py msgid "Deny Stage" msgstr "拒绝阶段" @@ -3059,6 +3082,14 @@ msgstr "虚拟阶段" msgid "Dummy Stages" msgstr "虚拟阶段" +#: authentik/stages/email/flow.py +msgid "Continue to confirm this email address." +msgstr "继续以确认电子邮件地址。" + +#: authentik/stages/email/flow.py +msgid "Link was already used, please request a new link." +msgstr "链接已被使用,请申请一个新链接。" + #: authentik/stages/email/models.py msgid "Password Reset" msgstr "密码重置" diff --git a/locale/zh_TW/LC_MESSAGES/django.po b/locale/zh_TW/LC_MESSAGES/django.po index 6777dcf7cf..b75a1d00ca 100644 --- a/locale/zh_TW/LC_MESSAGES/django.po +++ b/locale/zh_TW/LC_MESSAGES/django.po @@ -14,7 +14,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2025-04-23 09:00+0000\n" +"POT-Creation-Date: 2025-05-28 11:25+0000\n" "PO-Revision-Date: 2022-09-26 16:47+0000\n" "Last-Translator: 刘松, 2025\n" "Language-Team: Chinese (Taiwan) (https://app.transifex.com/authentik/teams/119923/zh_TW/)\n" @@ -101,6 +101,10 @@ msgstr "" msgid "Web Certificate used by the authentik Core webserver." msgstr "用於 authentik Core 網頁伺服器的網頁憑證。" +#: authentik/brands/models.py +msgid "Certificates used for client authentication." +msgstr "" + #: authentik/brands/models.py msgid "Brand" msgstr "品牌" @@ -625,6 +629,33 @@ msgstr "" msgid "Verifying your browser..." msgstr "" +#: authentik/enterprise/stages/mtls/models.py +msgid "" +"Configure certificate authorities to validate the certificate against. This " +"option has a higher priority than the `client_certificate` option on " +"`Brand`." +msgstr "" + +#: authentik/enterprise/stages/mtls/models.py +msgid "Mutual TLS Stage" +msgstr "" + +#: authentik/enterprise/stages/mtls/models.py +msgid "Mutual TLS Stages" +msgstr "" + +#: authentik/enterprise/stages/mtls/models.py +msgid "Permissions to pass Certificates for outposts." +msgstr "" + +#: authentik/enterprise/stages/mtls/stage.py +msgid "Certificate required but no certificate was given." +msgstr "" + +#: authentik/enterprise/stages/mtls/stage.py +msgid "No user found for certificate." +msgstr "" + #: authentik/enterprise/stages/source/models.py msgid "" "Amount of time a user can take to return from the source to continue the " @@ -943,8 +974,11 @@ msgid "Starting full provider sync" msgstr "開始同步所有提供程式" #: authentik/lib/sync/outgoing/tasks.py -#, python-brace-format -msgid "Syncing page {page} of users" +msgid "Syncing users" +msgstr "" + +#: authentik/lib/sync/outgoing/tasks.py +msgid "Syncing groups" msgstr "" #: authentik/lib/sync/outgoing/tasks.py @@ -2249,6 +2283,12 @@ msgid "" "Active Directory" msgstr "" +#: authentik/sources/ldap/models.py +msgid "" +"Delete authentik users and groups which were previously supplied by this " +"source, but are now missing from it." +msgstr "" + #: authentik/sources/ldap/models.py msgid "LDAP Source" msgstr "LDAP 來源" @@ -2265,6 +2305,11 @@ msgstr "" msgid "LDAP Source Property Mappings" msgstr "" +#: authentik/sources/ldap/models.py +msgid "" +"Unique ID used while checking if this object still exists in the directory." +msgstr "" + #: authentik/sources/ldap/models.py msgid "User LDAP Source Connection" msgstr "" @@ -2642,6 +2687,11 @@ msgstr "" msgid "Group SAML Source Connections" msgstr "" +#: authentik/sources/saml/views.py +#, python-brace-format +msgid "Continue to {source_name}" +msgstr "" + #: authentik/sources/scim/models.py msgid "SCIM Source" msgstr "SCIM 來源" @@ -2998,6 +3048,10 @@ msgstr "使用者同意" msgid "User Consents" msgstr "使用者同意" +#: authentik/stages/consent/stage.py +msgid "Invalid consent token, re-showing prompt" +msgstr "" + #: authentik/stages/deny/models.py msgid "Deny Stage" msgstr "拒絕階段" @@ -3014,6 +3068,14 @@ msgstr "假階段" msgid "Dummy Stages" msgstr "假階段" +#: authentik/stages/email/flow.py +msgid "Continue to confirm this email address." +msgstr "" + +#: authentik/stages/email/flow.py +msgid "Link was already used, please request a new link." +msgstr "" + #: authentik/stages/email/models.py msgid "Password Reset" msgstr "重設密碼" diff --git a/packages/eslint-config/package-lock.json b/packages/eslint-config/package-lock.json index 7f4d7ebf94..e625ce94f1 100644 --- a/packages/eslint-config/package-lock.json +++ b/packages/eslint-config/package-lock.json @@ -274,9 +274,9 @@ } }, "node_modules/@eslint/js": { - "version": "9.27.0", - "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.27.0.tgz", - "integrity": "sha512-G5JD9Tu5HJEu4z2Uo4aHY2sLV64B7CDMXxFzqzjl3NKd6RVzSXNoE80jk7Y0lJkTTkjiIhBAqmlYwjuBY3tvpA==", + "version": "9.28.0", + "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.28.0.tgz", + "integrity": "sha512-fnqSjGWd/CoIp4EXIxWVK/sHA6DOHN4+8Ix2cX5ycOY7LG0UY8nHCU5pIp2eaE1Mc7Qd8kHspYNzYXT2ojPLzg==", "license": "MIT", "engines": { "node": "^18.18.0 || ^20.9.0 || >=21.1.0" @@ -576,17 +576,17 @@ "license": "MIT" }, "node_modules/@typescript-eslint/eslint-plugin": { - "version": "8.32.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.32.1.tgz", - "integrity": "sha512-6u6Plg9nP/J1GRpe/vcjjabo6Uc5YQPAMxsgQyGC/I0RuukiG1wIe3+Vtg3IrSCVJDmqK3j8adrtzXSENRtFgg==", + "version": "8.33.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.33.0.tgz", + "integrity": "sha512-CACyQuqSHt7ma3Ns601xykeBK/rDeZa3w6IS6UtMQbixO5DWy+8TilKkviGDH6jtWCo8FGRKEK5cLLkPvEammQ==", "dev": true, "license": "MIT", "dependencies": { "@eslint-community/regexpp": "^4.10.0", - "@typescript-eslint/scope-manager": "8.32.1", - "@typescript-eslint/type-utils": "8.32.1", - "@typescript-eslint/utils": "8.32.1", - "@typescript-eslint/visitor-keys": "8.32.1", + "@typescript-eslint/scope-manager": "8.33.0", + "@typescript-eslint/type-utils": "8.33.0", + "@typescript-eslint/utils": "8.33.0", + "@typescript-eslint/visitor-keys": "8.33.0", "graphemer": "^1.4.0", "ignore": "^7.0.0", "natural-compare": "^1.4.0", @@ -600,15 +600,15 @@ "url": "https://opencollective.com/typescript-eslint" }, "peerDependencies": { - "@typescript-eslint/parser": "^8.0.0 || ^8.0.0-alpha.0", + "@typescript-eslint/parser": "^8.33.0", "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <5.9.0" } }, "node_modules/@typescript-eslint/eslint-plugin/node_modules/ignore": { - "version": "7.0.4", - "resolved": "https://registry.npmjs.org/ignore/-/ignore-7.0.4.tgz", - "integrity": "sha512-gJzzk+PQNznz8ysRrC0aOkBNVRBDtE1n53IqyqEf3PXrYwomFs5q4pGMizBMJF+ykh03insJ27hB8gSrD2Hn8A==", + "version": "7.0.5", + "resolved": "https://registry.npmjs.org/ignore/-/ignore-7.0.5.tgz", + "integrity": "sha512-Hs59xBNfUIunMFgWAbGX5cq6893IbWg4KnrjbYwX3tx0ztorVgTDA6B2sxf8ejHJ4wz8BqGUMYlnzNBer5NvGg==", "dev": true, "license": "MIT", "engines": { @@ -616,16 +616,16 @@ } }, "node_modules/@typescript-eslint/parser": { - "version": "8.32.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.32.1.tgz", - "integrity": "sha512-LKMrmwCPoLhM45Z00O1ulb6jwyVr2kr3XJp+G+tSEZcbauNnScewcQwtJqXDhXeYPDEjZ8C1SjXm015CirEmGg==", + "version": "8.33.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.33.0.tgz", + "integrity": "sha512-JaehZvf6m0yqYp34+RVnihBAChkqeH+tqqhS0GuX1qgPpwLvmTPheKEs6OeCK6hVJgXZHJ2vbjnC9j119auStQ==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/scope-manager": "8.32.1", - "@typescript-eslint/types": "8.32.1", - "@typescript-eslint/typescript-estree": "8.32.1", - "@typescript-eslint/visitor-keys": "8.32.1", + "@typescript-eslint/scope-manager": "8.33.0", + "@typescript-eslint/types": "8.33.0", + "@typescript-eslint/typescript-estree": "8.33.0", + "@typescript-eslint/visitor-keys": "8.33.0", "debug": "^4.3.4" }, "engines": { @@ -640,15 +640,16 @@ "typescript": ">=4.8.4 <5.9.0" } }, - "node_modules/@typescript-eslint/scope-manager": { - "version": "8.32.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.32.1.tgz", - "integrity": "sha512-7IsIaIDeZn7kffk7qXC3o6Z4UblZJKV3UBpkvRNpr5NSyLji7tvTcvmnMNYuYLyh26mN8W723xpo3i4MlD33vA==", + "node_modules/@typescript-eslint/project-service": { + "version": "8.33.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.33.0.tgz", + "integrity": "sha512-d1hz0u9l6N+u/gcrk6s6gYdl7/+pp8yHheRTqP6X5hVDKALEaTn8WfGiit7G511yueBEL3OpOEpD+3/MBdoN+A==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/types": "8.32.1", - "@typescript-eslint/visitor-keys": "8.32.1" + "@typescript-eslint/tsconfig-utils": "^8.33.0", + "@typescript-eslint/types": "^8.33.0", + "debug": "^4.3.4" }, "engines": { "node": "^18.18.0 || ^20.9.0 || >=21.1.0" @@ -658,15 +659,50 @@ "url": "https://opencollective.com/typescript-eslint" } }, - "node_modules/@typescript-eslint/type-utils": { - "version": "8.32.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.32.1.tgz", - "integrity": "sha512-mv9YpQGA8iIsl5KyUPi+FGLm7+bA4fgXaeRcFKRDRwDMu4iwrSHeDPipwueNXhdIIZltwCJv+NkxftECbIZWfA==", + "node_modules/@typescript-eslint/scope-manager": { + "version": "8.33.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.33.0.tgz", + "integrity": "sha512-LMi/oqrzpqxyO72ltP+dBSP6V0xiUb4saY7WLtxSfiNEBI8m321LLVFU9/QDJxjDQG9/tjSqKz/E3380TEqSTw==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/typescript-estree": "8.32.1", - "@typescript-eslint/utils": "8.32.1", + "@typescript-eslint/types": "8.33.0", + "@typescript-eslint/visitor-keys": "8.33.0" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, + "node_modules/@typescript-eslint/tsconfig-utils": { + "version": "8.33.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.33.0.tgz", + "integrity": "sha512-sTkETlbqhEoiFmGr1gsdq5HyVbSOF0145SYDJ/EQmXHtKViCaGvnyLqWFFHtEXoS0J1yU8Wyou2UGmgW88fEug==", + "dev": true, + "license": "MIT", + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + }, + "peerDependencies": { + "typescript": ">=4.8.4 <5.9.0" + } + }, + "node_modules/@typescript-eslint/type-utils": { + "version": "8.33.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.33.0.tgz", + "integrity": "sha512-lScnHNCBqL1QayuSrWeqAL5GmqNdVUQAAMTaCwdYEdWfIrSrOGzyLGRCHXcCixa5NK6i5l0AfSO2oBSjCjf4XQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "@typescript-eslint/typescript-estree": "8.33.0", + "@typescript-eslint/utils": "8.33.0", "debug": "^4.3.4", "ts-api-utils": "^2.1.0" }, @@ -683,9 +719,9 @@ } }, "node_modules/@typescript-eslint/types": { - "version": "8.32.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.32.1.tgz", - "integrity": "sha512-YmybwXUJcgGqgAp6bEsgpPXEg6dcCyPyCSr0CAAueacR/CCBi25G3V8gGQ2kRzQRBNol7VQknxMs9HvVa9Rvfg==", + "version": "8.33.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.33.0.tgz", + "integrity": "sha512-DKuXOKpM5IDT1FA2g9x9x1Ug81YuKrzf4mYX8FAVSNu5Wo/LELHWQyM1pQaDkI42bX15PWl0vNPt1uGiIFUOpg==", "dev": true, "license": "MIT", "engines": { @@ -697,14 +733,16 @@ } }, "node_modules/@typescript-eslint/typescript-estree": { - "version": "8.32.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.32.1.tgz", - "integrity": "sha512-Y3AP9EIfYwBb4kWGb+simvPaqQoT5oJuzzj9m0i6FCY6SPvlomY2Ei4UEMm7+FXtlNJbor80ximyslzaQF6xhg==", + "version": "8.33.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.33.0.tgz", + "integrity": "sha512-vegY4FQoB6jL97Tu/lWRsAiUUp8qJTqzAmENH2k59SJhw0Th1oszb9Idq/FyyONLuNqT1OADJPXfyUNOR8SzAQ==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/types": "8.32.1", - "@typescript-eslint/visitor-keys": "8.32.1", + "@typescript-eslint/project-service": "8.33.0", + "@typescript-eslint/tsconfig-utils": "8.33.0", + "@typescript-eslint/types": "8.33.0", + "@typescript-eslint/visitor-keys": "8.33.0", "debug": "^4.3.4", "fast-glob": "^3.3.2", "is-glob": "^4.0.3", @@ -763,16 +801,16 @@ } }, "node_modules/@typescript-eslint/utils": { - "version": "8.32.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.32.1.tgz", - "integrity": "sha512-DsSFNIgLSrc89gpq1LJB7Hm1YpuhK086DRDJSNrewcGvYloWW1vZLHBTIvarKZDcAORIy/uWNx8Gad+4oMpkSA==", + "version": "8.33.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.33.0.tgz", + "integrity": "sha512-lPFuQaLA9aSNa7D5u2EpRiqdAUhzShwGg/nhpBlc4GR6kcTABttCuyjFs8BcEZ8VWrjCBof/bePhP3Q3fS+Yrw==", "dev": true, "license": "MIT", "dependencies": { "@eslint-community/eslint-utils": "^4.7.0", - "@typescript-eslint/scope-manager": "8.32.1", - "@typescript-eslint/types": "8.32.1", - "@typescript-eslint/typescript-estree": "8.32.1" + "@typescript-eslint/scope-manager": "8.33.0", + "@typescript-eslint/types": "8.33.0", + "@typescript-eslint/typescript-estree": "8.33.0" }, "engines": { "node": "^18.18.0 || ^20.9.0 || >=21.1.0" @@ -787,13 +825,13 @@ } }, "node_modules/@typescript-eslint/visitor-keys": { - "version": "8.32.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.32.1.tgz", - "integrity": "sha512-ar0tjQfObzhSaW3C3QNmTc5ofj0hDoNQ5XWrCy6zDyabdr0TWhCkClp+rywGNj/odAFBVzzJrK4tEq5M4Hmu4w==", + "version": "8.33.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.33.0.tgz", + "integrity": "sha512-7RW7CMYoskiz5OOGAWjJFxgb7c5UNjTG292gYhWeOAcFmYCtVCSqjqSBj5zMhxbXo2JOW95YYrUWJfU0zrpaGQ==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/types": "8.32.1", + "@typescript-eslint/types": "8.33.0", "eslint-visitor-keys": "^4.2.0" }, "engines": { @@ -1513,9 +1551,9 @@ } }, "node_modules/eslint": { - "version": "9.27.0", - "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.27.0.tgz", - "integrity": "sha512-ixRawFQuMB9DZ7fjU3iGGganFDp3+45bPOdaRurcFHSXO1e/sYwUX/FtQZpLZJR6SjMoJH8hR2pPEAfDyCoU2Q==", + "version": "9.28.0", + "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.28.0.tgz", + "integrity": "sha512-ocgh41VhRlf9+fVpe7QKzwLj9c92fDiqOj8Y3Sd4/ZmVA4Btx4PlUYPq4pp9JDyupkf1upbEXecxL2mwNV7jPQ==", "license": "MIT", "dependencies": { "@eslint-community/eslint-utils": "^4.2.0", @@ -1524,7 +1562,7 @@ "@eslint/config-helpers": "^0.2.1", "@eslint/core": "^0.14.0", "@eslint/eslintrc": "^3.3.1", - "@eslint/js": "9.27.0", + "@eslint/js": "9.28.0", "@eslint/plugin-kit": "^0.3.1", "@humanfs/node": "^0.16.6", "@humanwhocodes/module-importer": "^1.0.1", @@ -3994,15 +4032,15 @@ } }, "node_modules/typescript-eslint": { - "version": "8.32.1", - "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.32.1.tgz", - "integrity": "sha512-D7el+eaDHAmXvrZBy1zpzSNIRqnCOrkwTgZxTu3MUqRWk8k0q9m9Ho4+vPf7iHtgUfrK/o8IZaEApsxPlHTFCg==", + "version": "8.33.0", + "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.33.0.tgz", + "integrity": "sha512-5YmNhF24ylCsvdNW2oJwMzTbaeO4bg90KeGtMjUw0AGtHksgEPLRTUil+coHwCfiu4QjVJFnjp94DmU6zV7DhQ==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/eslint-plugin": "8.32.1", - "@typescript-eslint/parser": "8.32.1", - "@typescript-eslint/utils": "8.32.1" + "@typescript-eslint/eslint-plugin": "8.33.0", + "@typescript-eslint/parser": "8.33.0", + "@typescript-eslint/utils": "8.33.0" }, "engines": { "node": "^18.18.0 || ^20.9.0 || >=21.1.0" diff --git a/pyproject.toml b/pyproject.toml index 5f65900fe1..1179646859 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -6,7 +6,7 @@ authors = [{ name = "authentik Team", email = "hello@goauthentik.io" }] requires-python = "==3.13.*" dependencies = [ "argon2-cffi==23.1.0", - "celery==5.5.2", + "celery==5.5.3", "channels==4.2.2", "channels-redis==4.2.1", "cron-converter==1.2.1", @@ -46,7 +46,7 @@ dependencies = [ "kubernetes==32.0.1", "ldap3==2.9.1", "lxml==5.4.0", - "msgraph-sdk==1.30.0", + "msgraph-sdk==1.31.0", "opencontainers==0.0.14", "packaging==25.0", "paramiko==3.5.1", @@ -62,15 +62,15 @@ dependencies = [ "sentry-sdk==2.29.1", "service-identity==24.2.0", "setproctitle==1.3.6", - "structlog==25.3.0", + "structlog==25.4.0", "swagger-spec-validator==3.0.4", "tenacity==9.1.2", "tenant-schemas-celery==4.0.1", - "twilio==9.6.1", + "twilio==9.6.2", "ua-parser==1.0.1", "unidecode==1.4.0", "urllib3<3", - "uvicorn[standard]==0.34.2", + "uvicorn[standard]==0.34.3", "watchdog==6.0.0", "webauthn==2.5.2", "wsproto==1.2.0", diff --git a/schema.yml b/schema.yml index d601991f79..9e21eb0a2e 100644 --- a/schema.yml +++ b/schema.yml @@ -28475,6 +28475,10 @@ paths: schema: type: string format: uuid + - in: query + name: delete_not_found_objects + schema: + type: boolean - in: query name: enabled schema: @@ -28579,6 +28583,10 @@ paths: name: sync_users_password schema: type: boolean + - in: query + name: user_membership_attribute + schema: + type: string - in: query name: user_object_filter schema: @@ -48204,6 +48212,9 @@ components: group_membership_field: type: string description: Field which contains members of a group. + user_membership_attribute: + type: string + description: Attribute which matches the value of `group_membership_field`. object_uniqueness_field: type: string description: Field which contains a unique Identifier. @@ -48237,6 +48248,10 @@ components: description: Lookup group membership based on a user attribute instead of a group attribute. This allows nested group resolution on systems like FreeIPA and Active Directory + delete_not_found_objects: + type: boolean + description: Delete authentik users and groups which were previously supplied + by this source, but are now missing from it. required: - base_dn - component @@ -48413,6 +48428,10 @@ components: type: string minLength: 1 description: Field which contains members of a group. + user_membership_attribute: + type: string + minLength: 1 + description: Attribute which matches the value of `group_membership_field`. object_uniqueness_field: type: string minLength: 1 @@ -48438,6 +48457,10 @@ components: description: Lookup group membership based on a user attribute instead of a group attribute. This allows nested group resolution on systems like FreeIPA and Active Directory + delete_not_found_objects: + type: boolean + description: Delete authentik users and groups which were previously supplied + by this source, but are now missing from it. required: - base_dn - name @@ -53771,6 +53794,10 @@ components: type: string minLength: 1 description: Field which contains members of a group. + user_membership_attribute: + type: string + minLength: 1 + description: Attribute which matches the value of `group_membership_field`. object_uniqueness_field: type: string minLength: 1 @@ -53796,6 +53823,10 @@ components: description: Lookup group membership based on a user attribute instead of a group attribute. This allows nested group resolution on systems like FreeIPA and Active Directory + delete_not_found_objects: + type: boolean + description: Delete authentik users and groups which were previously supplied + by this source, but are now missing from it. PatchedLicenseRequest: type: object description: License Serializer diff --git a/scripts/api-ts-templates/tsconfig.esm.mustache b/scripts/api-ts-templates/tsconfig.esm.mustache new file mode 100644 index 0000000000..2171201ff8 --- /dev/null +++ b/scripts/api-ts-templates/tsconfig.esm.mustache @@ -0,0 +1,7 @@ +{ + "$schema": "https://json.schemastore.org/tsconfig", + "extends": "./tsconfig.json", + "compilerOptions": { + "outDir": "dist/esm", + }, +} diff --git a/scripts/api-ts-templates/tsconfig.mustache b/scripts/api-ts-templates/tsconfig.mustache new file mode 100644 index 0000000000..a7fe768924 --- /dev/null +++ b/scripts/api-ts-templates/tsconfig.mustache @@ -0,0 +1,23 @@ +{ + "$schema": "https://json.schemastore.org/tsconfig", + "compilerOptions": { + "composite": true, + "isolatedModules": true, + "incremental": true, + "baseUrl": ".", + "rootDir": "src", + "strict": true, + "newLine": "lf", + "target": "ESNext", + "module": "ESNext", + "moduleResolution": "bundler", + "outDir": "dist", + "skipDefaultLibCheck": true, + "skipLibCheck": true, + "sourceMap": true, + "declaration": true, + "declarationMap": true, + "lib": ["DOM", "DOM.Iterable", "ESNext"], + }, + "exclude": ["node_modules", "./out/**/*", "./dist/**/*"], +} diff --git a/tests/e2e/docker-compose.yml b/tests/e2e/docker-compose.yml index d0d1ecd171..25d0ade7b5 100644 --- a/tests/e2e/docker-compose.yml +++ b/tests/e2e/docker-compose.yml @@ -1,5 +1,6 @@ services: chrome: + platform: linux/x86_64 image: docker.io/selenium/standalone-chrome:136.0 volumes: - /dev/shm:/dev/shm diff --git a/tests/e2e/test_flows_enroll.py b/tests/e2e/test_flows_enroll.py index 1e90495e48..836c922973 100644 --- a/tests/e2e/test_flows_enroll.py +++ b/tests/e2e/test_flows_enroll.py @@ -10,6 +10,7 @@ from authentik.blueprints.tests import apply_blueprint from authentik.core.models import User from authentik.flows.models import Flow from authentik.lib.config import CONFIG +from authentik.lib.generators import generate_id from authentik.stages.identification.models import IdentificationStage from tests.e2e.utils import SeleniumTestCase, retry @@ -17,6 +18,10 @@ from tests.e2e.utils import SeleniumTestCase, retry class TestFlowsEnroll(SeleniumTestCase): """Test Enroll flow""" + def setUp(self): + super().setUp() + self.username = generate_id() + @retry() @apply_blueprint( "default/flow-default-authentication-flow.yaml", @@ -39,8 +44,8 @@ class TestFlowsEnroll(SeleniumTestCase): self.initial_stages() sleep(2) - user = User.objects.get(username="foo") - self.assertEqual(user.username, "foo") + user = User.objects.get(username=self.username) + self.assertEqual(user.username, self.username) self.assertEqual(user.name, "some name") self.assertEqual(user.email, "foo@bar.baz") @@ -87,7 +92,16 @@ class TestFlowsEnroll(SeleniumTestCase): sleep(2) - self.assert_user(User.objects.get(username="foo")) + flow_executor = self.get_shadow_root("ak-flow-executor") + consent_stage = self.get_shadow_root("ak-stage-consent", flow_executor) + consent_stage.find_element( + By.CSS_SELECTOR, + "[type=submit]", + ).click() + + self.wait_for_url(self.if_user_url()) + + self.assert_user(User.objects.get(username=self.username)) def initial_stages(self): """Fill out initial stages""" @@ -105,7 +119,7 @@ class TestFlowsEnroll(SeleniumTestCase): wait = WebDriverWait(prompt_stage, self.wait_timeout) wait.until(ec.presence_of_element_located((By.CSS_SELECTOR, "input[name=username]"))) - prompt_stage.find_element(By.CSS_SELECTOR, "input[name=username]").send_keys("foo") + prompt_stage.find_element(By.CSS_SELECTOR, "input[name=username]").send_keys(self.username) prompt_stage.find_element(By.CSS_SELECTOR, "input[name=password]").send_keys( self.user.username ) @@ -124,3 +138,82 @@ class TestFlowsEnroll(SeleniumTestCase): prompt_stage.find_element(By.CSS_SELECTOR, "input[name=name]").send_keys("some name") prompt_stage.find_element(By.CSS_SELECTOR, "input[name=email]").send_keys("foo@bar.baz") prompt_stage.find_element(By.CSS_SELECTOR, ".pf-c-button").click() + + @retry() + @apply_blueprint( + "default/flow-default-authentication-flow.yaml", + "default/flow-default-invalidation-flow.yaml", + ) + @apply_blueprint( + "example/flows-enrollment-email-verification.yaml", + ) + @CONFIG.patch("email.port", 1025) + def test_enroll_email_pretend_email_scanner(self): + """Test enroll with Email verification. Open the email link twice to pretend we have an + email scanner that clicks on links""" + # Attach enrollment flow to identification stage + ident_stage: IdentificationStage = IdentificationStage.objects.get( + name="default-authentication-identification" + ) + ident_stage.enrollment_flow = Flow.objects.get(slug="default-enrollment-flow") + ident_stage.save() + + self.driver.get(self.live_server_url) + self.initial_stages() + + # Email stage + flow_executor = self.get_shadow_root("ak-flow-executor") + email_stage = self.get_shadow_root("ak-stage-email", flow_executor) + + wait = WebDriverWait(email_stage, self.wait_timeout) + + # Wait for the success message so we know the email is sent + wait.until(ec.presence_of_element_located((By.CSS_SELECTOR, ".pf-c-form p"))) + + # Open Mailpit + self.driver.get("http://localhost:8025") + + # Click on first message + self.wait.until(ec.presence_of_element_located((By.CLASS_NAME, "message"))) + self.driver.find_element(By.CLASS_NAME, "message").click() + self.driver.switch_to.frame(self.driver.find_element(By.ID, "preview-html")) + confirmation_link = self.driver.find_element(By.ID, "confirm").get_attribute("href") + + main_tab = self.driver.current_window_handle + + self.driver.switch_to.new_window("tab") + confirm_tab = self.driver.current_window_handle + + # On the new tab, check that we have the confirmation screen + self.driver.get(confirmation_link) + self.wait.until(ec.presence_of_element_located((By.CSS_SELECTOR, "ak-flow-executor"))) + + flow_executor = self.get_shadow_root("ak-flow-executor") + consent_stage = self.get_shadow_root("ak-stage-consent", flow_executor) + + self.assertEqual( + "Continue to confirm this email address.", + consent_stage.find_element(By.CSS_SELECTOR, "#header-text").text, + ) + + # Back on the main tab, confirm + self.driver.switch_to.window(main_tab) + self.driver.get(confirmation_link) + + flow_executor = self.get_shadow_root("ak-flow-executor") + consent_stage = self.get_shadow_root("ak-stage-consent", flow_executor) + consent_stage.find_element( + By.CSS_SELECTOR, + "[type=submit]", + ).click() + + self.wait_for_url(self.if_user_url()) + sleep(2) + + self.assert_user(User.objects.get(username=self.username)) + + self.driver.switch_to.window(confirm_tab) + self.driver.refresh() + flow_executor = self.get_shadow_root("ak-flow-executor") + wait = WebDriverWait(flow_executor, self.wait_timeout) + wait.until(ec.presence_of_element_located((By.CSS_SELECTOR, "ak-stage-access-denied"))) diff --git a/tests/e2e/test_flows_recovery.py b/tests/e2e/test_flows_recovery.py index f5ccc3b200..15a60278bd 100644 --- a/tests/e2e/test_flows_recovery.py +++ b/tests/e2e/test_flows_recovery.py @@ -84,6 +84,14 @@ class TestFlowsRecovery(SeleniumTestCase): self.driver.switch_to.window(self.driver.window_handles[0]) sleep(2) + + flow_executor = self.get_shadow_root("ak-flow-executor") + consent_stage = self.get_shadow_root("ak-stage-consent", flow_executor) + consent_stage.find_element( + By.CSS_SELECTOR, + "[type=submit]", + ).click() + # We can now enter the new password flow_executor = self.get_shadow_root("ak-flow-executor") prompt_stage = self.get_shadow_root("ak-stage-prompt", flow_executor) diff --git a/tests/e2e/utils.py b/tests/e2e/utils.py index 3ed65d7a25..90db46e371 100644 --- a/tests/e2e/utils.py +++ b/tests/e2e/utils.py @@ -166,30 +166,35 @@ class SeleniumTestCase(DockerTestCase, StaticLiveServerTestCase): print("::group::authentik Logs", file=stderr) apps.get_app_config("authentik_tenants").ready() self.wait_timeout = 60 + self.logger = get_logger() self.driver = self._get_driver() self.driver.implicitly_wait(30) self.wait = WebDriverWait(self.driver, self.wait_timeout) - self.logger = get_logger() self.user = create_test_admin_user() super().setUp() def _get_driver(self) -> WebDriver: count = 0 - try: - opts = webdriver.ChromeOptions() - opts.add_argument("--disable-search-engine-choice-screen") - return webdriver.Chrome(options=opts) - except WebDriverException: - pass + opts = webdriver.ChromeOptions() + opts.add_argument("--disable-search-engine-choice-screen") + # This breaks selenium when running remotely...? + # opts.set_capability("goog:loggingPrefs", {"browser": "ALL"}) + opts.add_experimental_option( + "prefs", + { + "profile.password_manager_leak_detection": False, + }, + ) while count < RETRIES: try: driver = webdriver.Remote( command_executor="http://localhost:4444/wd/hub", - options=webdriver.ChromeOptions(), + options=opts, ) driver.maximize_window() return driver - except WebDriverException: + except WebDriverException as exc: + self.logger.warning("Failed to setup webdriver", exc=exc) count += 1 raise ValueError(f"Webdriver failed after {RETRIES}.") diff --git a/uv.lock b/uv.lock index 865b580d3a..f43f34805d 100644 --- a/uv.lock +++ b/uv.lock @@ -270,7 +270,7 @@ dev = [ [package.metadata] requires-dist = [ { name = "argon2-cffi", specifier = "==23.1.0" }, - { name = "celery", specifier = "==5.5.2" }, + { name = "celery", specifier = "==5.5.3" }, { name = "channels", specifier = "==4.2.2" }, { name = "channels-redis", specifier = "==4.2.1" }, { name = "cron-converter", specifier = "==1.2.1" }, @@ -310,7 +310,7 @@ requires-dist = [ { name = "kubernetes", specifier = "==32.0.1" }, { name = "ldap3", specifier = "==2.9.1" }, { name = "lxml", specifier = "==5.4.0" }, - { name = "msgraph-sdk", specifier = "==1.30.0" }, + { name = "msgraph-sdk", specifier = "==1.31.0" }, { name = "opencontainers", git = "https://github.com/vsoch/oci-python?rev=ceb4fcc090851717a3069d78e85ceb1e86c2740c" }, { name = "packaging", specifier = "==25.0" }, { name = "paramiko", specifier = "==3.5.1" }, @@ -326,15 +326,15 @@ requires-dist = [ { name = "sentry-sdk", specifier = "==2.29.1" }, { name = "service-identity", specifier = "==24.2.0" }, { name = "setproctitle", specifier = "==1.3.6" }, - { name = "structlog", specifier = "==25.3.0" }, + { name = "structlog", specifier = "==25.4.0" }, { name = "swagger-spec-validator", specifier = "==3.0.4" }, { name = "tenacity", specifier = "==9.1.2" }, { name = "tenant-schemas-celery", specifier = "==4.0.1" }, - { name = "twilio", specifier = "==9.6.1" }, + { name = "twilio", specifier = "==9.6.2" }, { name = "ua-parser", specifier = "==1.0.1" }, { name = "unidecode", specifier = "==1.4.0" }, { name = "urllib3", specifier = "<3" }, - { name = "uvicorn", extras = ["standard"], specifier = "==0.34.2" }, + { name = "uvicorn", extras = ["standard"], specifier = "==0.34.3" }, { name = "watchdog", specifier = "==6.0.0" }, { name = "webauthn", specifier = "==2.5.2" }, { name = "wsproto", specifier = "==1.2.0" }, @@ -653,7 +653,7 @@ wheels = [ [[package]] name = "celery" -version = "5.5.2" +version = "5.5.3" source = { registry = "https://pypi.org/simple" } dependencies = [ { name = "billiard" }, @@ -665,9 +665,9 @@ dependencies = [ { name = "python-dateutil" }, { name = "vine" }, ] -sdist = { url = "https://files.pythonhosted.org/packages/bf/03/5d9c6c449248958f1a5870e633a29d7419ff3724c452a98ffd22688a1a6a/celery-5.5.2.tar.gz", hash = "sha256:4d6930f354f9d29295425d7a37261245c74a32807c45d764bedc286afd0e724e", size = 1666892, upload-time = "2025-04-25T20:10:04.695Z" } +sdist = { url = "https://files.pythonhosted.org/packages/bb/7d/6c289f407d219ba36d8b384b42489ebdd0c84ce9c413875a8aae0c85f35b/celery-5.5.3.tar.gz", hash = "sha256:6c972ae7968c2b5281227f01c3a3f984037d21c5129d07bf3550cc2afc6b10a5", size = 1667144, upload-time = "2025-06-01T11:08:12.563Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/04/94/8e825ac1cf59d45d20c4345d4461e6b5263ae475f708d047c3dad0ac6401/celery-5.5.2-py3-none-any.whl", hash = "sha256:54425a067afdc88b57cd8d94ed4af2ffaf13ab8c7680041ac2c4ac44357bdf4c", size = 438626, upload-time = "2025-04-25T20:10:01.383Z" }, + { url = "https://files.pythonhosted.org/packages/c9/af/0dcccc7fdcdf170f9a1585e5e96b6fb0ba1749ef6be8c89a6202284759bd/celery-5.5.3-py3-none-any.whl", hash = "sha256:0b5761a07057acee94694464ca482416b959568904c9dfa41ce8413a7d65d525", size = 438775, upload-time = "2025-06-01T11:08:09.94Z" }, ] [[package]] @@ -2162,7 +2162,7 @@ wheels = [ [[package]] name = "msgraph-sdk" -version = "1.30.0" +version = "1.31.0" source = { registry = "https://pypi.org/simple" } dependencies = [ { name = "azure-identity" }, @@ -2172,9 +2172,9 @@ dependencies = [ { name = "microsoft-kiota-serialization-text" }, { name = "msgraph-core" }, ] -sdist = { url = "https://files.pythonhosted.org/packages/e9/4a/4ff19671f6ea06f98fb2405f73a90350e4719ccc692e85e9e0c2fa066826/msgraph_sdk-1.30.0.tar.gz", hash = "sha256:59e30af6d7244c9009146d620c331e169701b651317746b16f561e2e2452e73f", size = 6608744, upload-time = "2025-05-13T13:09:12.594Z" } +sdist = { url = "https://files.pythonhosted.org/packages/d3/1c/5afdf21f92840c7029f0fdb6c2ead7373b1fcdc3c4279fe556a2fc3702a2/msgraph_sdk-1.31.0.tar.gz", hash = "sha256:7ae5f29152251f61c1fc19cca6389dd03b0120b179ddf39d8ab8cdfed7952dba", size = 6626610, upload-time = "2025-05-20T13:15:08.062Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/70/95/451ec4db8a924274a1f7260809ea03fe9c2b446d84dc5238e92e49a1b522/msgraph_sdk-1.30.0-py3-none-any.whl", hash = "sha256:6748f5cdb5ddbcff9e4f3fb073dd0a604cb00e1cf285dd0fea6969c93ba8282f", size = 27140767, upload-time = "2025-05-13T13:09:07.718Z" }, + { url = "https://files.pythonhosted.org/packages/d9/b9/099b28478575126ec26bd61ff0931fb291263ac813afb8baf4b4cc30c6fc/msgraph_sdk-1.31.0-py3-none-any.whl", hash = "sha256:bb2edfe17c377f37bbf2e155fc915171763d49e1cf93b665bafd721a85220dc5", size = 27185846, upload-time = "2025-05-20T13:15:05.307Z" }, ] [[package]] @@ -3172,11 +3172,11 @@ wheels = [ [[package]] name = "structlog" -version = "25.3.0" +version = "25.4.0" source = { registry = "https://pypi.org/simple" } -sdist = { url = "https://files.pythonhosted.org/packages/ff/6a/b0b6d440e429d2267076c4819300d9929563b1da959cf1f68afbcd69fe45/structlog-25.3.0.tar.gz", hash = "sha256:8dab497e6f6ca962abad0c283c46744185e0c9ba900db52a423cb6db99f7abeb", size = 1367514, upload-time = "2025-04-25T16:00:39.167Z" } +sdist = { url = "https://files.pythonhosted.org/packages/79/b9/6e672db4fec07349e7a8a8172c1a6ae235c58679ca29c3f86a61b5e59ff3/structlog-25.4.0.tar.gz", hash = "sha256:186cd1b0a8ae762e29417095664adf1d6a31702160a46dacb7796ea82f7409e4", size = 1369138, upload-time = "2025-06-02T08:21:12.971Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/f5/52/7a2c7a317b254af857464da3d60a0d3730c44f912f8c510c76a738a207fd/structlog-25.3.0-py3-none-any.whl", hash = "sha256:a341f5524004c158498c3127eecded091eb67d3a611e7a3093deca30db06e172", size = 68240, upload-time = "2025-04-25T16:00:37.295Z" }, + { url = "https://files.pythonhosted.org/packages/a0/4a/97ee6973e3a73c74c8120d59829c3861ea52210667ec3e7a16045c62b64d/structlog-25.4.0-py3-none-any.whl", hash = "sha256:fe809ff5c27e557d14e613f45ca441aabda051d119ee5a0102aaba6ce40eed2c", size = 68720, upload-time = "2025-06-02T08:21:11.43Z" }, ] [[package]] @@ -3266,7 +3266,7 @@ wheels = [ [[package]] name = "twilio" -version = "9.6.1" +version = "9.6.2" source = { registry = "https://pypi.org/simple" } dependencies = [ { name = "aiohttp" }, @@ -3274,9 +3274,9 @@ dependencies = [ { name = "pyjwt" }, { name = "requests" }, ] -sdist = { url = "https://files.pythonhosted.org/packages/95/78/453ff0d35442c53490c22d077f580684a2352846c721d3e01f4c6dfa85bd/twilio-9.6.1.tar.gz", hash = "sha256:bb80b31d4d9e55c33872efef7fb99373149ed4093f21c56cf582797da45862f5", size = 987002, upload-time = "2025-05-13T09:56:55.183Z" } +sdist = { url = "https://files.pythonhosted.org/packages/fa/c9/441a07f6552f2b504812501d56c41bd85b02afeef6c23ab8baf41ed6c70e/twilio-9.6.2.tar.gz", hash = "sha256:5da13bb497e39ece34cb9f2b3bc911f3288928612748f7688b3bda262c2767a1", size = 1041300, upload-time = "2025-05-29T12:25:04.59Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/02/f4/36fe2566a3ad7f71a89fd28ea2ebb6b2aa05c3a4d5a55b3ca6c358768c6b/twilio-9.6.1-py2.py3-none-any.whl", hash = "sha256:441fdab61b9a204eef770368380b962cbf08dc0fe9f757fe4b1d63ced37ddeed", size = 1859407, upload-time = "2025-05-13T09:56:53.094Z" }, + { url = "https://files.pythonhosted.org/packages/67/91/382e83e5d205a7ae4325b66d40cd2fa6ce85526f2ed8fc553265e19abbe4/twilio-9.6.2-py2.py3-none-any.whl", hash = "sha256:8d4af6f42850734a921857df42940f7fed84e3e4a508d0d6bef5b9fb7dc08357", size = 1909253, upload-time = "2025-05-29T12:25:02.521Z" }, ] [[package]] @@ -3406,15 +3406,15 @@ socks = [ [[package]] name = "uvicorn" -version = "0.34.2" +version = "0.34.3" source = { registry = "https://pypi.org/simple" } dependencies = [ { name = "click" }, { name = "h11" }, ] -sdist = { url = "https://files.pythonhosted.org/packages/a6/ae/9bbb19b9e1c450cf9ecaef06463e40234d98d95bf572fab11b4f19ae5ded/uvicorn-0.34.2.tar.gz", hash = "sha256:0e929828f6186353a80b58ea719861d2629d766293b6d19baf086ba31d4f3328", size = 76815, upload-time = "2025-04-19T06:02:50.101Z" } +sdist = { url = "https://files.pythonhosted.org/packages/de/ad/713be230bcda622eaa35c28f0d328c3675c371238470abdea52417f17a8e/uvicorn-0.34.3.tar.gz", hash = "sha256:35919a9a979d7a59334b6b10e05d77c1d0d574c50e0fc98b8b1a0f165708b55a", size = 76631, upload-time = "2025-06-01T07:48:17.531Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/b1/4b/4cef6ce21a2aaca9d852a6e84ef4f135d99fcd74fa75105e2fc0c8308acd/uvicorn-0.34.2-py3-none-any.whl", hash = "sha256:deb49af569084536d269fe0a6d67e3754f104cf03aba7c11c40f01aadf33c403", size = 62483, upload-time = "2025-04-19T06:02:48.42Z" }, + { url = "https://files.pythonhosted.org/packages/6d/0d/8adfeaa62945f90d19ddc461c55f4a50c258af7662d34b6a3d5d1f8646f6/uvicorn-0.34.3-py3-none-any.whl", hash = "sha256:16246631db62bdfbf069b0645177d6e8a77ba950cfedbfd093acef9444e4d885", size = 62431, upload-time = "2025-06-01T07:48:15.664Z" }, ] [package.optional-dependencies] diff --git a/web/package-lock.json b/web/package-lock.json index bdb9fd8fa6..315977e81e 100644 --- a/web/package-lock.json +++ b/web/package-lock.json @@ -22,7 +22,7 @@ "@floating-ui/dom": "^1.6.11", "@formatjs/intl-listformat": "^7.7.11", "@fortawesome/fontawesome-free": "^6.6.0", - "@goauthentik/api": "^2025.4.1-1747687715", + "@goauthentik/api": "^2025.4.1-1748622869", "@lit/context": "^1.1.2", "@lit/localize": "^0.12.2", "@lit/reactive-element": "^2.0.4", @@ -31,7 +31,7 @@ "@open-wc/lit-helpers": "^0.7.0", "@patternfly/elements": "^4.1.0", "@patternfly/patternfly": "^4.224.2", - "@sentry/browser": "^9.22.0", + "@sentry/browser": "^9.24.0", "@spotlightjs/spotlight": "^2.13.3", "@webcomponents/webcomponentsjs": "^2.8.0", "base64-js": "^1.5.1", @@ -40,7 +40,7 @@ "chartjs-adapter-date-fns": "^3.0.0", "codemirror": "^6.0.1", "construct-style-sheets-polyfill": "^3.1.0", - "core-js": "^3.38.1", + "core-js": "^3.42.0", "country-flag-icons": "^1.5.19", "date-fns": "^4.1.0", "deepmerge-ts": "^7.1.5", @@ -81,6 +81,7 @@ "@storybook/addon-essentials": "^8.6.14", "@storybook/addon-links": "^8.6.14", "@storybook/blocks": "^8.6.12", + "@storybook/channels": "^8.6.14", "@storybook/experimental-addon-test": "^8.6.14", "@storybook/manager-api": "^8.6.14", "@storybook/test": "^8.6.14", @@ -103,11 +104,11 @@ "@wdio/spec-reporter": "^9.1.2", "@web/test-runner": "^0.20.2", "chromedriver": "^136.0.3", - "esbuild": "^0.25.4", + "esbuild": "^0.25.5", "esbuild-plugin-copy": "^2.1.1", "esbuild-plugin-polyfill-node": "^0.3.0", "esbuild-plugins-node-modules-polyfill": "^1.7.0", - "eslint": "^9.11.1", + "eslint": "^9.28.0", "eslint-plugin-lit": "^2.1.1", "eslint-plugin-wc": "^3.0.1", "github-slugger": "^2.0.0", @@ -122,7 +123,7 @@ "storybook-addon-mock": "^5.0.0", "turnstile-types": "^1.2.3", "typescript": "^5.8.3", - "typescript-eslint": "^8.32.1", + "typescript-eslint": "^8.33.0", "vite-plugin-lit-css": "^2.0.0", "vite-tsconfig-paths": "^5.0.1", "wireit": "^0.14.12" @@ -1024,9 +1025,9 @@ } }, "node_modules/@esbuild/aix-ppc64": { - "version": "0.25.4", - "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.25.4.tgz", - "integrity": "sha512-1VCICWypeQKhVbE9oW/sJaAmjLxhVqacdkvPLEjwlttjfwENRSClS8EjBz0KzRyFSCPDIkuXW34Je/vk7zdB7Q==", + "version": "0.25.5", + "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.25.5.tgz", + "integrity": "sha512-9o3TMmpmftaCMepOdA5k/yDw8SfInyzWWTjYTFCX3kPSDJMROQTb8jg+h9Cnwnmm1vOzvxN7gIfB5V2ewpjtGA==", "cpu": [ "ppc64" ], @@ -1041,9 +1042,9 @@ } }, "node_modules/@esbuild/android-arm": { - "version": "0.25.4", - "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.25.4.tgz", - "integrity": "sha512-QNdQEps7DfFwE3hXiU4BZeOV68HHzYwGd0Nthhd3uCkkEKK7/R6MTgM0P7H7FAs5pU/DIWsviMmEGxEoxIZ+ZQ==", + "version": "0.25.5", + "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.25.5.tgz", + "integrity": "sha512-AdJKSPeEHgi7/ZhuIPtcQKr5RQdo6OO2IL87JkianiMYMPbCtot9fxPbrMiBADOWWm3T2si9stAiVsGbTQFkbA==", "cpu": [ "arm" ], @@ -1058,9 +1059,9 @@ } }, "node_modules/@esbuild/android-arm64": { - "version": "0.25.4", - "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.25.4.tgz", - "integrity": "sha512-bBy69pgfhMGtCnwpC/x5QhfxAz/cBgQ9enbtwjf6V9lnPI/hMyT9iWpR1arm0l3kttTr4L0KSLpKmLp/ilKS9A==", + "version": "0.25.5", + "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.25.5.tgz", + "integrity": "sha512-VGzGhj4lJO+TVGV1v8ntCZWJktV7SGCs3Pn1GRWI1SBFtRALoomm8k5E9Pmwg3HOAal2VDc2F9+PM/rEY6oIDg==", "cpu": [ "arm64" ], @@ -1075,9 +1076,9 @@ } }, "node_modules/@esbuild/android-x64": { - "version": "0.25.4", - "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.25.4.tgz", - "integrity": "sha512-TVhdVtQIFuVpIIR282btcGC2oGQoSfZfmBdTip2anCaVYcqWlZXGcdcKIUklfX2wj0JklNYgz39OBqh2cqXvcQ==", + "version": "0.25.5", + "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.25.5.tgz", + "integrity": "sha512-D2GyJT1kjvO//drbRT3Hib9XPwQeWd9vZoBJn+bu/lVsOZ13cqNdDeqIF/xQ5/VmWvMduP6AmXvylO/PIc2isw==", "cpu": [ "x64" ], @@ -1092,9 +1093,9 @@ } }, "node_modules/@esbuild/darwin-arm64": { - "version": "0.25.4", - "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.25.4.tgz", - "integrity": "sha512-Y1giCfM4nlHDWEfSckMzeWNdQS31BQGs9/rouw6Ub91tkK79aIMTH3q9xHvzH8d0wDru5Ci0kWB8b3up/nl16g==", + "version": "0.25.5", + "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.25.5.tgz", + "integrity": "sha512-GtaBgammVvdF7aPIgH2jxMDdivezgFu6iKpmT+48+F8Hhg5J/sfnDieg0aeG/jfSvkYQU2/pceFPDKlqZzwnfQ==", "cpu": [ "arm64" ], @@ -1108,9 +1109,9 @@ } }, "node_modules/@esbuild/darwin-x64": { - "version": "0.25.4", - "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.25.4.tgz", - "integrity": "sha512-CJsry8ZGM5VFVeyUYB3cdKpd/H69PYez4eJh1W/t38vzutdjEjtP7hB6eLKBoOdxcAlCtEYHzQ/PJ/oU9I4u0A==", + "version": "0.25.5", + "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.25.5.tgz", + "integrity": "sha512-1iT4FVL0dJ76/q1wd7XDsXrSW+oLoquptvh4CLR4kITDtqi2e/xwXwdCVH8hVHU43wgJdsq7Gxuzcs6Iq/7bxQ==", "cpu": [ "x64" ], @@ -1125,9 +1126,9 @@ } }, "node_modules/@esbuild/freebsd-arm64": { - "version": "0.25.4", - "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.25.4.tgz", - "integrity": "sha512-yYq+39NlTRzU2XmoPW4l5Ifpl9fqSk0nAJYM/V/WUGPEFfek1epLHJIkTQM6bBs1swApjO5nWgvr843g6TjxuQ==", + "version": "0.25.5", + "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.25.5.tgz", + "integrity": "sha512-nk4tGP3JThz4La38Uy/gzyXtpkPW8zSAmoUhK9xKKXdBCzKODMc2adkB2+8om9BDYugz+uGV7sLmpTYzvmz6Sw==", "cpu": [ "arm64" ], @@ -1142,9 +1143,9 @@ } }, "node_modules/@esbuild/freebsd-x64": { - "version": "0.25.4", - "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.25.4.tgz", - "integrity": "sha512-0FgvOJ6UUMflsHSPLzdfDnnBBVoCDtBTVyn/MrWloUNvq/5SFmh13l3dvgRPkDihRxb77Y17MbqbCAa2strMQQ==", + "version": "0.25.5", + "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.25.5.tgz", + "integrity": "sha512-PrikaNjiXdR2laW6OIjlbeuCPrPaAl0IwPIaRv+SMV8CiM8i2LqVUHFC1+8eORgWyY7yhQY+2U2fA55mBzReaw==", "cpu": [ "x64" ], @@ -1159,9 +1160,9 @@ } }, "node_modules/@esbuild/linux-arm": { - "version": "0.25.4", - "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.25.4.tgz", - "integrity": "sha512-kro4c0P85GMfFYqW4TWOpvmF8rFShbWGnrLqlzp4X1TNWjRY3JMYUfDCtOxPKOIY8B0WC8HN51hGP4I4hz4AaQ==", + "version": "0.25.5", + "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.25.5.tgz", + "integrity": "sha512-cPzojwW2okgh7ZlRpcBEtsX7WBuqbLrNXqLU89GxWbNt6uIg78ET82qifUy3W6OVww6ZWobWub5oqZOVtwolfw==", "cpu": [ "arm" ], @@ -1176,9 +1177,9 @@ } }, "node_modules/@esbuild/linux-arm64": { - "version": "0.25.4", - "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.25.4.tgz", - "integrity": "sha512-+89UsQTfXdmjIvZS6nUnOOLoXnkUTB9hR5QAeLrQdzOSWZvNSAXAtcRDHWtqAUtAmv7ZM1WPOOeSxDzzzMogiQ==", + "version": "0.25.5", + "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.25.5.tgz", + "integrity": "sha512-Z9kfb1v6ZlGbWj8EJk9T6czVEjjq2ntSYLY2cw6pAZl4oKtfgQuS4HOq41M/BcoLPzrUbNd+R4BXFyH//nHxVg==", "cpu": [ "arm64" ], @@ -1192,9 +1193,9 @@ } }, "node_modules/@esbuild/linux-ia32": { - "version": "0.25.4", - "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.25.4.tgz", - "integrity": "sha512-yTEjoapy8UP3rv8dB0ip3AfMpRbyhSN3+hY8mo/i4QXFeDxmiYbEKp3ZRjBKcOP862Ua4b1PDfwlvbuwY7hIGQ==", + "version": "0.25.5", + "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.25.5.tgz", + "integrity": "sha512-sQ7l00M8bSv36GLV95BVAdhJ2QsIbCuCjh/uYrWiMQSUuV+LpXwIqhgJDcvMTj+VsQmqAHL2yYaasENvJ7CDKA==", "cpu": [ "ia32" ], @@ -1209,9 +1210,9 @@ } }, "node_modules/@esbuild/linux-loong64": { - "version": "0.25.4", - "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.25.4.tgz", - "integrity": "sha512-NeqqYkrcGzFwi6CGRGNMOjWGGSYOpqwCjS9fvaUlX5s3zwOtn1qwg1s2iE2svBe4Q/YOG1q6875lcAoQK/F4VA==", + "version": "0.25.5", + "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.25.5.tgz", + "integrity": "sha512-0ur7ae16hDUC4OL5iEnDb0tZHDxYmuQyhKhsPBV8f99f6Z9KQM02g33f93rNH5A30agMS46u2HP6qTdEt6Q1kg==", "cpu": [ "loong64" ], @@ -1226,9 +1227,9 @@ } }, "node_modules/@esbuild/linux-mips64el": { - "version": "0.25.4", - "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.25.4.tgz", - "integrity": "sha512-IcvTlF9dtLrfL/M8WgNI/qJYBENP3ekgsHbYUIzEzq5XJzzVEV/fXY9WFPfEEXmu3ck2qJP8LG/p3Q8f7Zc2Xg==", + "version": "0.25.5", + "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.25.5.tgz", + "integrity": "sha512-kB/66P1OsHO5zLz0i6X0RxlQ+3cu0mkxS3TKFvkb5lin6uwZ/ttOkP3Z8lfR9mJOBk14ZwZ9182SIIWFGNmqmg==", "cpu": [ "mips64el" ], @@ -1243,9 +1244,9 @@ } }, "node_modules/@esbuild/linux-ppc64": { - "version": "0.25.4", - "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.25.4.tgz", - "integrity": "sha512-HOy0aLTJTVtoTeGZh4HSXaO6M95qu4k5lJcH4gxv56iaycfz1S8GO/5Jh6X4Y1YiI0h7cRyLi+HixMR+88swag==", + "version": "0.25.5", + "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.25.5.tgz", + "integrity": "sha512-UZCmJ7r9X2fe2D6jBmkLBMQetXPXIsZjQJCjgwpVDz+YMcS6oFR27alkgGv3Oqkv07bxdvw7fyB71/olceJhkQ==", "cpu": [ "ppc64" ], @@ -1260,9 +1261,9 @@ } }, "node_modules/@esbuild/linux-riscv64": { - "version": "0.25.4", - "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.25.4.tgz", - "integrity": "sha512-i8JUDAufpz9jOzo4yIShCTcXzS07vEgWzyX3NH2G7LEFVgrLEhjwL3ajFE4fZI3I4ZgiM7JH3GQ7ReObROvSUA==", + "version": "0.25.5", + "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.25.5.tgz", + "integrity": "sha512-kTxwu4mLyeOlsVIFPfQo+fQJAV9mh24xL+y+Bm6ej067sYANjyEw1dNHmvoqxJUCMnkBdKpvOn0Ahql6+4VyeA==", "cpu": [ "riscv64" ], @@ -1277,9 +1278,9 @@ } }, "node_modules/@esbuild/linux-s390x": { - "version": "0.25.4", - "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.25.4.tgz", - "integrity": "sha512-jFnu+6UbLlzIjPQpWCNh5QtrcNfMLjgIavnwPQAfoGx4q17ocOU9MsQ2QVvFxwQoWpZT8DvTLooTvmOQXkO51g==", + "version": "0.25.5", + "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.25.5.tgz", + "integrity": "sha512-K2dSKTKfmdh78uJ3NcWFiqyRrimfdinS5ErLSn3vluHNeHVnBAFWC8a4X5N+7FgVE1EjXS1QDZbpqZBjfrqMTQ==", "cpu": [ "s390x" ], @@ -1294,9 +1295,9 @@ } }, "node_modules/@esbuild/linux-x64": { - "version": "0.25.4", - "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.25.4.tgz", - "integrity": "sha512-6e0cvXwzOnVWJHq+mskP8DNSrKBr1bULBvnFLpc1KY+d+irZSgZ02TGse5FsafKS5jg2e4pbvK6TPXaF/A6+CA==", + "version": "0.25.5", + "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.25.5.tgz", + "integrity": "sha512-uhj8N2obKTE6pSZ+aMUbqq+1nXxNjZIIjCjGLfsWvVpy7gKCOL6rsY1MhRh9zLtUtAI7vpgLMK6DxjO8Qm9lJw==", "cpu": [ "x64" ], @@ -1310,9 +1311,9 @@ } }, "node_modules/@esbuild/netbsd-arm64": { - "version": "0.25.4", - "resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.25.4.tgz", - "integrity": "sha512-vUnkBYxZW4hL/ie91hSqaSNjulOnYXE1VSLusnvHg2u3jewJBz3YzB9+oCw8DABeVqZGg94t9tyZFoHma8gWZQ==", + "version": "0.25.5", + "resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.25.5.tgz", + "integrity": "sha512-pwHtMP9viAy1oHPvgxtOv+OkduK5ugofNTVDilIzBLpoWAM16r7b/mxBvfpuQDpRQFMfuVr5aLcn4yveGvBZvw==", "cpu": [ "arm64" ], @@ -1327,9 +1328,9 @@ } }, "node_modules/@esbuild/netbsd-x64": { - "version": "0.25.4", - "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.25.4.tgz", - "integrity": "sha512-XAg8pIQn5CzhOB8odIcAm42QsOfa98SBeKUdo4xa8OvX8LbMZqEtgeWE9P/Wxt7MlG2QqvjGths+nq48TrUiKw==", + "version": "0.25.5", + "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.25.5.tgz", + "integrity": "sha512-WOb5fKrvVTRMfWFNCroYWWklbnXH0Q5rZppjq0vQIdlsQKuw6mdSihwSo4RV/YdQ5UCKKvBy7/0ZZYLBZKIbwQ==", "cpu": [ "x64" ], @@ -1344,9 +1345,9 @@ } }, "node_modules/@esbuild/openbsd-arm64": { - "version": "0.25.4", - "resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.25.4.tgz", - "integrity": "sha512-Ct2WcFEANlFDtp1nVAXSNBPDxyU+j7+tId//iHXU2f/lN5AmO4zLyhDcpR5Cz1r08mVxzt3Jpyt4PmXQ1O6+7A==", + "version": "0.25.5", + "resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.25.5.tgz", + "integrity": "sha512-7A208+uQKgTxHd0G0uqZO8UjK2R0DDb4fDmERtARjSHWxqMTye4Erz4zZafx7Di9Cv+lNHYuncAkiGFySoD+Mw==", "cpu": [ "arm64" ], @@ -1361,9 +1362,9 @@ } }, "node_modules/@esbuild/openbsd-x64": { - "version": "0.25.4", - "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.25.4.tgz", - "integrity": "sha512-xAGGhyOQ9Otm1Xu8NT1ifGLnA6M3sJxZ6ixylb+vIUVzvvd6GOALpwQrYrtlPouMqd/vSbgehz6HaVk4+7Afhw==", + "version": "0.25.5", + "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.25.5.tgz", + "integrity": "sha512-G4hE405ErTWraiZ8UiSoesH8DaCsMm0Cay4fsFWOOUcz8b8rC6uCvnagr+gnioEjWn0wC+o1/TAHt+It+MpIMg==", "cpu": [ "x64" ], @@ -1378,9 +1379,9 @@ } }, "node_modules/@esbuild/sunos-x64": { - "version": "0.25.4", - "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.25.4.tgz", - "integrity": "sha512-Mw+tzy4pp6wZEK0+Lwr76pWLjrtjmJyUB23tHKqEDP74R3q95luY/bXqXZeYl4NYlvwOqoRKlInQialgCKy67Q==", + "version": "0.25.5", + "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.25.5.tgz", + "integrity": "sha512-l+azKShMy7FxzY0Rj4RCt5VD/q8mG/e+mDivgspo+yL8zW7qEwctQ6YqKX34DTEleFAvCIUviCFX1SDZRSyMQA==", "cpu": [ "x64" ], @@ -1395,9 +1396,9 @@ } }, "node_modules/@esbuild/win32-arm64": { - "version": "0.25.4", - "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.25.4.tgz", - "integrity": "sha512-AVUP428VQTSddguz9dO9ngb+E5aScyg7nOeJDrF1HPYu555gmza3bDGMPhmVXL8svDSoqPCsCPjb265yG/kLKQ==", + "version": "0.25.5", + "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.25.5.tgz", + "integrity": "sha512-O2S7SNZzdcFG7eFKgvwUEZ2VG9D/sn/eIiz8XRZ1Q/DO5a3s76Xv0mdBzVM5j5R639lXQmPmSo0iRpHqUUrsxw==", "cpu": [ "arm64" ], @@ -1412,9 +1413,9 @@ } }, "node_modules/@esbuild/win32-ia32": { - "version": "0.25.4", - "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.25.4.tgz", - "integrity": "sha512-i1sW+1i+oWvQzSgfRcxxG2k4I9n3O9NRqy8U+uugaT2Dy7kLO9Y7wI72haOahxceMX8hZAzgGou1FhndRldxRg==", + "version": "0.25.5", + "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.25.5.tgz", + "integrity": "sha512-onOJ02pqs9h1iMJ1PQphR+VZv8qBMQ77Klcsqv9CNW2w6yLqoURLcgERAIurY6QE63bbLuqgP9ATqajFLK5AMQ==", "cpu": [ "ia32" ], @@ -1429,9 +1430,9 @@ } }, "node_modules/@esbuild/win32-x64": { - "version": "0.25.4", - "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.25.4.tgz", - "integrity": "sha512-nOT2vZNw6hJ+z43oP1SPea/G/6AbN6X+bGNhNuq8NtRHy4wsMhw765IKLNmnjek7GvjWBYQ8Q5VBoYTFg9y1UQ==", + "version": "0.25.5", + "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.25.5.tgz", + "integrity": "sha512-TXv6YnJ8ZMVdX+SXWVBo/0p8LTcrUYngpWjvm91TMjjBQii7Oz11Lw5lbDV5Y0TzuhSJHwiH4hEtC1I42mMS0g==", "cpu": [ "x64" ], @@ -1598,9 +1599,9 @@ } }, "node_modules/@eslint/js": { - "version": "9.27.0", - "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.27.0.tgz", - "integrity": "sha512-G5JD9Tu5HJEu4z2Uo4aHY2sLV64B7CDMXxFzqzjl3NKd6RVzSXNoE80jk7Y0lJkTTkjiIhBAqmlYwjuBY3tvpA==", + "version": "9.28.0", + "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.28.0.tgz", + "integrity": "sha512-fnqSjGWd/CoIp4EXIxWVK/sHA6DOHN4+8Ix2cX5ycOY7LG0UY8nHCU5pIp2eaE1Mc7Qd8kHspYNzYXT2ojPLzg==", "dev": true, "license": "MIT", "engines": { @@ -1705,10 +1706,24 @@ "node": ">=6" } }, + "node_modules/@gerrit0/mini-shiki": { + "version": "3.4.2", + "resolved": "https://registry.npmjs.org/@gerrit0/mini-shiki/-/mini-shiki-3.4.2.tgz", + "integrity": "sha512-3jXo5bNjvvimvdbIhKGfFxSnKCX+MA8wzHv55ptzk/cx8wOzT+BRcYgj8aFN3yTiTs+zvQQiaZFr7Jce1ZG3fw==", + "dev": true, + "license": "MIT", + "dependencies": { + "@shikijs/engine-oniguruma": "^3.4.2", + "@shikijs/langs": "^3.4.2", + "@shikijs/themes": "^3.4.2", + "@shikijs/types": "^3.4.2", + "@shikijs/vscode-textmate": "^10.0.2" + } + }, "node_modules/@goauthentik/api": { - "version": "2025.4.1-1747687715", - "resolved": "https://registry.npmjs.org/@goauthentik/api/-/api-2025.4.1-1747687715.tgz", - "integrity": "sha512-YN1iN+OYrBociCVT55AF4QsxFo4g7tk72QFHPXEkPGhBJC+x50h6lLW30S7FtfbEVRqYmvtBUsIW+iqHFhGvtA==" + "version": "2025.4.1-1748622869", + "resolved": "https://registry.npmjs.org/@goauthentik/api/-/api-2025.4.1-1748622869.tgz", + "integrity": "sha512-nH7+dQVA5yPoR4x0g3mct+M9VCwkBh/7ginUTwzb9O+Fj7HHGeAk/4xFC7Zy1oc6CIOHZbSMrOM5EdkEKE18Og==" }, "node_modules/@goauthentik/core": { "resolved": "packages/core", @@ -2636,25 +2651,6 @@ "langium": "3.0.0" } }, - "node_modules/@mole-inc/bin-wrapper": { - "version": "8.0.1", - "resolved": "https://registry.npmjs.org/@mole-inc/bin-wrapper/-/bin-wrapper-8.0.1.tgz", - "integrity": "sha512-sTGoeZnjI8N4KS+sW2AN95gDBErhAguvkw/tWdCjeM8bvxpz5lqrnd0vOJABA1A+Ic3zED7PYoLP/RANLgVotA==", - "dev": true, - "dependencies": { - "bin-check": "^4.1.0", - "bin-version-check": "^5.0.0", - "content-disposition": "^0.5.4", - "ext-name": "^5.0.0", - "file-type": "^17.1.6", - "filenamify": "^5.0.2", - "got": "^11.8.5", - "os-filter-obj": "^2.0.0" - }, - "engines": { - "node": "^12.20.0 || ^14.13.1 || >=16.0.0" - } - }, "node_modules/@napi-rs/nice": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/@napi-rs/nice/-/nice-1.0.1.tgz", @@ -4474,75 +4470,75 @@ "dev": true }, "node_modules/@sentry-internal/browser-utils": { - "version": "9.22.0", - "resolved": "https://registry.npmjs.org/@sentry-internal/browser-utils/-/browser-utils-9.22.0.tgz", - "integrity": "sha512-Ou1tBnVxFAIn8i9gvrWzRotNJQYiu3awNXpsFCw6qFwmiKAVPa6b13vCdolhXnrIiuR77jY1LQnKh9hXpoRzsg==", + "version": "9.24.0", + "resolved": "https://registry.npmjs.org/@sentry-internal/browser-utils/-/browser-utils-9.24.0.tgz", + "integrity": "sha512-fWIrHyui8KKufnbqhGyDvvr+u9wiOEEzxXEjs/CKp+6fa+jej6Mk8K+su1f/mz7R3HVzhxvht/gZ+y193uK4qw==", "license": "MIT", "dependencies": { - "@sentry/core": "9.22.0" + "@sentry/core": "9.24.0" }, "engines": { "node": ">=18" } }, "node_modules/@sentry-internal/feedback": { - "version": "9.22.0", - "resolved": "https://registry.npmjs.org/@sentry-internal/feedback/-/feedback-9.22.0.tgz", - "integrity": "sha512-zgMVkoC61fgi41zLcSZA59vOtKxcLrKBo1ECYhPD1hxEaneNqY5fhXDwlQBw96P5l2yqkgfX6YZtSdU4ejI9yA==", + "version": "9.24.0", + "resolved": "https://registry.npmjs.org/@sentry-internal/feedback/-/feedback-9.24.0.tgz", + "integrity": "sha512-Z9jQqKzRppwAEqiytLWNV8JOo52vlxcSGz52FjKx3KXG75PXwk0M3sBXh762WoGLisUIRLTp8LOk6304L/O8dg==", "license": "MIT", "dependencies": { - "@sentry/core": "9.22.0" + "@sentry/core": "9.24.0" }, "engines": { "node": ">=18" } }, "node_modules/@sentry-internal/replay": { - "version": "9.22.0", - "resolved": "https://registry.npmjs.org/@sentry-internal/replay/-/replay-9.22.0.tgz", - "integrity": "sha512-9GOycoKbrclcRXfcbNV8svbmAsOS5R4wXBQmKF4pFLkmFA/lJv9kdZSNYkRvkrxdNfbMIJXP+DV9EqTZcryXig==", + "version": "9.24.0", + "resolved": "https://registry.npmjs.org/@sentry-internal/replay/-/replay-9.24.0.tgz", + "integrity": "sha512-312wMPeQI8K2vO/lA/CF6Uv5UReoZC7RarsNUJEoOKa9Bq1BXWUq929oTHzu/2NDv194H2u3eqSGsSp6xiuKTw==", "license": "MIT", "dependencies": { - "@sentry-internal/browser-utils": "9.22.0", - "@sentry/core": "9.22.0" + "@sentry-internal/browser-utils": "9.24.0", + "@sentry/core": "9.24.0" }, "engines": { "node": ">=18" } }, "node_modules/@sentry-internal/replay-canvas": { - "version": "9.22.0", - "resolved": "https://registry.npmjs.org/@sentry-internal/replay-canvas/-/replay-canvas-9.22.0.tgz", - "integrity": "sha512-EcG9IMSEalFe49kowBTJObWjof/iHteDwpyuAszsFDdQUYATrVUtwpwN7o52vDYWJud4arhjrQnMamIGxa79eQ==", + "version": "9.24.0", + "resolved": "https://registry.npmjs.org/@sentry-internal/replay-canvas/-/replay-canvas-9.24.0.tgz", + "integrity": "sha512-506RdDF6iE8hMyzpzp9Vc0GM7kELxxs7UCoi/6KpvXFftcydWI3S2bru8dEZsxVoKh2hdle6SpbNgl+iPI0DSQ==", "license": "MIT", "dependencies": { - "@sentry-internal/replay": "9.22.0", - "@sentry/core": "9.22.0" + "@sentry-internal/replay": "9.24.0", + "@sentry/core": "9.24.0" }, "engines": { "node": ">=18" } }, "node_modules/@sentry/browser": { - "version": "9.22.0", - "resolved": "https://registry.npmjs.org/@sentry/browser/-/browser-9.22.0.tgz", - "integrity": "sha512-3TeRm74dvX0JdjX0AgkQa+22iUHwHnY+Q6M05NZ+tDeCNHGK/mEBTeqquS1oQX67jWyuvYmG3VV6RJUxtG9Paw==", + "version": "9.24.0", + "resolved": "https://registry.npmjs.org/@sentry/browser/-/browser-9.24.0.tgz", + "integrity": "sha512-RP+27/owvIqD4J0TibIHK1UcA7iObxLOXBEilDKjaJOZMLhv3JkpU8A+UI9pFzEYqeIGVDDaBzYgbCHrLWcoCA==", "license": "MIT", "dependencies": { - "@sentry-internal/browser-utils": "9.22.0", - "@sentry-internal/feedback": "9.22.0", - "@sentry-internal/replay": "9.22.0", - "@sentry-internal/replay-canvas": "9.22.0", - "@sentry/core": "9.22.0" + "@sentry-internal/browser-utils": "9.24.0", + "@sentry-internal/feedback": "9.24.0", + "@sentry-internal/replay": "9.24.0", + "@sentry-internal/replay-canvas": "9.24.0", + "@sentry/core": "9.24.0" }, "engines": { "node": ">=18" } }, "node_modules/@sentry/core": { - "version": "9.22.0", - "resolved": "https://registry.npmjs.org/@sentry/core/-/core-9.22.0.tgz", - "integrity": "sha512-ixvtKmPF42Y6ckGUbFlB54OWI75H2gO5UYHojO6eXFpS7xO3ZGgV/QH6wb40mWK+0w5XZ0233FuU9VpsuE6mKA==", + "version": "9.24.0", + "resolved": "https://registry.npmjs.org/@sentry/core/-/core-9.24.0.tgz", + "integrity": "sha512-uRWrB4Y49ZOWcDLCXqdjd2Fs6Onill0GQI+JgXMw7wa+i03+QRiQvUAUyde8O62jR4dvP3GDo9PDWnDNhi3z5A==", "license": "MIT", "engines": { "node": ">=18" @@ -4632,6 +4628,55 @@ "node": ">=14.18" } }, + "node_modules/@shikijs/engine-oniguruma": { + "version": "3.4.2", + "resolved": "https://registry.npmjs.org/@shikijs/engine-oniguruma/-/engine-oniguruma-3.4.2.tgz", + "integrity": "sha512-zcZKMnNndgRa3ORja6Iemsr3DrLtkX3cAF7lTJkdMB6v9alhlBsX9uNiCpqofNrXOvpA3h6lHcLJxgCIhVOU5Q==", + "dev": true, + "license": "MIT", + "dependencies": { + "@shikijs/types": "3.4.2", + "@shikijs/vscode-textmate": "^10.0.2" + } + }, + "node_modules/@shikijs/langs": { + "version": "3.4.2", + "resolved": "https://registry.npmjs.org/@shikijs/langs/-/langs-3.4.2.tgz", + "integrity": "sha512-H6azIAM+OXD98yztIfs/KH5H4PU39t+SREhmM8LaNXyUrqj2mx+zVkr8MWYqjceSjDw9I1jawm1WdFqU806rMA==", + "dev": true, + "license": "MIT", + "dependencies": { + "@shikijs/types": "3.4.2" + } + }, + "node_modules/@shikijs/themes": { + "version": "3.4.2", + "resolved": "https://registry.npmjs.org/@shikijs/themes/-/themes-3.4.2.tgz", + "integrity": "sha512-qAEuAQh+brd8Jyej2UDDf+b4V2g1Rm8aBIdvt32XhDPrHvDkEnpb7Kzc9hSuHUxz0Iuflmq7elaDuQAP9bHIhg==", + "dev": true, + "license": "MIT", + "dependencies": { + "@shikijs/types": "3.4.2" + } + }, + "node_modules/@shikijs/types": { + "version": "3.4.2", + "resolved": "https://registry.npmjs.org/@shikijs/types/-/types-3.4.2.tgz", + "integrity": "sha512-zHC1l7L+eQlDXLnxvM9R91Efh2V4+rN3oMVS2swCBssbj2U/FBwybD1eeLaq8yl/iwT+zih8iUbTBCgGZOYlVg==", + "dev": true, + "license": "MIT", + "dependencies": { + "@shikijs/vscode-textmate": "^10.0.2", + "@types/hast": "^3.0.4" + } + }, + "node_modules/@shikijs/vscode-textmate": { + "version": "10.0.2", + "resolved": "https://registry.npmjs.org/@shikijs/vscode-textmate/-/vscode-textmate-10.0.2.tgz", + "integrity": "sha512-83yeghZ2xxin3Nj8z1NMd/NCuca+gsYXswywDy5bHvwlWL8tpTQmzGeUuHd9FC3E/SBEMvzJRwWEOz5gGes9Qg==", + "dev": true, + "license": "MIT" + }, "node_modules/@sinclair/typebox": { "version": "0.27.8", "resolved": "https://registry.npmjs.org/@sinclair/typebox/-/typebox-0.27.8.tgz", @@ -4639,12 +4684,13 @@ "dev": true }, "node_modules/@sindresorhus/is": { - "version": "4.6.0", - "resolved": "https://registry.npmjs.org/@sindresorhus/is/-/is-4.6.0.tgz", - "integrity": "sha512-t09vSN3MdfsyCHoFcTRCH/iUtG7OJ0CsjzB8cjAmKc/va/kIgeDI/TxsigdncE/4be734m0cvIYwNaV4i2XqAw==", + "version": "5.6.0", + "resolved": "https://registry.npmjs.org/@sindresorhus/is/-/is-5.6.0.tgz", + "integrity": "sha512-TV7t8GKYaJWsn00tFDqBw8+Uqmr8A0fRU1tvTQhyZzGv0sJCGRQL3JGMI3ucuKo3XIZdUP+Lx7/gh2t3lewy7g==", "dev": true, + "license": "MIT", "engines": { - "node": ">=10" + "node": ">=14.16" }, "funding": { "url": "https://github.com/sindresorhus/is?sponsor=1" @@ -4983,16 +5029,17 @@ } }, "node_modules/@storybook/channels": { - "version": "8.3.5", - "resolved": "https://registry.npmjs.org/@storybook/channels/-/channels-8.3.5.tgz", - "integrity": "sha512-mITs8tdSKfjH31JIbQP0Ss5SBrcRS0nhDShZFL5WZ+CpS06zLS671u4kSHb57jfb/M8qie9i+lf4IK+UTKFTdQ==", + "version": "8.6.14", + "resolved": "https://registry.npmjs.org/@storybook/channels/-/channels-8.6.14.tgz", + "integrity": "sha512-vIpR+Yii1urfL+aVAIj4Wbfv/dbO8yfGd70LaIQSgHiFQqN2/BCrst65UfeQxLUVlFiKY70ll6ll3/2JFj3Cag==", "dev": true, + "license": "MIT", "funding": { "type": "opencollective", "url": "https://opencollective.com/storybook" }, "peerDependencies": { - "storybook": "^8.3.5" + "storybook": "^8.2.0 || ^8.3.0-0 || ^8.4.0-0 || ^8.5.0-0 || ^8.6.0-0" } }, "node_modules/@storybook/components": { @@ -5862,6 +5909,51 @@ "node": ">=12.20.0" } }, + "node_modules/@swc/cli": { + "version": "0.7.7", + "resolved": "https://registry.npmjs.org/@swc/cli/-/cli-0.7.7.tgz", + "integrity": "sha512-j4yYm9bx3pxWofaJKX1BFwj/3ngUDynN4UIQ2Xd2h0h/7Gt7zkReBTpDN7g5S13mgAYxacaTHTOUsz18097E8w==", + "dev": true, + "license": "MIT", + "dependencies": { + "@swc/counter": "^0.1.3", + "@xhmikosr/bin-wrapper": "^13.0.5", + "commander": "^8.3.0", + "fast-glob": "^3.2.5", + "minimatch": "^9.0.3", + "piscina": "^4.3.1", + "semver": "^7.3.8", + "slash": "3.0.0", + "source-map": "^0.7.3" + }, + "bin": { + "spack": "bin/spack.js", + "swc": "bin/swc.js", + "swcx": "bin/swcx.js" + }, + "engines": { + "node": ">= 16.14.0" + }, + "peerDependencies": { + "@swc/core": "^1.2.66", + "chokidar": "^4.0.1" + }, + "peerDependenciesMeta": { + "chokidar": { + "optional": true + } + } + }, + "node_modules/@swc/cli/node_modules/slash": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/slash/-/slash-3.0.0.tgz", + "integrity": "sha512-g9Q1haeby36OSStwb4ntCGGGaKsaVSjQ68fBxoQcutl5fS1vuY18H3wSt3jFyFtrkx+Kz0V1G85A4MyAdDMi2Q==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=8" + } + }, "node_modules/@swc/core": { "version": "1.11.29", "resolved": "https://registry.npmjs.org/@swc/core/-/core-1.11.29.tgz", @@ -6078,15 +6170,16 @@ } }, "node_modules/@szmarczak/http-timer": { - "version": "4.0.6", - "resolved": "https://registry.npmjs.org/@szmarczak/http-timer/-/http-timer-4.0.6.tgz", - "integrity": "sha512-4BAffykYOgO+5nzBWYwE3W90sBgLJoUPRWWcL8wlyiM8IB8ipJz3UMJ9KXQd1RKQXpKp8Tutn80HZtWsu2u76w==", + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/@szmarczak/http-timer/-/http-timer-5.0.1.tgz", + "integrity": "sha512-+PmQX0PiAYPMeVYe237LJAYvOMYW1j2rH5YROyS3b4CTVJum34HfRvKvAzozHAQG0TnHNdUfY9nCeUyRAs//cw==", "dev": true, + "license": "MIT", "dependencies": { - "defer-to-connect": "^2.0.0" + "defer-to-connect": "^2.0.1" }, "engines": { - "node": ">=10" + "node": ">=14.16" } }, "node_modules/@testim/chrome-version": { @@ -6315,7 +6408,8 @@ "version": "0.3.0", "resolved": "https://registry.npmjs.org/@tokenizer/token/-/token-0.3.0.tgz", "integrity": "sha512-OvjF+z51L3ov0OyAU0duzsYuvO01PH7x4t6DJx+guahgTnBHkhJdG7soQeTSFLWN3efnHyibZ4Z8l2EuWwJN3A==", - "dev": true + "dev": true, + "license": "MIT" }, "node_modules/@tootallnate/quickjs-emscripten": { "version": "0.23.0", @@ -6428,18 +6522,6 @@ "@types/node": "*" } }, - "node_modules/@types/cacheable-request": { - "version": "6.0.3", - "resolved": "https://registry.npmjs.org/@types/cacheable-request/-/cacheable-request-6.0.3.tgz", - "integrity": "sha512-IQ3EbTzGxIigb1I3qPZc1rWJnH0BmSKv5QYTalEwweFvyBDLSAe24zP0le/hyi7ecGfZVlIVAg4BZqb8WBwKqw==", - "dev": true, - "dependencies": { - "@types/http-cache-semantics": "*", - "@types/keyv": "^3.1.4", - "@types/node": "*", - "@types/responselike": "^1.0.0" - } - }, "node_modules/@types/chart.js": { "version": "2.9.41", "resolved": "https://registry.npmjs.org/@types/chart.js/-/chart.js-2.9.41.tgz", @@ -6888,7 +6970,8 @@ "version": "4.0.4", "resolved": "https://registry.npmjs.org/@types/http-cache-semantics/-/http-cache-semantics-4.0.4.tgz", "integrity": "sha512-1m0bIFVc7eJWyve9S0RnuRgcQqF/Xd5QsUZAZeQFr1Q3/p9JWoQQEqmVy+DPTNpGXwhgIetAoYF8JSc33q29QA==", - "dev": true + "dev": true, + "license": "MIT" }, "node_modules/@types/http-errors": { "version": "2.0.4", @@ -6941,15 +7024,6 @@ "dev": true, "license": "MIT" }, - "node_modules/@types/keyv": { - "version": "3.1.4", - "resolved": "https://registry.npmjs.org/@types/keyv/-/keyv-3.1.4.tgz", - "integrity": "sha512-BQ5aZNSCpj7D6K2ksrRCTmKRLEpnPvWDiLPfoGyhZ++8YtiK9d/3DBKPJgry359X/P1PfruyYwvnvwFjuEiEIg==", - "dev": true, - "dependencies": { - "@types/node": "*" - } - }, "node_modules/@types/koa": { "version": "2.15.0", "resolved": "https://registry.npmjs.org/@types/koa/-/koa-2.15.0.tgz", @@ -7131,15 +7205,6 @@ "integrity": "sha512-60BCwRFOZCQhDncwQdxxeOEEkbc5dIMccYLwbxsS4TUNeVECQ/pBJ0j09mrHOl/JJvpRPGwO9SvE4nR2Nb/a4Q==", "dev": true }, - "node_modules/@types/responselike": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/@types/responselike/-/responselike-1.0.3.tgz", - "integrity": "sha512-H/+L+UkTV33uf49PH5pCAUBVPNj2nDBXTN+qS1dOwyyg24l3CcicicCA7ca+HMvJBZcFgl5r8e+RR6elsb4Lyw==", - "dev": true, - "dependencies": { - "@types/node": "*" - } - }, "node_modules/@types/send": { "version": "0.17.4", "resolved": "https://registry.npmjs.org/@types/send/-/send-0.17.4.tgz", @@ -7263,17 +7328,17 @@ } }, "node_modules/@typescript-eslint/eslint-plugin": { - "version": "8.32.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.32.1.tgz", - "integrity": "sha512-6u6Plg9nP/J1GRpe/vcjjabo6Uc5YQPAMxsgQyGC/I0RuukiG1wIe3+Vtg3IrSCVJDmqK3j8adrtzXSENRtFgg==", + "version": "8.33.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.33.0.tgz", + "integrity": "sha512-CACyQuqSHt7ma3Ns601xykeBK/rDeZa3w6IS6UtMQbixO5DWy+8TilKkviGDH6jtWCo8FGRKEK5cLLkPvEammQ==", "dev": true, "license": "MIT", "dependencies": { "@eslint-community/regexpp": "^4.10.0", - "@typescript-eslint/scope-manager": "8.32.1", - "@typescript-eslint/type-utils": "8.32.1", - "@typescript-eslint/utils": "8.32.1", - "@typescript-eslint/visitor-keys": "8.32.1", + "@typescript-eslint/scope-manager": "8.33.0", + "@typescript-eslint/type-utils": "8.33.0", + "@typescript-eslint/utils": "8.33.0", + "@typescript-eslint/visitor-keys": "8.33.0", "graphemer": "^1.4.0", "ignore": "^7.0.0", "natural-compare": "^1.4.0", @@ -7287,7 +7352,7 @@ "url": "https://opencollective.com/typescript-eslint" }, "peerDependencies": { - "@typescript-eslint/parser": "^8.0.0 || ^8.0.0-alpha.0", + "@typescript-eslint/parser": "^8.33.0", "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <5.9.0" } @@ -7303,16 +7368,16 @@ } }, "node_modules/@typescript-eslint/parser": { - "version": "8.32.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.32.1.tgz", - "integrity": "sha512-LKMrmwCPoLhM45Z00O1ulb6jwyVr2kr3XJp+G+tSEZcbauNnScewcQwtJqXDhXeYPDEjZ8C1SjXm015CirEmGg==", + "version": "8.33.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.33.0.tgz", + "integrity": "sha512-JaehZvf6m0yqYp34+RVnihBAChkqeH+tqqhS0GuX1qgPpwLvmTPheKEs6OeCK6hVJgXZHJ2vbjnC9j119auStQ==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/scope-manager": "8.32.1", - "@typescript-eslint/types": "8.32.1", - "@typescript-eslint/typescript-estree": "8.32.1", - "@typescript-eslint/visitor-keys": "8.32.1", + "@typescript-eslint/scope-manager": "8.33.0", + "@typescript-eslint/types": "8.33.0", + "@typescript-eslint/typescript-estree": "8.33.0", + "@typescript-eslint/visitor-keys": "8.33.0", "debug": "^4.3.4" }, "engines": { @@ -7327,15 +7392,16 @@ "typescript": ">=4.8.4 <5.9.0" } }, - "node_modules/@typescript-eslint/scope-manager": { - "version": "8.32.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.32.1.tgz", - "integrity": "sha512-7IsIaIDeZn7kffk7qXC3o6Z4UblZJKV3UBpkvRNpr5NSyLji7tvTcvmnMNYuYLyh26mN8W723xpo3i4MlD33vA==", + "node_modules/@typescript-eslint/project-service": { + "version": "8.33.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.33.0.tgz", + "integrity": "sha512-d1hz0u9l6N+u/gcrk6s6gYdl7/+pp8yHheRTqP6X5hVDKALEaTn8WfGiit7G511yueBEL3OpOEpD+3/MBdoN+A==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/types": "8.32.1", - "@typescript-eslint/visitor-keys": "8.32.1" + "@typescript-eslint/tsconfig-utils": "^8.33.0", + "@typescript-eslint/types": "^8.33.0", + "debug": "^4.3.4" }, "engines": { "node": "^18.18.0 || ^20.9.0 || >=21.1.0" @@ -7345,15 +7411,50 @@ "url": "https://opencollective.com/typescript-eslint" } }, - "node_modules/@typescript-eslint/type-utils": { - "version": "8.32.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.32.1.tgz", - "integrity": "sha512-mv9YpQGA8iIsl5KyUPi+FGLm7+bA4fgXaeRcFKRDRwDMu4iwrSHeDPipwueNXhdIIZltwCJv+NkxftECbIZWfA==", + "node_modules/@typescript-eslint/scope-manager": { + "version": "8.33.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.33.0.tgz", + "integrity": "sha512-LMi/oqrzpqxyO72ltP+dBSP6V0xiUb4saY7WLtxSfiNEBI8m321LLVFU9/QDJxjDQG9/tjSqKz/E3380TEqSTw==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/typescript-estree": "8.32.1", - "@typescript-eslint/utils": "8.32.1", + "@typescript-eslint/types": "8.33.0", + "@typescript-eslint/visitor-keys": "8.33.0" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, + "node_modules/@typescript-eslint/tsconfig-utils": { + "version": "8.33.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.33.0.tgz", + "integrity": "sha512-sTkETlbqhEoiFmGr1gsdq5HyVbSOF0145SYDJ/EQmXHtKViCaGvnyLqWFFHtEXoS0J1yU8Wyou2UGmgW88fEug==", + "dev": true, + "license": "MIT", + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + }, + "peerDependencies": { + "typescript": ">=4.8.4 <5.9.0" + } + }, + "node_modules/@typescript-eslint/type-utils": { + "version": "8.33.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.33.0.tgz", + "integrity": "sha512-lScnHNCBqL1QayuSrWeqAL5GmqNdVUQAAMTaCwdYEdWfIrSrOGzyLGRCHXcCixa5NK6i5l0AfSO2oBSjCjf4XQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "@typescript-eslint/typescript-estree": "8.33.0", + "@typescript-eslint/utils": "8.33.0", "debug": "^4.3.4", "ts-api-utils": "^2.1.0" }, @@ -7370,9 +7471,9 @@ } }, "node_modules/@typescript-eslint/types": { - "version": "8.32.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.32.1.tgz", - "integrity": "sha512-YmybwXUJcgGqgAp6bEsgpPXEg6dcCyPyCSr0CAAueacR/CCBi25G3V8gGQ2kRzQRBNol7VQknxMs9HvVa9Rvfg==", + "version": "8.33.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.33.0.tgz", + "integrity": "sha512-DKuXOKpM5IDT1FA2g9x9x1Ug81YuKrzf4mYX8FAVSNu5Wo/LELHWQyM1pQaDkI42bX15PWl0vNPt1uGiIFUOpg==", "dev": true, "license": "MIT", "engines": { @@ -7384,14 +7485,16 @@ } }, "node_modules/@typescript-eslint/typescript-estree": { - "version": "8.32.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.32.1.tgz", - "integrity": "sha512-Y3AP9EIfYwBb4kWGb+simvPaqQoT5oJuzzj9m0i6FCY6SPvlomY2Ei4UEMm7+FXtlNJbor80ximyslzaQF6xhg==", + "version": "8.33.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.33.0.tgz", + "integrity": "sha512-vegY4FQoB6jL97Tu/lWRsAiUUp8qJTqzAmENH2k59SJhw0Th1oszb9Idq/FyyONLuNqT1OADJPXfyUNOR8SzAQ==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/types": "8.32.1", - "@typescript-eslint/visitor-keys": "8.32.1", + "@typescript-eslint/project-service": "8.33.0", + "@typescript-eslint/tsconfig-utils": "8.33.0", + "@typescript-eslint/types": "8.33.0", + "@typescript-eslint/visitor-keys": "8.33.0", "debug": "^4.3.4", "fast-glob": "^3.3.2", "is-glob": "^4.0.3", @@ -7411,16 +7514,16 @@ } }, "node_modules/@typescript-eslint/utils": { - "version": "8.32.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.32.1.tgz", - "integrity": "sha512-DsSFNIgLSrc89gpq1LJB7Hm1YpuhK086DRDJSNrewcGvYloWW1vZLHBTIvarKZDcAORIy/uWNx8Gad+4oMpkSA==", + "version": "8.33.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.33.0.tgz", + "integrity": "sha512-lPFuQaLA9aSNa7D5u2EpRiqdAUhzShwGg/nhpBlc4GR6kcTABttCuyjFs8BcEZ8VWrjCBof/bePhP3Q3fS+Yrw==", "dev": true, "license": "MIT", "dependencies": { "@eslint-community/eslint-utils": "^4.7.0", - "@typescript-eslint/scope-manager": "8.32.1", - "@typescript-eslint/types": "8.32.1", - "@typescript-eslint/typescript-estree": "8.32.1" + "@typescript-eslint/scope-manager": "8.33.0", + "@typescript-eslint/types": "8.33.0", + "@typescript-eslint/typescript-estree": "8.33.0" }, "engines": { "node": "^18.18.0 || ^20.9.0 || >=21.1.0" @@ -7435,13 +7538,13 @@ } }, "node_modules/@typescript-eslint/visitor-keys": { - "version": "8.32.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.32.1.tgz", - "integrity": "sha512-ar0tjQfObzhSaW3C3QNmTc5ofj0hDoNQ5XWrCy6zDyabdr0TWhCkClp+rywGNj/odAFBVzzJrK4tEq5M4Hmu4w==", + "version": "8.33.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.33.0.tgz", + "integrity": "sha512-7RW7CMYoskiz5OOGAWjJFxgb7c5UNjTG292gYhWeOAcFmYCtVCSqjqSBj5zMhxbXo2JOW95YYrUWJfU0zrpaGQ==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/types": "8.32.1", + "@typescript-eslint/types": "8.33.0", "eslint-visitor-keys": "^4.2.0" }, "engines": { @@ -9708,6 +9811,363 @@ "resolved": "https://registry.npmjs.org/@webcomponents/webcomponentsjs/-/webcomponentsjs-2.8.0.tgz", "integrity": "sha512-loGD63sacRzOzSJgQnB9ZAhaQGkN7wl2Zuw7tsphI5Isa0irijrRo6EnJii/GgjGefIFO8AIO7UivzRhFaEk9w==" }, + "node_modules/@xhmikosr/archive-type": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/@xhmikosr/archive-type/-/archive-type-7.0.0.tgz", + "integrity": "sha512-sIm84ZneCOJuiy3PpWR5bxkx3HaNt1pqaN+vncUBZIlPZCq8ASZH+hBVdu5H8znR7qYC6sKwx+ie2Q7qztJTxA==", + "dev": true, + "license": "MIT", + "dependencies": { + "file-type": "^19.0.0" + }, + "engines": { + "node": "^14.14.0 || >=16.0.0" + } + }, + "node_modules/@xhmikosr/bin-check": { + "version": "7.0.3", + "resolved": "https://registry.npmjs.org/@xhmikosr/bin-check/-/bin-check-7.0.3.tgz", + "integrity": "sha512-4UnCLCs8DB+itHJVkqFp9Zjg+w/205/J2j2wNBsCEAm/BuBmtua2hhUOdAMQE47b1c7P9Xmddj0p+X1XVsfHsA==", + "dev": true, + "license": "MIT", + "dependencies": { + "execa": "^5.1.1", + "isexe": "^2.0.0" + }, + "engines": { + "node": ">=18" + } + }, + "node_modules/@xhmikosr/bin-check/node_modules/execa": { + "version": "5.1.1", + "resolved": "https://registry.npmjs.org/execa/-/execa-5.1.1.tgz", + "integrity": "sha512-8uSpZZocAZRBAPIEINJj3Lo9HyGitllczc27Eh5YYojjMFMn8yHMDMaUHE2Jqfq05D/wucwI4JGURyXt1vchyg==", + "dev": true, + "license": "MIT", + "dependencies": { + "cross-spawn": "^7.0.3", + "get-stream": "^6.0.0", + "human-signals": "^2.1.0", + "is-stream": "^2.0.0", + "merge-stream": "^2.0.0", + "npm-run-path": "^4.0.1", + "onetime": "^5.1.2", + "signal-exit": "^3.0.3", + "strip-final-newline": "^2.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sindresorhus/execa?sponsor=1" + } + }, + "node_modules/@xhmikosr/bin-check/node_modules/get-stream": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-6.0.1.tgz", + "integrity": "sha512-ts6Wi+2j3jQjqi70w5AlN8DFnkSwC+MqmxEzdEALB2qXZYV3X/b1CTfgPLGJNMeAWxdPfU8FO1ms3NUfaHCPYg==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/@xhmikosr/bin-check/node_modules/human-signals": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/human-signals/-/human-signals-2.1.0.tgz", + "integrity": "sha512-B4FFZ6q/T2jhhksgkbEW3HBvWIfDW85snkQgawt07S7J5QXTk6BkNV+0yAeZrM5QpMAdYlocGoljn0sJ/WQkFw==", + "dev": true, + "license": "Apache-2.0", + "engines": { + "node": ">=10.17.0" + } + }, + "node_modules/@xhmikosr/bin-check/node_modules/is-stream": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-2.0.1.tgz", + "integrity": "sha512-hFoiJiTl63nn+kstHGBtewWSKnQLpyb155KHheA1l39uvtO9nWIop1p3udqPcUd/xbF1VLMO4n7OI6p7RbngDg==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/@xhmikosr/bin-check/node_modules/isexe": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz", + "integrity": "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==", + "dev": true, + "license": "ISC" + }, + "node_modules/@xhmikosr/bin-check/node_modules/npm-run-path": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-4.0.1.tgz", + "integrity": "sha512-S48WzZW777zhNIrn7gxOlISNAqi9ZC/uQFnRdbeIHhZhCA6UqpkOT8T1G7BvfdgP4Er8gF4sUbaS0i7QvIfCWw==", + "dev": true, + "license": "MIT", + "dependencies": { + "path-key": "^3.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/@xhmikosr/bin-check/node_modules/signal-exit": { + "version": "3.0.7", + "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.7.tgz", + "integrity": "sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ==", + "dev": true, + "license": "ISC" + }, + "node_modules/@xhmikosr/bin-check/node_modules/strip-final-newline": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/strip-final-newline/-/strip-final-newline-2.0.0.tgz", + "integrity": "sha512-BrpvfNAE3dcvq7ll3xVumzjKjZQ5tI1sEUIKr3Uoks0XUl45St3FlatVqef9prk4jRDzhW6WZg+3bk93y6pLjA==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/@xhmikosr/bin-wrapper": { + "version": "13.0.5", + "resolved": "https://registry.npmjs.org/@xhmikosr/bin-wrapper/-/bin-wrapper-13.0.5.tgz", + "integrity": "sha512-DT2SAuHDeOw0G5bs7wZbQTbf4hd8pJ14tO0i4cWhRkIJfgRdKmMfkDilpaJ8uZyPA0NVRwasCNAmMJcWA67osw==", + "dev": true, + "license": "MIT", + "dependencies": { + "@xhmikosr/bin-check": "^7.0.3", + "@xhmikosr/downloader": "^15.0.1", + "@xhmikosr/os-filter-obj": "^3.0.0", + "bin-version-check": "^5.1.0" + }, + "engines": { + "node": ">=18" + } + }, + "node_modules/@xhmikosr/decompress": { + "version": "10.0.1", + "resolved": "https://registry.npmjs.org/@xhmikosr/decompress/-/decompress-10.0.1.tgz", + "integrity": "sha512-6uHnEEt5jv9ro0CDzqWlFgPycdE+H+kbJnwyxgZregIMLQ7unQSCNVsYG255FoqU8cP46DyggI7F7LohzEl8Ag==", + "dev": true, + "license": "MIT", + "dependencies": { + "@xhmikosr/decompress-tar": "^8.0.1", + "@xhmikosr/decompress-tarbz2": "^8.0.1", + "@xhmikosr/decompress-targz": "^8.0.1", + "@xhmikosr/decompress-unzip": "^7.0.0", + "graceful-fs": "^4.2.11", + "make-dir": "^4.0.0", + "strip-dirs": "^3.0.0" + }, + "engines": { + "node": ">=18" + } + }, + "node_modules/@xhmikosr/decompress-tar": { + "version": "8.0.1", + "resolved": "https://registry.npmjs.org/@xhmikosr/decompress-tar/-/decompress-tar-8.0.1.tgz", + "integrity": "sha512-dpEgs0cQKJ2xpIaGSO0hrzz3Kt8TQHYdizHsgDtLorWajuHJqxzot9Hbi0huRxJuAGG2qiHSQkwyvHHQtlE+fg==", + "dev": true, + "license": "MIT", + "dependencies": { + "file-type": "^19.0.0", + "is-stream": "^2.0.1", + "tar-stream": "^3.1.7" + }, + "engines": { + "node": ">=18" + } + }, + "node_modules/@xhmikosr/decompress-tar/node_modules/is-stream": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-2.0.1.tgz", + "integrity": "sha512-hFoiJiTl63nn+kstHGBtewWSKnQLpyb155KHheA1l39uvtO9nWIop1p3udqPcUd/xbF1VLMO4n7OI6p7RbngDg==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/@xhmikosr/decompress-tarbz2": { + "version": "8.0.2", + "resolved": "https://registry.npmjs.org/@xhmikosr/decompress-tarbz2/-/decompress-tarbz2-8.0.2.tgz", + "integrity": "sha512-p5A2r/AVynTQSsF34Pig6olt9CvRj6J5ikIhzUd3b57pUXyFDGtmBstcw+xXza0QFUh93zJsmY3zGeNDlR2AQQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "@xhmikosr/decompress-tar": "^8.0.1", + "file-type": "^19.6.0", + "is-stream": "^2.0.1", + "seek-bzip": "^2.0.0", + "unbzip2-stream": "^1.4.3" + }, + "engines": { + "node": ">=18" + } + }, + "node_modules/@xhmikosr/decompress-tarbz2/node_modules/is-stream": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-2.0.1.tgz", + "integrity": "sha512-hFoiJiTl63nn+kstHGBtewWSKnQLpyb155KHheA1l39uvtO9nWIop1p3udqPcUd/xbF1VLMO4n7OI6p7RbngDg==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/@xhmikosr/decompress-targz": { + "version": "8.0.1", + "resolved": "https://registry.npmjs.org/@xhmikosr/decompress-targz/-/decompress-targz-8.0.1.tgz", + "integrity": "sha512-mvy5AIDIZjQ2IagMI/wvauEiSNHhu/g65qpdM4EVoYHUJBAmkQWqcPJa8Xzi1aKVTmOA5xLJeDk7dqSjlHq8Mg==", + "dev": true, + "license": "MIT", + "dependencies": { + "@xhmikosr/decompress-tar": "^8.0.1", + "file-type": "^19.0.0", + "is-stream": "^2.0.1" + }, + "engines": { + "node": ">=18" + } + }, + "node_modules/@xhmikosr/decompress-targz/node_modules/is-stream": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-2.0.1.tgz", + "integrity": "sha512-hFoiJiTl63nn+kstHGBtewWSKnQLpyb155KHheA1l39uvtO9nWIop1p3udqPcUd/xbF1VLMO4n7OI6p7RbngDg==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/@xhmikosr/decompress-unzip": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/@xhmikosr/decompress-unzip/-/decompress-unzip-7.0.0.tgz", + "integrity": "sha512-GQMpzIpWTsNr6UZbISawsGI0hJ4KA/mz5nFq+cEoPs12UybAqZWKbyIaZZyLbJebKl5FkLpsGBkrplJdjvUoSQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "file-type": "^19.0.0", + "get-stream": "^6.0.1", + "yauzl": "^3.1.2" + }, + "engines": { + "node": ">=18" + } + }, + "node_modules/@xhmikosr/decompress-unzip/node_modules/buffer-crc32": { + "version": "0.2.13", + "resolved": "https://registry.npmjs.org/buffer-crc32/-/buffer-crc32-0.2.13.tgz", + "integrity": "sha512-VO9Ht/+p3SN7SKWqcrgEzjGbRSJYTx+Q1pTQC0wrWqHx0vpJraQ6GtHx8tvcg1rlK1byhU5gccxgOgj7B0TDkQ==", + "dev": true, + "license": "MIT", + "engines": { + "node": "*" + } + }, + "node_modules/@xhmikosr/decompress-unzip/node_modules/get-stream": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-6.0.1.tgz", + "integrity": "sha512-ts6Wi+2j3jQjqi70w5AlN8DFnkSwC+MqmxEzdEALB2qXZYV3X/b1CTfgPLGJNMeAWxdPfU8FO1ms3NUfaHCPYg==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/@xhmikosr/decompress-unzip/node_modules/yauzl": { + "version": "3.2.0", + "resolved": "https://registry.npmjs.org/yauzl/-/yauzl-3.2.0.tgz", + "integrity": "sha512-Ow9nuGZE+qp1u4JIPvg+uCiUr7xGQWdff7JQSk5VGYTAZMDe2q8lxJ10ygv10qmSj031Ty/6FNJpLO4o1Sgc+w==", + "dev": true, + "license": "MIT", + "dependencies": { + "buffer-crc32": "~0.2.3", + "pend": "~1.2.0" + }, + "engines": { + "node": ">=12" + } + }, + "node_modules/@xhmikosr/downloader": { + "version": "15.0.1", + "resolved": "https://registry.npmjs.org/@xhmikosr/downloader/-/downloader-15.0.1.tgz", + "integrity": "sha512-fiuFHf3Dt6pkX8HQrVBsK0uXtkgkVlhrZEh8b7VgoDqFf+zrgFBPyrwCqE/3nDwn3hLeNz+BsrS7q3mu13Lp1g==", + "dev": true, + "license": "MIT", + "dependencies": { + "@xhmikosr/archive-type": "^7.0.0", + "@xhmikosr/decompress": "^10.0.1", + "content-disposition": "^0.5.4", + "defaults": "^3.0.0", + "ext-name": "^5.0.0", + "file-type": "^19.0.0", + "filenamify": "^6.0.0", + "get-stream": "^6.0.1", + "got": "^13.0.0" + }, + "engines": { + "node": ">=18" + } + }, + "node_modules/@xhmikosr/downloader/node_modules/defaults": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/defaults/-/defaults-3.0.0.tgz", + "integrity": "sha512-RsqXDEAALjfRTro+IFNKpcPCt0/Cy2FqHSIlnomiJp9YGadpQnrtbRpSgN2+np21qHcIKiva4fiOQGjS9/qR/A==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/@xhmikosr/downloader/node_modules/get-stream": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-6.0.1.tgz", + "integrity": "sha512-ts6Wi+2j3jQjqi70w5AlN8DFnkSwC+MqmxEzdEALB2qXZYV3X/b1CTfgPLGJNMeAWxdPfU8FO1ms3NUfaHCPYg==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/@xhmikosr/os-filter-obj": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@xhmikosr/os-filter-obj/-/os-filter-obj-3.0.0.tgz", + "integrity": "sha512-siPY6BD5dQ2SZPl3I0OZBHL27ZqZvLEosObsZRQ1NUB8qcxegwt0T9eKtV96JMFQpIz1elhkzqOg4c/Ri6Dp9A==", + "dev": true, + "license": "MIT", + "dependencies": { + "arch": "^3.0.0" + }, + "engines": { + "node": "^14.14.0 || >=16.0.0" + } + }, "node_modules/@xmldom/xmldom": { "version": "0.8.10", "resolved": "https://registry.npmjs.org/@xmldom/xmldom/-/xmldom-0.8.10.tgz", @@ -9946,9 +10406,9 @@ "license": "BSD-2-Clause" }, "node_modules/arch": { - "version": "2.2.0", - "resolved": "https://registry.npmjs.org/arch/-/arch-2.2.0.tgz", - "integrity": "sha512-Of/R0wqp83cgHozfIYLbBMnej79U/SVGOOyuB3VVFv1NRM/PSFMK12x9KVtiYzJqmnU5WR2qp0Z5rHb7sWGnFQ==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/arch/-/arch-3.0.0.tgz", + "integrity": "sha512-AmIAC+Wtm2AU8lGfTtHsw0Y9Qtftx2YXEEtiBP10xFUtMOA+sHHx6OAddyL52mUKh1vsXQ6/w1mVDptZCyUt4Q==", "dev": true, "funding": [ { @@ -9963,7 +10423,8 @@ "type": "consulting", "url": "https://feross.org/support" } - ] + ], + "license": "MIT" }, "node_modules/archiver": { "version": "7.0.1", @@ -10507,153 +10968,12 @@ "node": ">=12.0.0" } }, - "node_modules/bin-check": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/bin-check/-/bin-check-4.1.0.tgz", - "integrity": "sha512-b6weQyEUKsDGFlACWSIOfveEnImkJyK/FGW6FAG42loyoquvjdtOIqO6yBFzHyqyVVhNgNkQxxx09SFLK28YnA==", - "dev": true, - "dependencies": { - "execa": "^0.7.0", - "executable": "^4.1.0" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/bin-check/node_modules/cross-spawn": { - "version": "5.1.0", - "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-5.1.0.tgz", - "integrity": "sha512-pTgQJ5KC0d2hcY8eyL1IzlBPYjTkyH72XRZPnLyKus2mBfNjQs3klqbJU2VILqZryAZUt9JOb3h/mWMy23/f5A==", - "dev": true, - "dependencies": { - "lru-cache": "^4.0.1", - "shebang-command": "^1.2.0", - "which": "^1.2.9" - } - }, - "node_modules/bin-check/node_modules/execa": { - "version": "0.7.0", - "resolved": "https://registry.npmjs.org/execa/-/execa-0.7.0.tgz", - "integrity": "sha512-RztN09XglpYI7aBBrJCPW95jEH7YF1UEPOoX9yDhUTPdp7mK+CQvnLTuD10BNXZ3byLTu2uehZ8EcKT/4CGiFw==", - "dev": true, - "dependencies": { - "cross-spawn": "^5.0.1", - "get-stream": "^3.0.0", - "is-stream": "^1.1.0", - "npm-run-path": "^2.0.0", - "p-finally": "^1.0.0", - "signal-exit": "^3.0.0", - "strip-eof": "^1.0.0" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/bin-check/node_modules/get-stream": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-3.0.0.tgz", - "integrity": "sha512-GlhdIUuVakc8SJ6kK0zAFbiGzRFzNnY4jUuEbV9UROo4Y+0Ny4fjvcZFVTeDA4odpFyOQzaw6hXukJSq/f28sQ==", - "dev": true, - "engines": { - "node": ">=4" - } - }, - "node_modules/bin-check/node_modules/is-stream": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-1.1.0.tgz", - "integrity": "sha512-uQPm8kcs47jx38atAcWTVxyltQYoPT68y9aWYdV6yWXSyW8mzSat0TL6CiWdZeCdF3KrAvpVtnHbTv4RN+rqdQ==", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/bin-check/node_modules/isexe": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz", - "integrity": "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==", - "dev": true - }, - "node_modules/bin-check/node_modules/lru-cache": { - "version": "4.1.5", - "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-4.1.5.tgz", - "integrity": "sha512-sWZlbEP2OsHNkXrMl5GYk/jKk70MBng6UU4YI/qGDYbgf6YbP4EvmqISbXCoJiRKs+1bSpFHVgQxvJ17F2li5g==", - "dev": true, - "dependencies": { - "pseudomap": "^1.0.2", - "yallist": "^2.1.2" - } - }, - "node_modules/bin-check/node_modules/npm-run-path": { - "version": "2.0.2", - "resolved": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-2.0.2.tgz", - "integrity": "sha512-lJxZYlT4DW/bRUtFh1MQIWqmLwQfAxnqWG4HhEdjMlkrJYnJn0Jrr2u3mgxqaWsdiBc76TYkTG/mhrnYTuzfHw==", - "dev": true, - "dependencies": { - "path-key": "^2.0.0" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/bin-check/node_modules/path-key": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/path-key/-/path-key-2.0.1.tgz", - "integrity": "sha512-fEHGKCSmUSDPv4uoj8AlD+joPlq3peND+HRYyxFz4KPw4z926S/b8rIuFs2FYJg3BwsxJf6A9/3eIdLaYC+9Dw==", - "dev": true, - "engines": { - "node": ">=4" - } - }, - "node_modules/bin-check/node_modules/shebang-command": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-1.2.0.tgz", - "integrity": "sha512-EV3L1+UQWGor21OmnvojK36mhg+TyIKDh3iFBKBohr5xeXIhNBcx8oWdgkTEEQ+BEFFYdLRuqMfd5L84N1V5Vg==", - "dev": true, - "dependencies": { - "shebang-regex": "^1.0.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/bin-check/node_modules/shebang-regex": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-1.0.0.tgz", - "integrity": "sha512-wpoSFAxys6b2a2wHZ1XpDSgD7N9iVjg29Ph9uV/uaP9Ex/KXlkTZTeddxDPSYQpgvzKLGJke2UU0AzoGCjNIvQ==", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/bin-check/node_modules/signal-exit": { - "version": "3.0.7", - "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.7.tgz", - "integrity": "sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ==", - "dev": true - }, - "node_modules/bin-check/node_modules/which": { - "version": "1.3.1", - "resolved": "https://registry.npmjs.org/which/-/which-1.3.1.tgz", - "integrity": "sha512-HxJdYWq1MTIQbJ3nw0cqssHoTNU267KlrDuGZ1WYlxDStUtKUhOaJmh112/TZmHxxUfuJqPXSOm7tDyas0OSIQ==", - "dev": true, - "dependencies": { - "isexe": "^2.0.0" - }, - "bin": { - "which": "bin/which" - } - }, - "node_modules/bin-check/node_modules/yallist": { - "version": "2.1.2", - "resolved": "https://registry.npmjs.org/yallist/-/yallist-2.1.2.tgz", - "integrity": "sha512-ncTzHV7NvsQZkYe1DW7cbDLm0YpzHmZF5r/iyP3ZnQtMiJ+pjzisCiMNI+Sj+xQF5pXhSHxSB3uDbsBTzY/c2A==", - "dev": true - }, "node_modules/bin-version": { "version": "6.0.0", "resolved": "https://registry.npmjs.org/bin-version/-/bin-version-6.0.0.tgz", "integrity": "sha512-nk5wEsP4RiKjG+vF+uG8lFsEn4d7Y6FVDamzzftSunXOoOcOOkzcWdKVlGgFFwlUQCj63SgnUkLLGF8v7lufhw==", "dev": true, + "license": "MIT", "dependencies": { "execa": "^5.0.0", "find-versions": "^5.0.0" @@ -10670,6 +10990,7 @@ "resolved": "https://registry.npmjs.org/bin-version-check/-/bin-version-check-5.1.0.tgz", "integrity": "sha512-bYsvMqJ8yNGILLz1KP9zKLzQ6YpljV3ln1gqhuLkUtyfGi3qXKGuK2p+U4NAvjVFzDFiBBtOpCOSFNuYYEGZ5g==", "dev": true, + "license": "MIT", "dependencies": { "bin-version": "^6.0.0", "semver": "^7.5.3", @@ -10687,6 +11008,7 @@ "resolved": "https://registry.npmjs.org/execa/-/execa-5.1.1.tgz", "integrity": "sha512-8uSpZZocAZRBAPIEINJj3Lo9HyGitllczc27Eh5YYojjMFMn8yHMDMaUHE2Jqfq05D/wucwI4JGURyXt1vchyg==", "dev": true, + "license": "MIT", "dependencies": { "cross-spawn": "^7.0.3", "get-stream": "^6.0.0", @@ -10710,6 +11032,7 @@ "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-6.0.1.tgz", "integrity": "sha512-ts6Wi+2j3jQjqi70w5AlN8DFnkSwC+MqmxEzdEALB2qXZYV3X/b1CTfgPLGJNMeAWxdPfU8FO1ms3NUfaHCPYg==", "dev": true, + "license": "MIT", "engines": { "node": ">=10" }, @@ -10722,6 +11045,7 @@ "resolved": "https://registry.npmjs.org/human-signals/-/human-signals-2.1.0.tgz", "integrity": "sha512-B4FFZ6q/T2jhhksgkbEW3HBvWIfDW85snkQgawt07S7J5QXTk6BkNV+0yAeZrM5QpMAdYlocGoljn0sJ/WQkFw==", "dev": true, + "license": "Apache-2.0", "engines": { "node": ">=10.17.0" } @@ -10731,6 +11055,7 @@ "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-2.0.1.tgz", "integrity": "sha512-hFoiJiTl63nn+kstHGBtewWSKnQLpyb155KHheA1l39uvtO9nWIop1p3udqPcUd/xbF1VLMO4n7OI6p7RbngDg==", "dev": true, + "license": "MIT", "engines": { "node": ">=8" }, @@ -10743,6 +11068,7 @@ "resolved": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-4.0.1.tgz", "integrity": "sha512-S48WzZW777zhNIrn7gxOlISNAqi9ZC/uQFnRdbeIHhZhCA6UqpkOT8T1G7BvfdgP4Er8gF4sUbaS0i7QvIfCWw==", "dev": true, + "license": "MIT", "dependencies": { "path-key": "^3.0.0" }, @@ -10754,13 +11080,15 @@ "version": "3.0.7", "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.7.tgz", "integrity": "sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ==", - "dev": true + "dev": true, + "license": "ISC" }, "node_modules/bin-version/node_modules/strip-final-newline": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/strip-final-newline/-/strip-final-newline-2.0.0.tgz", "integrity": "sha512-BrpvfNAE3dcvq7ll3xVumzjKjZQ5tI1sEUIKr3Uoks0XUl45St3FlatVqef9prk4jRDzhW6WZg+3bk93y6pLjA==", "dev": true, + "license": "MIT", "engines": { "node": ">=6" } @@ -11028,42 +11356,42 @@ } }, "node_modules/cacheable-lookup": { - "version": "5.0.4", - "resolved": "https://registry.npmjs.org/cacheable-lookup/-/cacheable-lookup-5.0.4.tgz", - "integrity": "sha512-2/kNscPhpcxrOigMZzbiWF7dz8ilhb/nIHU3EyZiXWXpeq/au8qJ8VhdftMkty3n7Gj6HIGalQG8oiBNB3AJgA==", + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/cacheable-lookup/-/cacheable-lookup-7.0.0.tgz", + "integrity": "sha512-+qJyx4xiKra8mZrcwhjMRMUhD5NR1R8esPkzIYxX96JiecFoxAXFuz/GpR3+ev4PE1WamHip78wV0vcmPQtp8w==", "dev": true, + "license": "MIT", "engines": { - "node": ">=10.6.0" + "node": ">=14.16" } }, "node_modules/cacheable-request": { - "version": "7.0.4", - "resolved": "https://registry.npmjs.org/cacheable-request/-/cacheable-request-7.0.4.tgz", - "integrity": "sha512-v+p6ongsrp0yTGbJXjgxPow2+DL93DASP4kXCDKb8/bwRtt9OEF3whggkkDkGNzgcWy2XaF4a8nZglC7uElscg==", + "version": "10.2.14", + "resolved": "https://registry.npmjs.org/cacheable-request/-/cacheable-request-10.2.14.tgz", + "integrity": "sha512-zkDT5WAF4hSSoUgyfg5tFIxz8XQK+25W/TLVojJTMKBaxevLBBtLxgqguAuVQB8PVW79FVjHcU+GJ9tVbDZ9mQ==", "dev": true, + "license": "MIT", "dependencies": { - "clone-response": "^1.0.2", - "get-stream": "^5.1.0", - "http-cache-semantics": "^4.0.0", - "keyv": "^4.0.0", - "lowercase-keys": "^2.0.0", - "normalize-url": "^6.0.1", - "responselike": "^2.0.0" + "@types/http-cache-semantics": "^4.0.2", + "get-stream": "^6.0.1", + "http-cache-semantics": "^4.1.1", + "keyv": "^4.5.3", + "mimic-response": "^4.0.0", + "normalize-url": "^8.0.0", + "responselike": "^3.0.0" }, "engines": { - "node": ">=8" + "node": ">=14.16" } }, "node_modules/cacheable-request/node_modules/get-stream": { - "version": "5.2.0", - "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-5.2.0.tgz", - "integrity": "sha512-nBF+F1rAZVCu/p7rjzgA+Yb4lfYXrpl7a6VmJrU8wF9I1CKvP/QwPNZHnOlwbTkY6dvtFIzFMSyQXbLoTQPRpA==", + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-6.0.1.tgz", + "integrity": "sha512-ts6Wi+2j3jQjqi70w5AlN8DFnkSwC+MqmxEzdEALB2qXZYV3X/b1CTfgPLGJNMeAWxdPfU8FO1ms3NUfaHCPYg==", "dev": true, - "dependencies": { - "pump": "^3.0.0" - }, + "license": "MIT", "engines": { - "node": ">=8" + "node": ">=10" }, "funding": { "url": "https://github.com/sponsors/sindresorhus" @@ -11684,27 +12012,6 @@ "node": ">=0.8" } }, - "node_modules/clone-response": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/clone-response/-/clone-response-1.0.3.tgz", - "integrity": "sha512-ROoL94jJH2dUVML2Y/5PEDNaSHgeOdSDicUyS7izcF63G6sTc/FTjLub4b8Il9S8S0beOfYt0TaA5qvFK+w0wA==", - "dev": true, - "dependencies": { - "mimic-response": "^1.0.0" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/clone-response/node_modules/mimic-response": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/mimic-response/-/mimic-response-1.0.1.tgz", - "integrity": "sha512-j5EctnkH7amfV/q5Hgmoal1g2QHFJRraOtmx0JpIqkxhBhI/lJSl1nMpQ45hVarwNETOoWEimndZ4QK0RHxuxQ==", - "dev": true, - "engines": { - "node": ">=4" - } - }, "node_modules/co": { "version": "4.6.0", "resolved": "https://registry.npmjs.org/co/-/co-4.6.0.tgz", @@ -11979,10 +12286,11 @@ } }, "node_modules/core-js": { - "version": "3.38.1", - "resolved": "https://registry.npmjs.org/core-js/-/core-js-3.38.1.tgz", - "integrity": "sha512-OP35aUorbU3Zvlx7pjsFdu1rGNnD4pgw/CWoYzRY3t2EzoVT7shKHY1dlAy3f41cGIO7ZDPQimhGFTlEYkG/Hw==", + "version": "3.42.0", + "resolved": "https://registry.npmjs.org/core-js/-/core-js-3.42.0.tgz", + "integrity": "sha512-Sz4PP4ZA+Rq4II21qkNqOEDTDrCvcANId3xpIgB34NDkWc3UduWj2dqEtN9yZIq8Dk3HyPI33x9sqqU5C8sr0g==", "hasInstallScript": true, + "license": "MIT", "funding": { "type": "opencollective", "url": "https://opencollective.com/core-js" @@ -12791,6 +13099,7 @@ "resolved": "https://registry.npmjs.org/decompress-response/-/decompress-response-6.0.0.tgz", "integrity": "sha512-aW35yZM6Bb/4oJlZncMH2LCoZtJXTRxES17vE3hoRiowU2kWHaJKFkSBDnDR+cm9J+9QhXmREyIfv0pji9ejCQ==", "dev": true, + "license": "MIT", "dependencies": { "mimic-response": "^3.1.0" }, @@ -12801,6 +13110,19 @@ "url": "https://github.com/sponsors/sindresorhus" } }, + "node_modules/decompress-response/node_modules/mimic-response": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/mimic-response/-/mimic-response-3.1.0.tgz", + "integrity": "sha512-z0yWI+4FDrrweS8Zmt4Ej5HdJmky15+L2e6Wgn3+iK5fWzb6T3fhNFq2+MeTRb064c6Wr4N/wv0DzQTjNzHNGQ==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, "node_modules/deep-eql": { "version": "5.0.2", "resolved": "https://registry.npmjs.org/deep-eql/-/deep-eql-5.0.2.tgz", @@ -12962,6 +13284,7 @@ "resolved": "https://registry.npmjs.org/defer-to-connect/-/defer-to-connect-2.0.1.tgz", "integrity": "sha512-4tvttepXG1VaYGrRibk5EwJd1t4udunSOVMdLSAL6mId1ix438oPwPZMALY41FCijukO1L0twNcGsdzS7dHgDg==", "dev": true, + "license": "MIT", "engines": { "node": ">=10" } @@ -13738,9 +14061,9 @@ } }, "node_modules/esbuild": { - "version": "0.25.4", - "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.25.4.tgz", - "integrity": "sha512-8pgjLUcUjcgDg+2Q4NYXnPbo/vncAY4UmyaCm0jZevERqCHZIaWwdJHkf8XQtu4AxSKCdvrUbT0XUr1IdZzI8Q==", + "version": "0.25.5", + "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.25.5.tgz", + "integrity": "sha512-P8OtKZRv/5J5hhz0cUAdu/cLuPIKXpQl1R9pZtvmHWQvrAUVd0UNIPT4IB4W3rNOqVO0rlqHmCIbSwxh/c9yUQ==", "dev": true, "hasInstallScript": true, "license": "MIT", @@ -13751,31 +14074,31 @@ "node": ">=18" }, "optionalDependencies": { - "@esbuild/aix-ppc64": "0.25.4", - "@esbuild/android-arm": "0.25.4", - "@esbuild/android-arm64": "0.25.4", - "@esbuild/android-x64": "0.25.4", - "@esbuild/darwin-arm64": "0.25.4", - "@esbuild/darwin-x64": "0.25.4", - "@esbuild/freebsd-arm64": "0.25.4", - "@esbuild/freebsd-x64": "0.25.4", - "@esbuild/linux-arm": "0.25.4", - "@esbuild/linux-arm64": "0.25.4", - "@esbuild/linux-ia32": "0.25.4", - "@esbuild/linux-loong64": "0.25.4", - "@esbuild/linux-mips64el": "0.25.4", - "@esbuild/linux-ppc64": "0.25.4", - "@esbuild/linux-riscv64": "0.25.4", - "@esbuild/linux-s390x": "0.25.4", - "@esbuild/linux-x64": "0.25.4", - "@esbuild/netbsd-arm64": "0.25.4", - "@esbuild/netbsd-x64": "0.25.4", - "@esbuild/openbsd-arm64": "0.25.4", - "@esbuild/openbsd-x64": "0.25.4", - "@esbuild/sunos-x64": "0.25.4", - "@esbuild/win32-arm64": "0.25.4", - "@esbuild/win32-ia32": "0.25.4", - "@esbuild/win32-x64": "0.25.4" + "@esbuild/aix-ppc64": "0.25.5", + "@esbuild/android-arm": "0.25.5", + "@esbuild/android-arm64": "0.25.5", + "@esbuild/android-x64": "0.25.5", + "@esbuild/darwin-arm64": "0.25.5", + "@esbuild/darwin-x64": "0.25.5", + "@esbuild/freebsd-arm64": "0.25.5", + "@esbuild/freebsd-x64": "0.25.5", + "@esbuild/linux-arm": "0.25.5", + "@esbuild/linux-arm64": "0.25.5", + "@esbuild/linux-ia32": "0.25.5", + "@esbuild/linux-loong64": "0.25.5", + "@esbuild/linux-mips64el": "0.25.5", + "@esbuild/linux-ppc64": "0.25.5", + "@esbuild/linux-riscv64": "0.25.5", + "@esbuild/linux-s390x": "0.25.5", + "@esbuild/linux-x64": "0.25.5", + "@esbuild/netbsd-arm64": "0.25.5", + "@esbuild/netbsd-x64": "0.25.5", + "@esbuild/openbsd-arm64": "0.25.5", + "@esbuild/openbsd-x64": "0.25.5", + "@esbuild/sunos-x64": "0.25.5", + "@esbuild/win32-arm64": "0.25.5", + "@esbuild/win32-ia32": "0.25.5", + "@esbuild/win32-x64": "0.25.5" } }, "node_modules/esbuild-android-64": { @@ -14424,9 +14747,9 @@ } }, "node_modules/eslint": { - "version": "9.27.0", - "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.27.0.tgz", - "integrity": "sha512-ixRawFQuMB9DZ7fjU3iGGganFDp3+45bPOdaRurcFHSXO1e/sYwUX/FtQZpLZJR6SjMoJH8hR2pPEAfDyCoU2Q==", + "version": "9.28.0", + "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.28.0.tgz", + "integrity": "sha512-ocgh41VhRlf9+fVpe7QKzwLj9c92fDiqOj8Y3Sd4/ZmVA4Btx4PlUYPq4pp9JDyupkf1upbEXecxL2mwNV7jPQ==", "dev": true, "license": "MIT", "dependencies": { @@ -14436,7 +14759,7 @@ "@eslint/config-helpers": "^0.2.1", "@eslint/core": "^0.14.0", "@eslint/eslintrc": "^3.3.1", - "@eslint/js": "9.27.0", + "@eslint/js": "9.28.0", "@eslint/plugin-kit": "^0.3.1", "@humanfs/node": "^0.16.6", "@humanwhocodes/module-importer": "^1.0.1", @@ -15125,27 +15448,6 @@ "url": "https://github.com/sindresorhus/execa?sponsor=1" } }, - "node_modules/executable": { - "version": "4.1.1", - "resolved": "https://registry.npmjs.org/executable/-/executable-4.1.1.tgz", - "integrity": "sha512-8iA79xD3uAch729dUG8xaaBBFGaEa0wdD2VkYLFHwlqosEj/jT66AzcreRDSgV7ehnNLBW2WR5jIXwGKjVdTLg==", - "dev": true, - "dependencies": { - "pify": "^2.2.0" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/executable/node_modules/pify": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/pify/-/pify-2.3.0.tgz", - "integrity": "sha512-udgsAY+fTnvv7kI7aaxbqwWNb0AHiB0qBO89PZKPkoTmGOgdbrHDKD+0B2X4uTfJ/FT1R09r9gTsjUjNJotuog==", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/expect": { "version": "29.7.0", "resolved": "https://registry.npmjs.org/expect/-/expect-29.7.0.tgz", @@ -15205,6 +15507,7 @@ "resolved": "https://registry.npmjs.org/ext-list/-/ext-list-2.2.2.tgz", "integrity": "sha512-u+SQgsubraE6zItfVA0tBuCBhfU9ogSRnsvygI7wht9TS510oLkBRXBsqopeUG/GBOIQyKZO9wjTqIu/sf5zFA==", "dev": true, + "license": "MIT", "dependencies": { "mime-db": "^1.28.0" }, @@ -15217,6 +15520,7 @@ "resolved": "https://registry.npmjs.org/ext-name/-/ext-name-5.0.0.tgz", "integrity": "sha512-yblEwXAbGv1VQDmow7s38W77hzAgJAO50ztBLMcUyUBfxv1HC+LGwtiEN+Co6LtlqT/5uwVOxsD4TNIilWhwdQ==", "dev": true, + "license": "MIT", "dependencies": { "ext-list": "^2.0.0", "sort-keys-length": "^1.0.0" @@ -15469,17 +15773,19 @@ } }, "node_modules/file-type": { - "version": "17.1.6", - "resolved": "https://registry.npmjs.org/file-type/-/file-type-17.1.6.tgz", - "integrity": "sha512-hlDw5Ev+9e883s0pwUsuuYNu4tD7GgpUnOvykjv1Gya0ZIjuKumthDRua90VUn6/nlRKAjcxLUnHNTIUWwWIiw==", + "version": "19.6.0", + "resolved": "https://registry.npmjs.org/file-type/-/file-type-19.6.0.tgz", + "integrity": "sha512-VZR5I7k5wkD0HgFnMsq5hOsSc710MJMu5Nc5QYsbe38NN5iPV/XTObYLc/cpttRTf6lX538+5uO1ZQRhYibiZQ==", "dev": true, + "license": "MIT", "dependencies": { - "readable-web-to-node-stream": "^3.0.2", - "strtok3": "^7.0.0-alpha.9", - "token-types": "^5.0.0-alpha.2" + "get-stream": "^9.0.1", + "strtok3": "^9.0.1", + "token-types": "^6.0.0", + "uint8array-extras": "^1.3.0" }, "engines": { - "node": "^12.20.0 || ^14.13.1 || >=16.0.0" + "node": ">=18" }, "funding": { "url": "https://github.com/sindresorhus/file-type?sponsor=1" @@ -15511,6 +15817,7 @@ "resolved": "https://registry.npmjs.org/filename-reserved-regex/-/filename-reserved-regex-3.0.0.tgz", "integrity": "sha512-hn4cQfU6GOT/7cFHXBqeBg2TbrMBgdD0kcjLhvSQYYwm3s4B6cjvBfb7nBALJLAXqmU5xajSa7X2NnUud/VCdw==", "dev": true, + "license": "MIT", "engines": { "node": "^12.20.0 || ^14.13.1 || >=16.0.0" }, @@ -15519,17 +15826,16 @@ } }, "node_modules/filenamify": { - "version": "5.1.1", - "resolved": "https://registry.npmjs.org/filenamify/-/filenamify-5.1.1.tgz", - "integrity": "sha512-M45CbrJLGACfrPOkrTp3j2EcO9OBkKUYME0eiqOCa7i2poaklU0jhlIaMlr8ijLorT0uLAzrn3qXOp5684CkfA==", + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/filenamify/-/filenamify-6.0.0.tgz", + "integrity": "sha512-vqIlNogKeyD3yzrm0yhRMQg8hOVwYcYRfjEoODd49iCprMn4HL85gK3HcykQE53EPIpX3HcAbGA5ELQv216dAQ==", "dev": true, + "license": "MIT", "dependencies": { - "filename-reserved-regex": "^3.0.0", - "strip-outer": "^2.0.0", - "trim-repeated": "^2.0.0" + "filename-reserved-regex": "^3.0.0" }, "engines": { - "node": ">=12.20" + "node": ">=16" }, "funding": { "url": "https://github.com/sponsors/sindresorhus" @@ -15587,6 +15893,7 @@ "resolved": "https://registry.npmjs.org/find-versions/-/find-versions-5.1.0.tgz", "integrity": "sha512-+iwzCJ7C5v5KgcBuueqVoNiHVoQpwiUK5XFLjf0affFTep+Wcw93tPvmb8tqujDNmzhBDPddnWV/qgWSXgq+Hg==", "dev": true, + "license": "MIT", "dependencies": { "semver-regex": "^4.0.5" }, @@ -15689,6 +15996,16 @@ "node": ">= 6" } }, + "node_modules/form-data-encoder": { + "version": "2.1.4", + "resolved": "https://registry.npmjs.org/form-data-encoder/-/form-data-encoder-2.1.4.tgz", + "integrity": "sha512-yDYSgNMraqvnxiEXO4hi88+YZxaHC6QKzb5N84iRCTDeRO7ZALpir/lVmf/uXUhnwUr2O4HU8s/n6x+yNjQkHw==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">= 14.17" + } + }, "node_modules/format": { "version": "0.2.2", "resolved": "https://registry.npmjs.org/format/-/format-0.2.2.tgz", @@ -16149,30 +16466,44 @@ } }, "node_modules/got": { - "version": "11.8.6", - "resolved": "https://registry.npmjs.org/got/-/got-11.8.6.tgz", - "integrity": "sha512-6tfZ91bOr7bOXnK7PRDCGBLa1H4U080YHNaAQ2KsMGlLEzRbk44nsZF2E1IeRc3vtJHPVbKCYgdFbaGO2ljd8g==", + "version": "13.0.0", + "resolved": "https://registry.npmjs.org/got/-/got-13.0.0.tgz", + "integrity": "sha512-XfBk1CxOOScDcMr9O1yKkNaQyy865NbYs+F7dr4H0LZMVgCj2Le59k6PqbNHoL5ToeaEQUYh6c6yMfVcc6SJxA==", "dev": true, + "license": "MIT", "dependencies": { - "@sindresorhus/is": "^4.0.0", - "@szmarczak/http-timer": "^4.0.5", - "@types/cacheable-request": "^6.0.1", - "@types/responselike": "^1.0.0", - "cacheable-lookup": "^5.0.3", - "cacheable-request": "^7.0.2", + "@sindresorhus/is": "^5.2.0", + "@szmarczak/http-timer": "^5.0.1", + "cacheable-lookup": "^7.0.0", + "cacheable-request": "^10.2.8", "decompress-response": "^6.0.0", - "http2-wrapper": "^1.0.0-beta.5.2", - "lowercase-keys": "^2.0.0", - "p-cancelable": "^2.0.0", - "responselike": "^2.0.0" + "form-data-encoder": "^2.1.2", + "get-stream": "^6.0.1", + "http2-wrapper": "^2.1.10", + "lowercase-keys": "^3.0.0", + "p-cancelable": "^3.0.0", + "responselike": "^3.0.0" }, "engines": { - "node": ">=10.19.0" + "node": ">=16" }, "funding": { "url": "https://github.com/sindresorhus/got?sponsor=1" } }, + "node_modules/got/node_modules/get-stream": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-6.0.1.tgz", + "integrity": "sha512-ts6Wi+2j3jQjqi70w5AlN8DFnkSwC+MqmxEzdEALB2qXZYV3X/b1CTfgPLGJNMeAWxdPfU8FO1ms3NUfaHCPYg==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, "node_modules/graceful-fs": { "version": "4.2.11", "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz", @@ -16651,10 +16982,11 @@ } }, "node_modules/http-cache-semantics": { - "version": "4.1.1", - "resolved": "https://registry.npmjs.org/http-cache-semantics/-/http-cache-semantics-4.1.1.tgz", - "integrity": "sha512-er295DKPVsV82j5kw1Gjt+ADA/XYHsajl82cGNQG2eyoPkvgUhX+nDIyelzhIWbbsXP39EHcI6l5tYs2FYqYXQ==", - "dev": true + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/http-cache-semantics/-/http-cache-semantics-4.2.0.tgz", + "integrity": "sha512-dTxcvPXqPvXBQpq5dUr6mEMJX4oIEFv6bwom3FDwKRDsuIjjJGANqhBuoAn9c1RQJIdAKav33ED65E2ys+87QQ==", + "dev": true, + "license": "BSD-2-Clause" }, "node_modules/http-errors": { "version": "1.8.1", @@ -16697,13 +17029,14 @@ } }, "node_modules/http2-wrapper": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/http2-wrapper/-/http2-wrapper-1.0.3.tgz", - "integrity": "sha512-V+23sDMr12Wnz7iTcDeJr3O6AIxlnvT/bmaAAAP/Xda35C90p9599p0F1eHR/N1KILWSoWVAiOMFjBBXaXSMxg==", + "version": "2.2.1", + "resolved": "https://registry.npmjs.org/http2-wrapper/-/http2-wrapper-2.2.1.tgz", + "integrity": "sha512-V5nVw1PAOgfI3Lmeaj2Exmeg7fenjhRUgz1lPSezy1CuhPYbgQtbQj4jZfEAEMlaL+vupsvhjqCyjzob0yxsmQ==", "dev": true, + "license": "MIT", "dependencies": { "quick-lru": "^5.1.1", - "resolve-alpn": "^1.0.0" + "resolve-alpn": "^1.2.0" }, "engines": { "node": ">=10.19.0" @@ -16886,6 +17219,16 @@ "node": ">=18" } }, + "node_modules/inspect-with-kind": { + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/inspect-with-kind/-/inspect-with-kind-1.0.5.tgz", + "integrity": "sha512-MAQUJuIo7Xqk8EVNP+6d3CKq9c80hi4tjIbIAT6lmGW9W6WzlHiu9PS8uSuUYU+Do+j1baiFp3H25XEVxDIG2g==", + "dev": true, + "license": "ISC", + "dependencies": { + "kind-of": "^6.0.2" + } + }, "node_modules/internal-ip": { "version": "6.2.0", "resolved": "https://registry.npmjs.org/internal-ip/-/internal-ip-6.2.0.tgz", @@ -18500,6 +18843,16 @@ "resolved": "https://registry.npmjs.org/khroma/-/khroma-2.1.0.tgz", "integrity": "sha512-Ls993zuzfayK269Svk9hzpeGUKob/sIgZzyHYdjQoAdQetRKpOLj+k/QQQ/6Qi0Yz65mlROrfd+Ev+1+7dz9Kw==" }, + "node_modules/kind-of": { + "version": "6.0.3", + "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-6.0.3.tgz", + "integrity": "sha512-dcS1ul+9tmeD95T+x28/ehLgd9mENa3LsvDTtzm3vyBEO7RPptvAD+t44WVXaUjTBRcrpFeFlC8WCruUR456hw==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, "node_modules/kleur": { "version": "4.1.5", "resolved": "https://registry.npmjs.org/kleur/-/kleur-4.1.5.tgz", @@ -18842,6 +19195,16 @@ "dev": true, "license": "MIT" }, + "node_modules/linkify-it": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/linkify-it/-/linkify-it-5.0.0.tgz", + "integrity": "sha512-5aHCbzQRADcdP+ATqnDuhhJ/MRIqDkZX5pyjFHRRysS8vZ5AbqGEoFIb6pYHPZ+L/OC2Lc+xT8uHVVR5CAK/wQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "uc.micro": "^2.0.0" + } + }, "node_modules/lit": { "version": "3.3.0", "resolved": "https://registry.npmjs.org/lit/-/lit-3.3.0.tgz", @@ -19203,12 +19566,16 @@ "license": "MIT" }, "node_modules/lowercase-keys": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/lowercase-keys/-/lowercase-keys-2.0.0.tgz", - "integrity": "sha512-tqNXrS78oMOE73NMxK4EMLQsQowWf8jKooH9g7xPavRT706R6bkQJ6DY2Te7QukaZsulxa30wQ7bk0pm4XiHmA==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/lowercase-keys/-/lowercase-keys-3.0.0.tgz", + "integrity": "sha512-ozCC6gdQ+glXOQsveKD0YsDy8DSQFjDTz4zyzEHNV5+JP5D62LmfDZ6o1cycFx9ouG940M5dE8C8CTewdj2YWQ==", "dev": true, + "license": "MIT", "engines": { - "node": ">=8" + "node": "^12.20.0 || ^14.13.1 || >=16.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" } }, "node_modules/lowlight": { @@ -19236,6 +19603,13 @@ "node": ">=16.14" } }, + "node_modules/lunr": { + "version": "2.3.9", + "resolved": "https://registry.npmjs.org/lunr/-/lunr-2.3.9.tgz", + "integrity": "sha512-zTU3DaZaF3Rt9rhN3uBMGQD3dD2/vFQqnvZCDv4dl5iOzq2IZQqTxu90r4E5J+nP70J3ilqVCrbho2eWaeW8Ow==", + "dev": true, + "license": "MIT" + }, "node_modules/lz-string": { "version": "1.5.0", "resolved": "https://registry.npmjs.org/lz-string/-/lz-string-1.5.0.tgz", @@ -19290,6 +19664,24 @@ "url": "https://github.com/sponsors/sindresorhus" } }, + "node_modules/markdown-it": { + "version": "14.1.0", + "resolved": "https://registry.npmjs.org/markdown-it/-/markdown-it-14.1.0.tgz", + "integrity": "sha512-a54IwgWPaeBCAAsv13YgmALOF1elABB08FxO9i+r4VFk5Vl4pKokRPeX8u5TCgSsPi6ec1otfLjdOpVcgbpshg==", + "dev": true, + "license": "MIT", + "dependencies": { + "argparse": "^2.0.1", + "entities": "^4.4.0", + "linkify-it": "^5.0.0", + "mdurl": "^2.0.0", + "punycode.js": "^2.3.1", + "uc.micro": "^2.1.0" + }, + "bin": { + "markdown-it": "bin/markdown-it.mjs" + } + }, "node_modules/markdown-table": { "version": "3.0.4", "resolved": "https://registry.npmjs.org/markdown-table/-/markdown-table-3.0.4.tgz", @@ -19686,6 +20078,13 @@ "url": "https://opencollective.com/unified" } }, + "node_modules/mdurl": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/mdurl/-/mdurl-2.0.0.tgz", + "integrity": "sha512-Lf+9+2r+Tdp5wXDXC4PcIBjTDtq4UKjCPMQhKIuzpJNW0b96kVqSwW0bT7FhRSfmAiFYgP+SCRvdrDozfh0U5w==", + "dev": true, + "license": "MIT" + }, "node_modules/media-typer": { "version": "0.3.0", "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz", @@ -20605,12 +21004,13 @@ } }, "node_modules/mimic-response": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/mimic-response/-/mimic-response-3.1.0.tgz", - "integrity": "sha512-z0yWI+4FDrrweS8Zmt4Ej5HdJmky15+L2e6Wgn3+iK5fWzb6T3fhNFq2+MeTRb064c6Wr4N/wv0DzQTjNzHNGQ==", + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/mimic-response/-/mimic-response-4.0.0.tgz", + "integrity": "sha512-e5ISH9xMYU0DzrT+jl8q2ze9D6eWBto+I8CNpe+VI+K2J/F/k3PdkdTdz4wvGVH4NTpo+NRYTVIuMQEMMcsLqg==", "dev": true, + "license": "MIT", "engines": { - "node": ">=10" + "node": "^12.20.0 || ^14.13.1 || >=16.0.0" }, "funding": { "url": "https://github.com/sponsors/sindresorhus" @@ -21328,12 +21728,13 @@ } }, "node_modules/normalize-url": { - "version": "6.1.0", - "resolved": "https://registry.npmjs.org/normalize-url/-/normalize-url-6.1.0.tgz", - "integrity": "sha512-DlL+XwOy3NxAQ8xuC0okPgK46iuVNAK01YN7RueYBqqFeGsBjV9XmCAzAdgt+667bCl5kPh9EqKKDwnaPG1I7A==", + "version": "8.0.1", + "resolved": "https://registry.npmjs.org/normalize-url/-/normalize-url-8.0.1.tgz", + "integrity": "sha512-IO9QvjUMWxPQQhs60oOu10CRkWCiZzSUkzbXGGV9pviYl1fXYcvkzQ5jV9z8Y6un8ARoVRl4EtC6v6jNqbaJ/w==", "dev": true, + "license": "MIT", "engines": { - "node": ">=10" + "node": ">=14.16" }, "funding": { "url": "https://github.com/sponsors/sindresorhus" @@ -21893,18 +22294,6 @@ "node": ">= 0.8.0" } }, - "node_modules/os-filter-obj": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/os-filter-obj/-/os-filter-obj-2.0.0.tgz", - "integrity": "sha512-uksVLsqG3pVdzzPvmAHpBK0wKxYItuzZr7SziusRPoz67tGV8rL1szZ6IdeUrbqLjGDwApBtN29eEE3IqGHOjg==", - "dev": true, - "dependencies": { - "arch": "^2.1.0" - }, - "engines": { - "node": ">=4" - } - }, "node_modules/os-tmpdir": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/os-tmpdir/-/os-tmpdir-1.0.2.tgz", @@ -21958,12 +22347,13 @@ } }, "node_modules/p-cancelable": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/p-cancelable/-/p-cancelable-2.1.1.tgz", - "integrity": "sha512-BZOr3nRQHOntUjTrH8+Lh54smKHoHyur8We1V8DSMVrl5A2malOOwuJRnKRDjSnkoeBh4at6BwEnb5I7Jl31wg==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/p-cancelable/-/p-cancelable-3.0.0.tgz", + "integrity": "sha512-mlVgR3PGuzlo0MmTdk4cXqXWlwQDLnONTAg6sm62XkMJEiRxN3GL3SffkYvqwonbkJBcrI7Uvv5Zh9yjvn2iUw==", "dev": true, + "license": "MIT", "engines": { - "node": ">=8" + "node": ">=12.20" } }, "node_modules/p-event": { @@ -22777,12 +23167,6 @@ "node": ">=14" } }, - "node_modules/pseudomap": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/pseudomap/-/pseudomap-1.0.2.tgz", - "integrity": "sha512-b/YwNhb8lk1Zz2+bXXpS/LK9OisiZZ1SNsSLxN1x2OXVEhW2Ckr/7mWE5vrC1ZTiJlD9g19jWszTmJsB+oEpFQ==", - "dev": true - }, "node_modules/pump": { "version": "3.0.2", "resolved": "https://registry.npmjs.org/pump/-/pump-3.0.2.tgz", @@ -22803,6 +23187,16 @@ "node": ">=6" } }, + "node_modules/punycode.js": { + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/punycode.js/-/punycode.js-2.3.1.tgz", + "integrity": "sha512-uxFIHU0YlHYhDQtV4R9J6a52SLx28BCjT+4ieh7IGbgwVJWO+km431c4yRlREUAsAmt/uMjQUyQHNEPf0M39CA==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6" + } + }, "node_modules/puppeteer-core": { "version": "22.15.0", "resolved": "https://registry.npmjs.org/puppeteer-core/-/puppeteer-core-22.15.0.tgz", @@ -22922,6 +23316,7 @@ "resolved": "https://registry.npmjs.org/quick-lru/-/quick-lru-5.1.1.tgz", "integrity": "sha512-WuyALRjWPDGtt/wzJiadO5AXY+8hZ80hVpe6MyivgraREW751X3SbhRvG3eLKOYN+8VEvqLcf3wdnt44Z4S4SA==", "dev": true, + "license": "MIT", "engines": { "node": ">=10" }, @@ -23339,36 +23734,6 @@ "node": "^12.22.0 || ^14.17.0 || >=16.0.0" } }, - "node_modules/readable-web-to-node-stream": { - "version": "3.0.2", - "resolved": "https://registry.npmjs.org/readable-web-to-node-stream/-/readable-web-to-node-stream-3.0.2.tgz", - "integrity": "sha512-ePeK6cc1EcKLEhJFt/AebMCLL+GgSKhuygrZ/GLaKZYEecIgIECf4UaUuaByiGtzckwR4ain9VzUh95T1exYGw==", - "dev": true, - "dependencies": { - "readable-stream": "^3.6.0" - }, - "engines": { - "node": ">=8" - }, - "funding": { - "type": "github", - "url": "https://github.com/sponsors/Borewit" - } - }, - "node_modules/readable-web-to-node-stream/node_modules/readable-stream": { - "version": "3.6.2", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.2.tgz", - "integrity": "sha512-9u/sniCrY3D5WdsERHzHE4G2YCXqoG5FTHUiCC4SIbr6XcLZBY05ya9EKjYek9O5xOAwjGq+1JdGBAS7Q9ScoA==", - "dev": true, - "dependencies": { - "inherits": "^2.0.3", - "string_decoder": "^1.1.1", - "util-deprecate": "^1.0.1" - }, - "engines": { - "node": ">= 6" - } - }, "node_modules/readdir-glob": { "version": "1.1.3", "resolved": "https://registry.npmjs.org/readdir-glob/-/readdir-glob-1.1.3.tgz", @@ -23920,7 +24285,8 @@ "version": "1.2.1", "resolved": "https://registry.npmjs.org/resolve-alpn/-/resolve-alpn-1.2.1.tgz", "integrity": "sha512-0a1F4l73/ZFZOakJnQ3FvkJ2+gSTQWz/r2KE5OdDY0TxPm5h4GkqkWWfM47T7HsbnOtcJVEF4epCVy6u7Q3K+g==", - "dev": true + "dev": true, + "license": "MIT" }, "node_modules/resolve-from": { "version": "4.0.0", @@ -24006,12 +24372,16 @@ } }, "node_modules/responselike": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/responselike/-/responselike-2.0.1.tgz", - "integrity": "sha512-4gl03wn3hj1HP3yzgdI7d3lCkF95F21Pz4BPGvKHinyQzALR5CapwC8yIi0Rh58DEMQ/SguC03wFj2k0M/mHhw==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/responselike/-/responselike-3.0.0.tgz", + "integrity": "sha512-40yHxbNcl2+rzXvZuVkrYohathsSJlMTXKryG5y8uciHv1+xDLHQpgjG64JUO9nrEq2jGLH6IZ8BcZyw3wrweg==", "dev": true, + "license": "MIT", "dependencies": { - "lowercase-keys": "^2.0.0" + "lowercase-keys": "^3.0.0" + }, + "engines": { + "node": ">=14.16" }, "funding": { "url": "https://github.com/sponsors/sindresorhus" @@ -24431,6 +24801,30 @@ "dev": true, "optional": true }, + "node_modules/seek-bzip": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/seek-bzip/-/seek-bzip-2.0.0.tgz", + "integrity": "sha512-SMguiTnYrhpLdk3PwfzHeotrcwi8bNV4iemL9tx9poR/yeaMYwB9VzR1w7b57DuWpuqR8n6oZboi0hj3AxZxQg==", + "dev": true, + "license": "MIT", + "dependencies": { + "commander": "^6.0.0" + }, + "bin": { + "seek-bunzip": "bin/seek-bunzip", + "seek-table": "bin/seek-bzip-table" + } + }, + "node_modules/seek-bzip/node_modules/commander": { + "version": "6.2.1", + "resolved": "https://registry.npmjs.org/commander/-/commander-6.2.1.tgz", + "integrity": "sha512-U7VdrJFnJgo4xjrHpTzu0yrHPGImdsmD95ZlgYSEajAn2JKzDhDTPG9kBTefmObL2w/ngeZnilk+OV9CG3d7UA==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">= 6" + } + }, "node_modules/semver": { "version": "7.7.2", "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.2.tgz", @@ -24448,6 +24842,7 @@ "resolved": "https://registry.npmjs.org/semver-regex/-/semver-regex-4.0.5.tgz", "integrity": "sha512-hunMQrEy1T6Jr2uEVjrAIqjwWcQTgOAcIM52C8MY1EZSD3DDNft04XzvYKPqjED65bNVVko0YI38nYeEHCX3yw==", "dev": true, + "license": "MIT", "engines": { "node": ">=12" }, @@ -24460,6 +24855,7 @@ "resolved": "https://registry.npmjs.org/semver-truncate/-/semver-truncate-3.0.0.tgz", "integrity": "sha512-LJWA9kSvMolR51oDE6PN3kALBNaUdkxzAGcexw8gjMA8xr5zUqK0JiR3CgARSqanYF3Z1YHvsErb1KDgh+v7Rg==", "dev": true, + "license": "MIT", "dependencies": { "semver": "^7.3.5" }, @@ -24806,6 +25202,7 @@ "resolved": "https://registry.npmjs.org/sort-keys/-/sort-keys-1.1.2.tgz", "integrity": "sha512-vzn8aSqKgytVik0iwdBEi+zevbTYZogewTUM6dtpmGwEcdzbub/TX4bCzRhebDCRC3QzXgJsLRKB2V/Oof7HXg==", "dev": true, + "license": "MIT", "dependencies": { "is-plain-obj": "^1.0.0" }, @@ -24818,6 +25215,7 @@ "resolved": "https://registry.npmjs.org/sort-keys-length/-/sort-keys-length-1.0.1.tgz", "integrity": "sha512-GRbEOUqCxemTAk/b32F2xa8wDTs+Z1QHOkbhJDQTvv/6G3ZkbJ+frYWsTcc7cBB3Fu4wy4XlLCuNtJuMn7Gsvw==", "dev": true, + "license": "MIT", "dependencies": { "sort-keys": "^1.0.0" }, @@ -24830,6 +25228,7 @@ "resolved": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-1.1.0.tgz", "integrity": "sha512-yvkRyxmFKEOQ4pNXCmJG5AEQNlXJS5LaONXo5/cLdTZdWvsZ1ioJEonLGAosKlMWE8lwUy/bJzMjcw8az73+Fg==", "dev": true, + "license": "MIT", "engines": { "node": ">=0.10.0" } @@ -25340,11 +25739,23 @@ "node": ">=4" } }, - "node_modules/strip-eof": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/strip-eof/-/strip-eof-1.0.0.tgz", - "integrity": "sha512-7FCwGGmx8mD5xQd3RPUvnSpUXHM3BWuzjtpD4TXsfcZ9EL4azvVVUscFYwD9nx8Kh+uCBC00XBtAykoMHwTh8Q==", + "node_modules/strip-dirs": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/strip-dirs/-/strip-dirs-3.0.0.tgz", + "integrity": "sha512-I0sdgcFTfKQlUPZyAqPJmSG3HLO9rWDFnxonnIbskYNM3DwFOeTNB5KzVq3dA1GdRAc/25b5Y7UO2TQfKWw4aQ==", "dev": true, + "license": "ISC", + "dependencies": { + "inspect-with-kind": "^1.0.5", + "is-plain-obj": "^1.1.0" + } + }, + "node_modules/strip-dirs/node_modules/is-plain-obj": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-1.1.0.tgz", + "integrity": "sha512-yvkRyxmFKEOQ4pNXCmJG5AEQNlXJS5LaONXo5/cLdTZdWvsZ1ioJEonLGAosKlMWE8lwUy/bJzMjcw8az73+Fg==", + "dev": true, + "license": "MIT", "engines": { "node": ">=0.10.0" } @@ -25406,18 +25817,6 @@ "dev": true, "optional": true }, - "node_modules/strip-outer": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/strip-outer/-/strip-outer-2.0.0.tgz", - "integrity": "sha512-A21Xsm1XzUkK0qK1ZrytDUvqsQWict2Cykhvi0fBQntGG5JSprESasEyV1EZ/4CiR5WB5KjzLTrP/bO37B0wPg==", - "dev": true, - "engines": { - "node": "^12.20.0 || ^14.13.1 || >=16.0.0" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, "node_modules/strnum": { "version": "1.0.5", "resolved": "https://registry.npmjs.org/strnum/-/strnum-1.0.5.tgz", @@ -25425,13 +25824,14 @@ "dev": true }, "node_modules/strtok3": { - "version": "7.1.1", - "resolved": "https://registry.npmjs.org/strtok3/-/strtok3-7.1.1.tgz", - "integrity": "sha512-mKX8HA/cdBqMKUr0MMZAFssCkIGoZeSCMXgnt79yKxNFguMLVFgRe6wB+fsL0NmoHDbeyZXczy7vEPSoo3rkzg==", + "version": "9.1.1", + "resolved": "https://registry.npmjs.org/strtok3/-/strtok3-9.1.1.tgz", + "integrity": "sha512-FhwotcEqjr241ZbjFzjlIYg6c5/L/s4yBGWSMvJ9UoExiSqL+FnFA/CaeZx17WGaZMS/4SOZp8wH18jSS4R4lw==", "dev": true, + "license": "MIT", "dependencies": { "@tokenizer/token": "^0.3.0", - "peek-readable": "^5.1.3" + "peek-readable": "^5.3.1" }, "engines": { "node": ">=16" @@ -25568,9 +25968,9 @@ } }, "node_modules/tar-fs": { - "version": "3.0.8", - "resolved": "https://registry.npmjs.org/tar-fs/-/tar-fs-3.0.8.tgz", - "integrity": "sha512-ZoROL70jptorGAlgAYiLoBLItEKw/fUxg9BSYK/dF/GAGYFJOJJJMvjPAKDJraCXFwadD456FCuvLWgfhMsPwg==", + "version": "3.0.9", + "resolved": "https://registry.npmjs.org/tar-fs/-/tar-fs-3.0.9.tgz", + "integrity": "sha512-XF4w9Xp+ZQgifKakjZYmFdkLoSWd34VGKcsTCwlNWM7QG3ZbaxnTsaBwnjFZqHRf/rROxaR8rXnbtwdvaDI+lA==", "dev": true, "license": "MIT", "dependencies": { @@ -25706,9 +26106,7 @@ "version": "2.3.8", "resolved": "https://registry.npmjs.org/through/-/through-2.3.8.tgz", "integrity": "sha512-w89qg7PI8wAdvX60bMDP+bFoD5Dvhm9oLheFp5O4a2QF0cSBGsBX4qZmadPMvVqlLJBBci+WqGGOAPvcDeNSVg==", - "dev": true, - "optional": true, - "peer": true + "dev": true }, "node_modules/tiny-invariant": { "version": "1.3.3", @@ -25800,10 +26198,11 @@ } }, "node_modules/token-types": { - "version": "5.0.1", - "resolved": "https://registry.npmjs.org/token-types/-/token-types-5.0.1.tgz", - "integrity": "sha512-Y2fmSnZjQdDb9W4w4r1tswlMHylzWIeOKpx0aZH9BgGtACHhrk3OkT52AzwcuqTRBZtvvnTjDBh8eynMulu8Vg==", + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/token-types/-/token-types-6.0.0.tgz", + "integrity": "sha512-lbDrTLVsHhOMljPscd0yitpozq7Ga2M5Cvez5AjGg8GASBjtt6iERCAJ93yommPmz62fb45oFIXHEZ3u9bfJEA==", "dev": true, + "license": "MIT", "dependencies": { "@tokenizer/token": "^0.3.0", "ieee754": "^1.2.1" @@ -25902,30 +26301,6 @@ "url": "https://github.com/sponsors/wooorm" } }, - "node_modules/trim-repeated": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/trim-repeated/-/trim-repeated-2.0.0.tgz", - "integrity": "sha512-QUHBFTJGdOwmp0tbOG505xAgOp/YliZP/6UgafFXYZ26WT1bvQmSMJUvkeVSASuJJHbqsFbynTvkd5W8RBTipg==", - "dev": true, - "dependencies": { - "escape-string-regexp": "^5.0.0" - }, - "engines": { - "node": ">=12" - } - }, - "node_modules/trim-repeated/node_modules/escape-string-regexp": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-5.0.0.tgz", - "integrity": "sha512-/veY75JbMK4j1yjvuUxuVsiS/hr/4iHs9FTT6cgTexxdE0Ly/glccBAkloH/DofkjRbZU3bnoj38mOmhkZ0lHw==", - "dev": true, - "engines": { - "node": ">=12" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, "node_modules/trough": { "version": "2.2.0", "resolved": "https://registry.npmjs.org/trough/-/trough-2.2.0.tgz", @@ -26618,6 +26993,43 @@ "dev": true, "license": "MIT" }, + "node_modules/typedoc": { + "version": "0.28.5", + "resolved": "https://registry.npmjs.org/typedoc/-/typedoc-0.28.5.tgz", + "integrity": "sha512-5PzUddaA9FbaarUzIsEc4wNXCiO4Ot3bJNeMF2qKpYlTmM9TTaSHQ7162w756ERCkXER/+o2purRG6YOAv6EMA==", + "dev": true, + "license": "Apache-2.0", + "dependencies": { + "@gerrit0/mini-shiki": "^3.2.2", + "lunr": "^2.3.9", + "markdown-it": "^14.1.0", + "minimatch": "^9.0.5", + "yaml": "^2.7.1" + }, + "bin": { + "typedoc": "bin/typedoc" + }, + "engines": { + "node": ">= 18", + "pnpm": ">= 10" + }, + "peerDependencies": { + "typescript": "5.0.x || 5.1.x || 5.2.x || 5.3.x || 5.4.x || 5.5.x || 5.6.x || 5.7.x || 5.8.x" + } + }, + "node_modules/typedoc-plugin-markdown": { + "version": "4.6.3", + "resolved": "https://registry.npmjs.org/typedoc-plugin-markdown/-/typedoc-plugin-markdown-4.6.3.tgz", + "integrity": "sha512-86oODyM2zajXwLs4Wok2mwVEfCwCnp756QyhLGX2IfsdRYr1DXLCgJgnLndaMUjJD7FBhnLk2okbNE9PdLxYRw==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">= 18" + }, + "peerDependencies": { + "typedoc": "0.28.x" + } + }, "node_modules/types-ramda": { "version": "0.30.1", "resolved": "https://registry.npmjs.org/types-ramda/-/types-ramda-0.30.1.tgz", @@ -26642,15 +27054,15 @@ } }, "node_modules/typescript-eslint": { - "version": "8.32.1", - "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.32.1.tgz", - "integrity": "sha512-D7el+eaDHAmXvrZBy1zpzSNIRqnCOrkwTgZxTu3MUqRWk8k0q9m9Ho4+vPf7iHtgUfrK/o8IZaEApsxPlHTFCg==", + "version": "8.33.0", + "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.33.0.tgz", + "integrity": "sha512-5YmNhF24ylCsvdNW2oJwMzTbaeO4bg90KeGtMjUw0AGtHksgEPLRTUil+coHwCfiu4QjVJFnjp94DmU6zV7DhQ==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/eslint-plugin": "8.32.1", - "@typescript-eslint/parser": "8.32.1", - "@typescript-eslint/utils": "8.32.1" + "@typescript-eslint/eslint-plugin": "8.33.0", + "@typescript-eslint/parser": "8.33.0", + "@typescript-eslint/utils": "8.33.0" }, "engines": { "node": "^18.18.0 || ^20.9.0 || >=21.1.0" @@ -26674,11 +27086,31 @@ "node": ">=8" } }, + "node_modules/uc.micro": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/uc.micro/-/uc.micro-2.1.0.tgz", + "integrity": "sha512-ARDJmphmdvUk6Glw7y9DQ2bFkKBHwQHLi2lsaH6PPmz/Ka9sFOBsBluozhDltWmnv9u/cF6Rt87znRTPV+yp/A==", + "dev": true, + "license": "MIT" + }, "node_modules/ufo": { "version": "1.5.4", "resolved": "https://registry.npmjs.org/ufo/-/ufo-1.5.4.tgz", "integrity": "sha512-UsUk3byDzKd04EyoZ7U4DOlxQaD14JUKQl6/P7wiX4FNvUfm3XL246n9W5AmqwW5RSFJ27NAuM0iLscAOYUiGQ==" }, + "node_modules/uint8array-extras": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/uint8array-extras/-/uint8array-extras-1.4.0.tgz", + "integrity": "sha512-ZPtzy0hu4cZjv3z5NW9gfKnNLjoz4y6uv4HlelAjDK7sY/xOkKZv9xK/WQpcsBB3jEybChz9DPC2U/+cusjJVQ==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, "node_modules/unbox-primitive": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/unbox-primitive/-/unbox-primitive-1.1.0.tgz", @@ -26703,8 +27135,6 @@ "resolved": "https://registry.npmjs.org/unbzip2-stream/-/unbzip2-stream-1.4.3.tgz", "integrity": "sha512-mlExGW4w71ebDJviH16lQLtZS32VKqsSfk80GCfUlwT/4/hNRFsoscrF/c++9xinkMzECL1uL9DDwXqFWkruPg==", "dev": true, - "optional": true, - "peer": true, "dependencies": { "buffer": "^5.2.1", "through": "^2.3.8" @@ -26729,8 +27159,6 @@ "url": "https://feross.org/support" } ], - "optional": true, - "peer": true, "dependencies": { "base64-js": "^1.3.1", "ieee754": "^1.1.13" @@ -28937,16 +29365,18 @@ "@goauthentik/tsconfig": "^1.0.4", "@trivago/prettier-plugin-sort-imports": "^5.2.2", "@types/node": "^22.15.21", - "esbuild": "^0.25.4", + "esbuild": "^0.25.5", "prettier": "^3.5.3", "prettier-plugin-packagejson": "^2.5.14", + "typedoc": "^0.28.5", + "typedoc-plugin-markdown": "^4.6.3", "typescript": "^5.8.3" }, "engines": { "node": ">=22" }, "peerDependencies": { - "esbuild": "^0.25.4" + "esbuild": "^0.25.5" } }, "packages/esbuild-plugin-live-reload/node_modules/@types/node": { @@ -29000,14 +29430,13 @@ "@rollup/plugin-node-resolve": "^16.0.1", "@rollup/plugin-swc": "^0.4.0", "@swc/cli": "^0.7.7", - "@swc/core": "^1.11.29", + "@swc/core": "^1.7.28", "@trivago/prettier-plugin-sort-imports": "^5.2.2", "prettier": "^3.5.3", "rollup": "^4.41.1", "rollup-plugin-copy": "^3.5.0" }, "optionalDependencies": { - "@swc/core": "^1.11.29", "@swc/core-darwin-arm64": "^1.6.13", "@swc/core-darwin-x64": "^1.6.13", "@swc/core-linux-arm-gnueabihf": "^1.6.13", @@ -29116,40 +29545,6 @@ "resolved": "https://registry.npmjs.org/@goauthentik/api/-/api-2024.6.0-1720200294.tgz", "integrity": "sha512-qGpI+0BpsHWlO8waj89q+6SWjVVuRtYqdmpSIrKFsZt9GLNXCvIAvgS5JI1Sq2z1uWK/8kLNZKDocI/XagqMPQ==" }, - "packages/sfe/node_modules/@swc/cli": { - "version": "0.4.0", - "resolved": "https://registry.npmjs.org/@swc/cli/-/cli-0.4.0.tgz", - "integrity": "sha512-4JdVrPtF/4rCMXp6Q1h5I6YkYZrCCcqod7Wk97ZQq7K8vNGzJUryBv4eHCvqx5sJOJBrbYm9fcswe1B0TygNoA==", - "dev": true, - "dependencies": { - "@mole-inc/bin-wrapper": "^8.0.1", - "@swc/counter": "^0.1.3", - "commander": "^8.3.0", - "fast-glob": "^3.2.5", - "minimatch": "^9.0.3", - "piscina": "^4.3.0", - "semver": "^7.3.8", - "slash": "3.0.0", - "source-map": "^0.7.3" - }, - "bin": { - "spack": "bin/spack.js", - "swc": "bin/swc.js", - "swcx": "bin/swcx.js" - }, - "engines": { - "node": ">= 16.14.0" - }, - "peerDependencies": { - "@swc/core": "^1.2.66", - "chokidar": "^3.5.1" - }, - "peerDependenciesMeta": { - "chokidar": { - "optional": true - } - } - }, "packages/sfe/node_modules/@trivago/prettier-plugin-sort-imports": { "version": "4.3.0", "resolved": "https://registry.npmjs.org/@trivago/prettier-plugin-sort-imports/-/prettier-plugin-sort-imports-4.3.0.tgz", @@ -29174,46 +29569,6 @@ } } }, - "packages/sfe/node_modules/chokidar": { - "version": "3.6.0", - "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.6.0.tgz", - "integrity": "sha512-7VT13fmjotKpGipCW9JEQAusEPE+Ei8nl6/g4FBAmIm0GOOLMua9NDDo/DWp0ZAxCr3cPq5ZpBqmPAQgDda2Pw==", - "dev": true, - "optional": true, - "peer": true, - "dependencies": { - "anymatch": "~3.1.2", - "braces": "~3.0.2", - "glob-parent": "~5.1.2", - "is-binary-path": "~2.1.0", - "is-glob": "~4.0.1", - "normalize-path": "~3.0.0", - "readdirp": "~3.6.0" - }, - "engines": { - "node": ">= 8.10.0" - }, - "funding": { - "url": "https://paulmillr.com/funding/" - }, - "optionalDependencies": { - "fsevents": "~2.3.2" - } - }, - "packages/sfe/node_modules/glob-parent": { - "version": "5.1.2", - "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", - "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==", - "dev": true, - "optional": true, - "peer": true, - "dependencies": { - "is-glob": "^4.0.1" - }, - "engines": { - "node": ">= 6" - } - }, "packages/sfe/node_modules/globals": { "version": "11.12.0", "resolved": "https://registry.npmjs.org/globals/-/globals-11.12.0.tgz", @@ -29236,43 +29591,6 @@ "engines": { "node": ">=4" } - }, - "packages/sfe/node_modules/picomatch": { - "version": "2.3.1", - "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz", - "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==", - "dev": true, - "optional": true, - "peer": true, - "engines": { - "node": ">=8.6" - }, - "funding": { - "url": "https://github.com/sponsors/jonschlinkert" - } - }, - "packages/sfe/node_modules/readdirp": { - "version": "3.6.0", - "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz", - "integrity": "sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA==", - "dev": true, - "optional": true, - "peer": true, - "dependencies": { - "picomatch": "^2.2.1" - }, - "engines": { - "node": ">=8.10.0" - } - }, - "packages/sfe/node_modules/slash": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/slash/-/slash-3.0.0.tgz", - "integrity": "sha512-g9Q1haeby36OSStwb4ntCGGGaKsaVSjQ68fBxoQcutl5fS1vuY18H3wSt3jFyFtrkx+Kz0V1G85A4MyAdDMi2Q==", - "dev": true, - "engines": { - "node": ">=8" - } } } } diff --git a/web/package.json b/web/package.json index 47f8c52686..b586c0d040 100644 --- a/web/package.json +++ b/web/package.json @@ -93,7 +93,7 @@ "@floating-ui/dom": "^1.6.11", "@formatjs/intl-listformat": "^7.7.11", "@fortawesome/fontawesome-free": "^6.6.0", - "@goauthentik/api": "^2025.4.1-1747687715", + "@goauthentik/api": "^2025.4.1-1748622869", "@lit/context": "^1.1.2", "@lit/localize": "^0.12.2", "@lit/reactive-element": "^2.0.4", @@ -102,7 +102,7 @@ "@open-wc/lit-helpers": "^0.7.0", "@patternfly/elements": "^4.1.0", "@patternfly/patternfly": "^4.224.2", - "@sentry/browser": "^9.22.0", + "@sentry/browser": "^9.24.0", "@spotlightjs/spotlight": "^2.13.3", "@webcomponents/webcomponentsjs": "^2.8.0", "base64-js": "^1.5.1", @@ -111,7 +111,7 @@ "chartjs-adapter-date-fns": "^3.0.0", "codemirror": "^6.0.1", "construct-style-sheets-polyfill": "^3.1.0", - "core-js": "^3.38.1", + "core-js": "^3.42.0", "country-flag-icons": "^1.5.19", "date-fns": "^4.1.0", "deepmerge-ts": "^7.1.5", @@ -152,6 +152,7 @@ "@storybook/addon-essentials": "^8.6.14", "@storybook/addon-links": "^8.6.14", "@storybook/blocks": "^8.6.12", + "@storybook/channels": "^8.6.14", "@storybook/experimental-addon-test": "^8.6.14", "@storybook/manager-api": "^8.6.14", "@storybook/test": "^8.6.14", @@ -174,11 +175,11 @@ "@wdio/spec-reporter": "^9.1.2", "@web/test-runner": "^0.20.2", "chromedriver": "^136.0.3", - "esbuild": "^0.25.4", + "esbuild": "^0.25.5", "esbuild-plugin-copy": "^2.1.1", "esbuild-plugin-polyfill-node": "^0.3.0", "esbuild-plugins-node-modules-polyfill": "^1.7.0", - "eslint": "^9.11.1", + "eslint": "^9.28.0", "eslint-plugin-lit": "^2.1.1", "eslint-plugin-wc": "^3.0.1", "github-slugger": "^2.0.0", @@ -193,7 +194,7 @@ "storybook-addon-mock": "^5.0.0", "turnstile-types": "^1.2.3", "typescript": "^5.8.3", - "typescript-eslint": "^8.32.1", + "typescript-eslint": "^8.33.0", "vite-plugin-lit-css": "^2.0.0", "vite-tsconfig-paths": "^5.0.1", "wireit": "^0.14.12" diff --git a/web/packages/esbuild-plugin-live-reload/.github/README.md b/web/packages/esbuild-plugin-live-reload/.github/README.md new file mode 100644 index 0000000000..60986be03b --- /dev/null +++ b/web/packages/esbuild-plugin-live-reload/.github/README.md @@ -0,0 +1,59 @@ +_An ESBuild development plugin that watches for file changes and triggers automatic browser refreshes._ + +## Quick start + +```sh +npm install -D @goauthentik/esbuild-plugin-live-reload +# Or with Yarn: +yarn add -D @goauthentik/esbuild-plugin-live-reload +``` + +### 1. Configure ESBuild + +```js +import { liveReloadPlugin } from "@goauthentik/esbuild-plugin-live-reload"; +import esbuild from "esbuild"; + +const NodeEnvironment = process.env.NODE_ENV || "development"; + +/** + * @type {esbuild.BuildOptions} + */ +const buildOptions = { + // ... Your build options. + define: { + "process.env.NODE_ENV": JSON.stringify(NodeEnvironment), + }, + plugins: [ + /** @see {@link LiveReloadPluginOptions} */ + liveReloadPlugin(), + ], +}; + +const buildContext = await esbuild.context(buildOptions); + +await buildContext.rebuild(); +await buildContext.watch(); +``` + +### 2. Connect your browser + +Add the following import near the beginning of your application's entry point. + +```js +if (process.env.NODE_ENV === "development") { + await import("@goauthentik/esbuild-plugin-live-reload/client"); +} +``` + +That's it! Your browser will now automatically refresh whenever ESBuild finishes rebuilding your code. + +## About authentik + +[authentik](https://goauthentik.io) is an open source Identity Provider that unifies your identity needs into a single platform, replacing Okta, Active Directory, and Auth0. + +We built this plugin to streamline our development workflow, and we're sharing it with the community. If you have any questions, feature requests, or bug reports, please [open an issue](https://github.com/goauthentik/authentik/issues/new/choose). + +## License + +This code is licensed under the [MIT License](https://www.tldrlegal.com/license/mit-license) diff --git a/web/packages/esbuild-plugin-live-reload/.gitignore b/web/packages/esbuild-plugin-live-reload/.gitignore new file mode 100644 index 0000000000..31fa92798c --- /dev/null +++ b/web/packages/esbuild-plugin-live-reload/.gitignore @@ -0,0 +1,3 @@ +README.md +node_modules +_media diff --git a/web/packages/esbuild-plugin-live-reload/.prettierignore b/web/packages/esbuild-plugin-live-reload/.prettierignore new file mode 100644 index 0000000000..6b2900f74a --- /dev/null +++ b/web/packages/esbuild-plugin-live-reload/.prettierignore @@ -0,0 +1,3 @@ +node_modules +./README.md +out diff --git a/web/packages/esbuild-plugin-live-reload/LICENSE.txt b/web/packages/esbuild-plugin-live-reload/LICENSE.txt new file mode 100644 index 0000000000..33b9c1516e --- /dev/null +++ b/web/packages/esbuild-plugin-live-reload/LICENSE.txt @@ -0,0 +1,18 @@ +The MIT License (MIT) + +Copyright (c) 2025 Authentik Security, Inc. + +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and +associated documentation files (the "Software"), to deal in the Software without restriction, +including without limitation the rights to use, copy, modify, merge, publish, distribute, +sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all copies or substantial +portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT +NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES +OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/web/packages/esbuild-plugin-live-reload/README.md b/web/packages/esbuild-plugin-live-reload/README.md deleted file mode 100644 index 771ea33bbe..0000000000 --- a/web/packages/esbuild-plugin-live-reload/README.md +++ /dev/null @@ -1,40 +0,0 @@ -# `@goauthentik/esbuild-plugin-live-reload` - -_A plugin that enables live reloading of ESBuild during development._ - -## Usage - -### Node.js setup - -```js -import { liveReloadPlugin } from "@goauthentik/esbuild-plugin-live-reload"; -import esbuild from "esbuild"; - -const NodeEnvironment = process.env.NODE_ENV || "development"; - -/** - * @type {esbuild.BuildOptions} - */ -const buildOptions = { - // ... Your build options. - define: { - "process.env.NODE_ENV": JSON.stringify(NodeEnvironment), - }, - plugins: [liveReloadPlugin(/** @see {@link LiveReloadPluginOptions} */)], -}; - -const buildContext = await esbuild.context(buildOptions); - -await buildContext.rebuild(); -await buildContext.watch(); -``` - -### Browser setup - -```js -// Place this at the beginning of your application's entry point. - -if (process.env.NODE_ENV === "development") { - await import("@goauthentik/esbuild-plugin-live-reload/client"); -} -``` diff --git a/web/packages/esbuild-plugin-live-reload/client/ESBuildObserver.js b/web/packages/esbuild-plugin-live-reload/client/ESBuildObserver.js index 2f8ebe3ce2..a9ead8b6b4 100644 --- a/web/packages/esbuild-plugin-live-reload/client/ESBuildObserver.js +++ b/web/packages/esbuild-plugin-live-reload/client/ESBuildObserver.js @@ -28,6 +28,8 @@ const log = console.debug.bind(console, logPrefix); * ``` * * @implements {Disposable} + * @category Plugin + * runtime browser */ export class ESBuildObserver extends EventSource { /** diff --git a/web/packages/esbuild-plugin-live-reload/index.js b/web/packages/esbuild-plugin-live-reload/index.js index 9aef9c75db..c7b185bcbb 100644 --- a/web/packages/esbuild-plugin-live-reload/index.js +++ b/web/packages/esbuild-plugin-live-reload/index.js @@ -1,2 +1,6 @@ +/** + * @remarks Live reload plugin for ESBuild. + */ + export * from "./client/index.js"; export * from "./plugin/index.js"; diff --git a/web/packages/esbuild-plugin-live-reload/package-lock.json b/web/packages/esbuild-plugin-live-reload/package-lock.json index 8efefcf535..f2f8036201 100644 --- a/web/packages/esbuild-plugin-live-reload/package-lock.json +++ b/web/packages/esbuild-plugin-live-reload/package-lock.json @@ -19,6 +19,8 @@ "esbuild": "^0.25.4", "prettier": "^3.5.3", "prettier-plugin-packagejson": "^2.5.14", + "typedoc": "^0.28.5", + "typedoc-plugin-markdown": "^4.6.3", "typescript": "^5.8.3" }, "engines": { @@ -145,9 +147,9 @@ } }, "node_modules/@esbuild/aix-ppc64": { - "version": "0.25.4", - "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.25.4.tgz", - "integrity": "sha512-1VCICWypeQKhVbE9oW/sJaAmjLxhVqacdkvPLEjwlttjfwENRSClS8EjBz0KzRyFSCPDIkuXW34Je/vk7zdB7Q==", + "version": "0.25.5", + "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.25.5.tgz", + "integrity": "sha512-9o3TMmpmftaCMepOdA5k/yDw8SfInyzWWTjYTFCX3kPSDJMROQTb8jg+h9Cnwnmm1vOzvxN7gIfB5V2ewpjtGA==", "cpu": [ "ppc64" ], @@ -162,9 +164,9 @@ } }, "node_modules/@esbuild/android-arm": { - "version": "0.25.4", - "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.25.4.tgz", - "integrity": "sha512-QNdQEps7DfFwE3hXiU4BZeOV68HHzYwGd0Nthhd3uCkkEKK7/R6MTgM0P7H7FAs5pU/DIWsviMmEGxEoxIZ+ZQ==", + "version": "0.25.5", + "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.25.5.tgz", + "integrity": "sha512-AdJKSPeEHgi7/ZhuIPtcQKr5RQdo6OO2IL87JkianiMYMPbCtot9fxPbrMiBADOWWm3T2si9stAiVsGbTQFkbA==", "cpu": [ "arm" ], @@ -179,9 +181,9 @@ } }, "node_modules/@esbuild/android-arm64": { - "version": "0.25.4", - "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.25.4.tgz", - "integrity": "sha512-bBy69pgfhMGtCnwpC/x5QhfxAz/cBgQ9enbtwjf6V9lnPI/hMyT9iWpR1arm0l3kttTr4L0KSLpKmLp/ilKS9A==", + "version": "0.25.5", + "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.25.5.tgz", + "integrity": "sha512-VGzGhj4lJO+TVGV1v8ntCZWJktV7SGCs3Pn1GRWI1SBFtRALoomm8k5E9Pmwg3HOAal2VDc2F9+PM/rEY6oIDg==", "cpu": [ "arm64" ], @@ -196,9 +198,9 @@ } }, "node_modules/@esbuild/android-x64": { - "version": "0.25.4", - "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.25.4.tgz", - "integrity": "sha512-TVhdVtQIFuVpIIR282btcGC2oGQoSfZfmBdTip2anCaVYcqWlZXGcdcKIUklfX2wj0JklNYgz39OBqh2cqXvcQ==", + "version": "0.25.5", + "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.25.5.tgz", + "integrity": "sha512-D2GyJT1kjvO//drbRT3Hib9XPwQeWd9vZoBJn+bu/lVsOZ13cqNdDeqIF/xQ5/VmWvMduP6AmXvylO/PIc2isw==", "cpu": [ "x64" ], @@ -213,9 +215,9 @@ } }, "node_modules/@esbuild/darwin-arm64": { - "version": "0.25.4", - "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.25.4.tgz", - "integrity": "sha512-Y1giCfM4nlHDWEfSckMzeWNdQS31BQGs9/rouw6Ub91tkK79aIMTH3q9xHvzH8d0wDru5Ci0kWB8b3up/nl16g==", + "version": "0.25.5", + "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.25.5.tgz", + "integrity": "sha512-GtaBgammVvdF7aPIgH2jxMDdivezgFu6iKpmT+48+F8Hhg5J/sfnDieg0aeG/jfSvkYQU2/pceFPDKlqZzwnfQ==", "cpu": [ "arm64" ], @@ -230,9 +232,9 @@ } }, "node_modules/@esbuild/darwin-x64": { - "version": "0.25.4", - "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.25.4.tgz", - "integrity": "sha512-CJsry8ZGM5VFVeyUYB3cdKpd/H69PYez4eJh1W/t38vzutdjEjtP7hB6eLKBoOdxcAlCtEYHzQ/PJ/oU9I4u0A==", + "version": "0.25.5", + "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.25.5.tgz", + "integrity": "sha512-1iT4FVL0dJ76/q1wd7XDsXrSW+oLoquptvh4CLR4kITDtqi2e/xwXwdCVH8hVHU43wgJdsq7Gxuzcs6Iq/7bxQ==", "cpu": [ "x64" ], @@ -247,9 +249,9 @@ } }, "node_modules/@esbuild/freebsd-arm64": { - "version": "0.25.4", - "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.25.4.tgz", - "integrity": "sha512-yYq+39NlTRzU2XmoPW4l5Ifpl9fqSk0nAJYM/V/WUGPEFfek1epLHJIkTQM6bBs1swApjO5nWgvr843g6TjxuQ==", + "version": "0.25.5", + "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.25.5.tgz", + "integrity": "sha512-nk4tGP3JThz4La38Uy/gzyXtpkPW8zSAmoUhK9xKKXdBCzKODMc2adkB2+8om9BDYugz+uGV7sLmpTYzvmz6Sw==", "cpu": [ "arm64" ], @@ -264,9 +266,9 @@ } }, "node_modules/@esbuild/freebsd-x64": { - "version": "0.25.4", - "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.25.4.tgz", - "integrity": "sha512-0FgvOJ6UUMflsHSPLzdfDnnBBVoCDtBTVyn/MrWloUNvq/5SFmh13l3dvgRPkDihRxb77Y17MbqbCAa2strMQQ==", + "version": "0.25.5", + "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.25.5.tgz", + "integrity": "sha512-PrikaNjiXdR2laW6OIjlbeuCPrPaAl0IwPIaRv+SMV8CiM8i2LqVUHFC1+8eORgWyY7yhQY+2U2fA55mBzReaw==", "cpu": [ "x64" ], @@ -281,9 +283,9 @@ } }, "node_modules/@esbuild/linux-arm": { - "version": "0.25.4", - "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.25.4.tgz", - "integrity": "sha512-kro4c0P85GMfFYqW4TWOpvmF8rFShbWGnrLqlzp4X1TNWjRY3JMYUfDCtOxPKOIY8B0WC8HN51hGP4I4hz4AaQ==", + "version": "0.25.5", + "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.25.5.tgz", + "integrity": "sha512-cPzojwW2okgh7ZlRpcBEtsX7WBuqbLrNXqLU89GxWbNt6uIg78ET82qifUy3W6OVww6ZWobWub5oqZOVtwolfw==", "cpu": [ "arm" ], @@ -298,9 +300,9 @@ } }, "node_modules/@esbuild/linux-arm64": { - "version": "0.25.4", - "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.25.4.tgz", - "integrity": "sha512-+89UsQTfXdmjIvZS6nUnOOLoXnkUTB9hR5QAeLrQdzOSWZvNSAXAtcRDHWtqAUtAmv7ZM1WPOOeSxDzzzMogiQ==", + "version": "0.25.5", + "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.25.5.tgz", + "integrity": "sha512-Z9kfb1v6ZlGbWj8EJk9T6czVEjjq2ntSYLY2cw6pAZl4oKtfgQuS4HOq41M/BcoLPzrUbNd+R4BXFyH//nHxVg==", "cpu": [ "arm64" ], @@ -315,9 +317,9 @@ } }, "node_modules/@esbuild/linux-ia32": { - "version": "0.25.4", - "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.25.4.tgz", - "integrity": "sha512-yTEjoapy8UP3rv8dB0ip3AfMpRbyhSN3+hY8mo/i4QXFeDxmiYbEKp3ZRjBKcOP862Ua4b1PDfwlvbuwY7hIGQ==", + "version": "0.25.5", + "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.25.5.tgz", + "integrity": "sha512-sQ7l00M8bSv36GLV95BVAdhJ2QsIbCuCjh/uYrWiMQSUuV+LpXwIqhgJDcvMTj+VsQmqAHL2yYaasENvJ7CDKA==", "cpu": [ "ia32" ], @@ -332,9 +334,9 @@ } }, "node_modules/@esbuild/linux-loong64": { - "version": "0.25.4", - "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.25.4.tgz", - "integrity": "sha512-NeqqYkrcGzFwi6CGRGNMOjWGGSYOpqwCjS9fvaUlX5s3zwOtn1qwg1s2iE2svBe4Q/YOG1q6875lcAoQK/F4VA==", + "version": "0.25.5", + "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.25.5.tgz", + "integrity": "sha512-0ur7ae16hDUC4OL5iEnDb0tZHDxYmuQyhKhsPBV8f99f6Z9KQM02g33f93rNH5A30agMS46u2HP6qTdEt6Q1kg==", "cpu": [ "loong64" ], @@ -349,9 +351,9 @@ } }, "node_modules/@esbuild/linux-mips64el": { - "version": "0.25.4", - "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.25.4.tgz", - "integrity": "sha512-IcvTlF9dtLrfL/M8WgNI/qJYBENP3ekgsHbYUIzEzq5XJzzVEV/fXY9WFPfEEXmu3ck2qJP8LG/p3Q8f7Zc2Xg==", + "version": "0.25.5", + "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.25.5.tgz", + "integrity": "sha512-kB/66P1OsHO5zLz0i6X0RxlQ+3cu0mkxS3TKFvkb5lin6uwZ/ttOkP3Z8lfR9mJOBk14ZwZ9182SIIWFGNmqmg==", "cpu": [ "mips64el" ], @@ -366,9 +368,9 @@ } }, "node_modules/@esbuild/linux-ppc64": { - "version": "0.25.4", - "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.25.4.tgz", - "integrity": "sha512-HOy0aLTJTVtoTeGZh4HSXaO6M95qu4k5lJcH4gxv56iaycfz1S8GO/5Jh6X4Y1YiI0h7cRyLi+HixMR+88swag==", + "version": "0.25.5", + "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.25.5.tgz", + "integrity": "sha512-UZCmJ7r9X2fe2D6jBmkLBMQetXPXIsZjQJCjgwpVDz+YMcS6oFR27alkgGv3Oqkv07bxdvw7fyB71/olceJhkQ==", "cpu": [ "ppc64" ], @@ -383,9 +385,9 @@ } }, "node_modules/@esbuild/linux-riscv64": { - "version": "0.25.4", - "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.25.4.tgz", - "integrity": "sha512-i8JUDAufpz9jOzo4yIShCTcXzS07vEgWzyX3NH2G7LEFVgrLEhjwL3ajFE4fZI3I4ZgiM7JH3GQ7ReObROvSUA==", + "version": "0.25.5", + "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.25.5.tgz", + "integrity": "sha512-kTxwu4mLyeOlsVIFPfQo+fQJAV9mh24xL+y+Bm6ej067sYANjyEw1dNHmvoqxJUCMnkBdKpvOn0Ahql6+4VyeA==", "cpu": [ "riscv64" ], @@ -400,9 +402,9 @@ } }, "node_modules/@esbuild/linux-s390x": { - "version": "0.25.4", - "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.25.4.tgz", - "integrity": "sha512-jFnu+6UbLlzIjPQpWCNh5QtrcNfMLjgIavnwPQAfoGx4q17ocOU9MsQ2QVvFxwQoWpZT8DvTLooTvmOQXkO51g==", + "version": "0.25.5", + "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.25.5.tgz", + "integrity": "sha512-K2dSKTKfmdh78uJ3NcWFiqyRrimfdinS5ErLSn3vluHNeHVnBAFWC8a4X5N+7FgVE1EjXS1QDZbpqZBjfrqMTQ==", "cpu": [ "s390x" ], @@ -417,9 +419,9 @@ } }, "node_modules/@esbuild/linux-x64": { - "version": "0.25.4", - "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.25.4.tgz", - "integrity": "sha512-6e0cvXwzOnVWJHq+mskP8DNSrKBr1bULBvnFLpc1KY+d+irZSgZ02TGse5FsafKS5jg2e4pbvK6TPXaF/A6+CA==", + "version": "0.25.5", + "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.25.5.tgz", + "integrity": "sha512-uhj8N2obKTE6pSZ+aMUbqq+1nXxNjZIIjCjGLfsWvVpy7gKCOL6rsY1MhRh9zLtUtAI7vpgLMK6DxjO8Qm9lJw==", "cpu": [ "x64" ], @@ -434,9 +436,9 @@ } }, "node_modules/@esbuild/netbsd-arm64": { - "version": "0.25.4", - "resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.25.4.tgz", - "integrity": "sha512-vUnkBYxZW4hL/ie91hSqaSNjulOnYXE1VSLusnvHg2u3jewJBz3YzB9+oCw8DABeVqZGg94t9tyZFoHma8gWZQ==", + "version": "0.25.5", + "resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.25.5.tgz", + "integrity": "sha512-pwHtMP9viAy1oHPvgxtOv+OkduK5ugofNTVDilIzBLpoWAM16r7b/mxBvfpuQDpRQFMfuVr5aLcn4yveGvBZvw==", "cpu": [ "arm64" ], @@ -451,9 +453,9 @@ } }, "node_modules/@esbuild/netbsd-x64": { - "version": "0.25.4", - "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.25.4.tgz", - "integrity": "sha512-XAg8pIQn5CzhOB8odIcAm42QsOfa98SBeKUdo4xa8OvX8LbMZqEtgeWE9P/Wxt7MlG2QqvjGths+nq48TrUiKw==", + "version": "0.25.5", + "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.25.5.tgz", + "integrity": "sha512-WOb5fKrvVTRMfWFNCroYWWklbnXH0Q5rZppjq0vQIdlsQKuw6mdSihwSo4RV/YdQ5UCKKvBy7/0ZZYLBZKIbwQ==", "cpu": [ "x64" ], @@ -468,9 +470,9 @@ } }, "node_modules/@esbuild/openbsd-arm64": { - "version": "0.25.4", - "resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.25.4.tgz", - "integrity": "sha512-Ct2WcFEANlFDtp1nVAXSNBPDxyU+j7+tId//iHXU2f/lN5AmO4zLyhDcpR5Cz1r08mVxzt3Jpyt4PmXQ1O6+7A==", + "version": "0.25.5", + "resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.25.5.tgz", + "integrity": "sha512-7A208+uQKgTxHd0G0uqZO8UjK2R0DDb4fDmERtARjSHWxqMTye4Erz4zZafx7Di9Cv+lNHYuncAkiGFySoD+Mw==", "cpu": [ "arm64" ], @@ -485,9 +487,9 @@ } }, "node_modules/@esbuild/openbsd-x64": { - "version": "0.25.4", - "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.25.4.tgz", - "integrity": "sha512-xAGGhyOQ9Otm1Xu8NT1ifGLnA6M3sJxZ6ixylb+vIUVzvvd6GOALpwQrYrtlPouMqd/vSbgehz6HaVk4+7Afhw==", + "version": "0.25.5", + "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.25.5.tgz", + "integrity": "sha512-G4hE405ErTWraiZ8UiSoesH8DaCsMm0Cay4fsFWOOUcz8b8rC6uCvnagr+gnioEjWn0wC+o1/TAHt+It+MpIMg==", "cpu": [ "x64" ], @@ -502,9 +504,9 @@ } }, "node_modules/@esbuild/sunos-x64": { - "version": "0.25.4", - "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.25.4.tgz", - "integrity": "sha512-Mw+tzy4pp6wZEK0+Lwr76pWLjrtjmJyUB23tHKqEDP74R3q95luY/bXqXZeYl4NYlvwOqoRKlInQialgCKy67Q==", + "version": "0.25.5", + "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.25.5.tgz", + "integrity": "sha512-l+azKShMy7FxzY0Rj4RCt5VD/q8mG/e+mDivgspo+yL8zW7qEwctQ6YqKX34DTEleFAvCIUviCFX1SDZRSyMQA==", "cpu": [ "x64" ], @@ -519,9 +521,9 @@ } }, "node_modules/@esbuild/win32-arm64": { - "version": "0.25.4", - "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.25.4.tgz", - "integrity": "sha512-AVUP428VQTSddguz9dO9ngb+E5aScyg7nOeJDrF1HPYu555gmza3bDGMPhmVXL8svDSoqPCsCPjb265yG/kLKQ==", + "version": "0.25.5", + "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.25.5.tgz", + "integrity": "sha512-O2S7SNZzdcFG7eFKgvwUEZ2VG9D/sn/eIiz8XRZ1Q/DO5a3s76Xv0mdBzVM5j5R639lXQmPmSo0iRpHqUUrsxw==", "cpu": [ "arm64" ], @@ -536,9 +538,9 @@ } }, "node_modules/@esbuild/win32-ia32": { - "version": "0.25.4", - "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.25.4.tgz", - "integrity": "sha512-i1sW+1i+oWvQzSgfRcxxG2k4I9n3O9NRqy8U+uugaT2Dy7kLO9Y7wI72haOahxceMX8hZAzgGou1FhndRldxRg==", + "version": "0.25.5", + "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.25.5.tgz", + "integrity": "sha512-onOJ02pqs9h1iMJ1PQphR+VZv8qBMQ77Klcsqv9CNW2w6yLqoURLcgERAIurY6QE63bbLuqgP9ATqajFLK5AMQ==", "cpu": [ "ia32" ], @@ -553,9 +555,9 @@ } }, "node_modules/@esbuild/win32-x64": { - "version": "0.25.4", - "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.25.4.tgz", - "integrity": "sha512-nOT2vZNw6hJ+z43oP1SPea/G/6AbN6X+bGNhNuq8NtRHy4wsMhw765IKLNmnjek7GvjWBYQ8Q5VBoYTFg9y1UQ==", + "version": "0.25.5", + "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.25.5.tgz", + "integrity": "sha512-TXv6YnJ8ZMVdX+SXWVBo/0p8LTcrUYngpWjvm91TMjjBQii7Oz11Lw5lbDV5Y0TzuhSJHwiH4hEtC1I42mMS0g==", "cpu": [ "x64" ], @@ -569,6 +571,20 @@ "node": ">=18" } }, + "node_modules/@gerrit0/mini-shiki": { + "version": "3.4.2", + "resolved": "https://registry.npmjs.org/@gerrit0/mini-shiki/-/mini-shiki-3.4.2.tgz", + "integrity": "sha512-3jXo5bNjvvimvdbIhKGfFxSnKCX+MA8wzHv55ptzk/cx8wOzT+BRcYgj8aFN3yTiTs+zvQQiaZFr7Jce1ZG3fw==", + "dev": true, + "license": "MIT", + "dependencies": { + "@shikijs/engine-oniguruma": "^3.4.2", + "@shikijs/langs": "^3.4.2", + "@shikijs/themes": "^3.4.2", + "@shikijs/types": "^3.4.2", + "@shikijs/vscode-textmate": "^10.0.2" + } + }, "node_modules/@goauthentik/prettier-config": { "version": "1.0.5", "resolved": "https://registry.npmjs.org/@goauthentik/prettier-config/-/prettier-config-1.0.5.tgz", @@ -659,6 +675,55 @@ "url": "https://opencollective.com/pkgr" } }, + "node_modules/@shikijs/engine-oniguruma": { + "version": "3.4.2", + "resolved": "https://registry.npmjs.org/@shikijs/engine-oniguruma/-/engine-oniguruma-3.4.2.tgz", + "integrity": "sha512-zcZKMnNndgRa3ORja6Iemsr3DrLtkX3cAF7lTJkdMB6v9alhlBsX9uNiCpqofNrXOvpA3h6lHcLJxgCIhVOU5Q==", + "dev": true, + "license": "MIT", + "dependencies": { + "@shikijs/types": "3.4.2", + "@shikijs/vscode-textmate": "^10.0.2" + } + }, + "node_modules/@shikijs/langs": { + "version": "3.4.2", + "resolved": "https://registry.npmjs.org/@shikijs/langs/-/langs-3.4.2.tgz", + "integrity": "sha512-H6azIAM+OXD98yztIfs/KH5H4PU39t+SREhmM8LaNXyUrqj2mx+zVkr8MWYqjceSjDw9I1jawm1WdFqU806rMA==", + "dev": true, + "license": "MIT", + "dependencies": { + "@shikijs/types": "3.4.2" + } + }, + "node_modules/@shikijs/themes": { + "version": "3.4.2", + "resolved": "https://registry.npmjs.org/@shikijs/themes/-/themes-3.4.2.tgz", + "integrity": "sha512-qAEuAQh+brd8Jyej2UDDf+b4V2g1Rm8aBIdvt32XhDPrHvDkEnpb7Kzc9hSuHUxz0Iuflmq7elaDuQAP9bHIhg==", + "dev": true, + "license": "MIT", + "dependencies": { + "@shikijs/types": "3.4.2" + } + }, + "node_modules/@shikijs/types": { + "version": "3.4.2", + "resolved": "https://registry.npmjs.org/@shikijs/types/-/types-3.4.2.tgz", + "integrity": "sha512-zHC1l7L+eQlDXLnxvM9R91Efh2V4+rN3oMVS2swCBssbj2U/FBwybD1eeLaq8yl/iwT+zih8iUbTBCgGZOYlVg==", + "dev": true, + "license": "MIT", + "dependencies": { + "@shikijs/vscode-textmate": "^10.0.2", + "@types/hast": "^3.0.4" + } + }, + "node_modules/@shikijs/vscode-textmate": { + "version": "10.0.2", + "resolved": "https://registry.npmjs.org/@shikijs/vscode-textmate/-/vscode-textmate-10.0.2.tgz", + "integrity": "sha512-83yeghZ2xxin3Nj8z1NMd/NCuca+gsYXswywDy5bHvwlWL8tpTQmzGeUuHd9FC3E/SBEMvzJRwWEOz5gGes9Qg==", + "dev": true, + "license": "MIT" + }, "node_modules/@trivago/prettier-plugin-sort-imports": { "version": "5.2.2", "resolved": "https://registry.npmjs.org/@trivago/prettier-plugin-sort-imports/-/prettier-plugin-sort-imports-5.2.2.tgz", @@ -694,6 +759,16 @@ } } }, + "node_modules/@types/hast": { + "version": "3.0.4", + "resolved": "https://registry.npmjs.org/@types/hast/-/hast-3.0.4.tgz", + "integrity": "sha512-WPs+bbQw5aCj+x6laNGWLH3wviHtoCv/P3+otBhbOhJgG8qtpdAMlTCxLtsTWA7LH1Oh/bFCHsBn0TPS5m30EQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/unist": "*" + } + }, "node_modules/@types/node": { "version": "22.15.21", "resolved": "https://registry.npmjs.org/@types/node/-/node-22.15.21.tgz", @@ -704,6 +779,37 @@ "undici-types": "~6.21.0" } }, + "node_modules/@types/unist": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@types/unist/-/unist-3.0.3.tgz", + "integrity": "sha512-ko/gIFJRv177XgZsZcBwnqJN5x/Gien8qNOn0D5bQU/zAzVf9Zt3BlcUiLqhV9y4ARk0GbT3tnUiPNgnTXzc/Q==", + "dev": true, + "license": "MIT" + }, + "node_modules/argparse": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", + "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==", + "dev": true, + "license": "Python-2.0" + }, + "node_modules/balanced-match": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", + "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==", + "dev": true, + "license": "MIT" + }, + "node_modules/brace-expansion": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz", + "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==", + "dev": true, + "license": "MIT", + "dependencies": { + "balanced-match": "^1.0.0" + } + }, "node_modules/debug": { "version": "4.4.1", "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.1.tgz", @@ -745,10 +851,23 @@ "url": "https://github.com/sponsors/sindresorhus" } }, + "node_modules/entities": { + "version": "4.5.0", + "resolved": "https://registry.npmjs.org/entities/-/entities-4.5.0.tgz", + "integrity": "sha512-V0hjH4dGPh9Ao5p0MoRY6BVqtwCjhz6vI5LT8AJ55H+4g9/4vbHx1I54fS0XuclLhDHArPQCiMjDxjaL8fPxhw==", + "dev": true, + "license": "BSD-2-Clause", + "engines": { + "node": ">=0.12" + }, + "funding": { + "url": "https://github.com/fb55/entities?sponsor=1" + } + }, "node_modules/esbuild": { - "version": "0.25.4", - "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.25.4.tgz", - "integrity": "sha512-8pgjLUcUjcgDg+2Q4NYXnPbo/vncAY4UmyaCm0jZevERqCHZIaWwdJHkf8XQtu4AxSKCdvrUbT0XUr1IdZzI8Q==", + "version": "0.25.5", + "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.25.5.tgz", + "integrity": "sha512-P8OtKZRv/5J5hhz0cUAdu/cLuPIKXpQl1R9pZtvmHWQvrAUVd0UNIPT4IB4W3rNOqVO0rlqHmCIbSwxh/c9yUQ==", "dev": true, "hasInstallScript": true, "license": "MIT", @@ -759,31 +878,31 @@ "node": ">=18" }, "optionalDependencies": { - "@esbuild/aix-ppc64": "0.25.4", - "@esbuild/android-arm": "0.25.4", - "@esbuild/android-arm64": "0.25.4", - "@esbuild/android-x64": "0.25.4", - "@esbuild/darwin-arm64": "0.25.4", - "@esbuild/darwin-x64": "0.25.4", - "@esbuild/freebsd-arm64": "0.25.4", - "@esbuild/freebsd-x64": "0.25.4", - "@esbuild/linux-arm": "0.25.4", - "@esbuild/linux-arm64": "0.25.4", - "@esbuild/linux-ia32": "0.25.4", - "@esbuild/linux-loong64": "0.25.4", - "@esbuild/linux-mips64el": "0.25.4", - "@esbuild/linux-ppc64": "0.25.4", - "@esbuild/linux-riscv64": "0.25.4", - "@esbuild/linux-s390x": "0.25.4", - "@esbuild/linux-x64": "0.25.4", - "@esbuild/netbsd-arm64": "0.25.4", - "@esbuild/netbsd-x64": "0.25.4", - "@esbuild/openbsd-arm64": "0.25.4", - "@esbuild/openbsd-x64": "0.25.4", - "@esbuild/sunos-x64": "0.25.4", - "@esbuild/win32-arm64": "0.25.4", - "@esbuild/win32-ia32": "0.25.4", - "@esbuild/win32-x64": "0.25.4" + "@esbuild/aix-ppc64": "0.25.5", + "@esbuild/android-arm": "0.25.5", + "@esbuild/android-arm64": "0.25.5", + "@esbuild/android-x64": "0.25.5", + "@esbuild/darwin-arm64": "0.25.5", + "@esbuild/darwin-x64": "0.25.5", + "@esbuild/freebsd-arm64": "0.25.5", + "@esbuild/freebsd-x64": "0.25.5", + "@esbuild/linux-arm": "0.25.5", + "@esbuild/linux-arm64": "0.25.5", + "@esbuild/linux-ia32": "0.25.5", + "@esbuild/linux-loong64": "0.25.5", + "@esbuild/linux-mips64el": "0.25.5", + "@esbuild/linux-ppc64": "0.25.5", + "@esbuild/linux-riscv64": "0.25.5", + "@esbuild/linux-s390x": "0.25.5", + "@esbuild/linux-x64": "0.25.5", + "@esbuild/netbsd-arm64": "0.25.5", + "@esbuild/netbsd-x64": "0.25.5", + "@esbuild/openbsd-arm64": "0.25.5", + "@esbuild/openbsd-x64": "0.25.5", + "@esbuild/sunos-x64": "0.25.5", + "@esbuild/win32-arm64": "0.25.5", + "@esbuild/win32-ia32": "0.25.5", + "@esbuild/win32-x64": "0.25.5" } }, "node_modules/fdir": { @@ -865,6 +984,16 @@ "node": ">=6" } }, + "node_modules/linkify-it": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/linkify-it/-/linkify-it-5.0.0.tgz", + "integrity": "sha512-5aHCbzQRADcdP+ATqnDuhhJ/MRIqDkZX5pyjFHRRysS8vZ5AbqGEoFIb6pYHPZ+L/OC2Lc+xT8uHVVR5CAK/wQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "uc.micro": "^2.0.0" + } + }, "node_modules/lodash": { "version": "4.17.21", "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", @@ -872,6 +1001,54 @@ "dev": true, "license": "MIT" }, + "node_modules/lunr": { + "version": "2.3.9", + "resolved": "https://registry.npmjs.org/lunr/-/lunr-2.3.9.tgz", + "integrity": "sha512-zTU3DaZaF3Rt9rhN3uBMGQD3dD2/vFQqnvZCDv4dl5iOzq2IZQqTxu90r4E5J+nP70J3ilqVCrbho2eWaeW8Ow==", + "dev": true, + "license": "MIT" + }, + "node_modules/markdown-it": { + "version": "14.1.0", + "resolved": "https://registry.npmjs.org/markdown-it/-/markdown-it-14.1.0.tgz", + "integrity": "sha512-a54IwgWPaeBCAAsv13YgmALOF1elABB08FxO9i+r4VFk5Vl4pKokRPeX8u5TCgSsPi6ec1otfLjdOpVcgbpshg==", + "dev": true, + "license": "MIT", + "dependencies": { + "argparse": "^2.0.1", + "entities": "^4.4.0", + "linkify-it": "^5.0.0", + "mdurl": "^2.0.0", + "punycode.js": "^2.3.1", + "uc.micro": "^2.1.0" + }, + "bin": { + "markdown-it": "bin/markdown-it.mjs" + } + }, + "node_modules/mdurl": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/mdurl/-/mdurl-2.0.0.tgz", + "integrity": "sha512-Lf+9+2r+Tdp5wXDXC4PcIBjTDtq4UKjCPMQhKIuzpJNW0b96kVqSwW0bT7FhRSfmAiFYgP+SCRvdrDozfh0U5w==", + "dev": true, + "license": "MIT" + }, + "node_modules/minimatch": { + "version": "9.0.5", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.5.tgz", + "integrity": "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==", + "dev": true, + "license": "ISC", + "dependencies": { + "brace-expansion": "^2.0.1" + }, + "engines": { + "node": ">=16 || 14 >=14.17" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, "node_modules/ms": { "version": "2.1.3", "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", @@ -950,6 +1127,16 @@ } } }, + "node_modules/punycode.js": { + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/punycode.js/-/punycode.js-2.3.1.tgz", + "integrity": "sha512-uxFIHU0YlHYhDQtV4R9J6a52SLx28BCjT+4ieh7IGbgwVJWO+km431c4yRlREUAsAmt/uMjQUyQHNEPf0M39CA==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6" + } + }, "node_modules/semver": { "version": "7.7.2", "dev": true, @@ -1016,6 +1203,43 @@ "url": "https://github.com/sponsors/SuperchupuDev" } }, + "node_modules/typedoc": { + "version": "0.28.5", + "resolved": "https://registry.npmjs.org/typedoc/-/typedoc-0.28.5.tgz", + "integrity": "sha512-5PzUddaA9FbaarUzIsEc4wNXCiO4Ot3bJNeMF2qKpYlTmM9TTaSHQ7162w756ERCkXER/+o2purRG6YOAv6EMA==", + "dev": true, + "license": "Apache-2.0", + "dependencies": { + "@gerrit0/mini-shiki": "^3.2.2", + "lunr": "^2.3.9", + "markdown-it": "^14.1.0", + "minimatch": "^9.0.5", + "yaml": "^2.7.1" + }, + "bin": { + "typedoc": "bin/typedoc" + }, + "engines": { + "node": ">= 18", + "pnpm": ">= 10" + }, + "peerDependencies": { + "typescript": "5.0.x || 5.1.x || 5.2.x || 5.3.x || 5.4.x || 5.5.x || 5.6.x || 5.7.x || 5.8.x" + } + }, + "node_modules/typedoc-plugin-markdown": { + "version": "4.6.3", + "resolved": "https://registry.npmjs.org/typedoc-plugin-markdown/-/typedoc-plugin-markdown-4.6.3.tgz", + "integrity": "sha512-86oODyM2zajXwLs4Wok2mwVEfCwCnp756QyhLGX2IfsdRYr1DXLCgJgnLndaMUjJD7FBhnLk2okbNE9PdLxYRw==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">= 18" + }, + "peerDependencies": { + "typedoc": "0.28.x" + } + }, "node_modules/typescript": { "version": "5.8.3", "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.8.3.tgz", @@ -1030,10 +1254,30 @@ "node": ">=14.17" } }, + "node_modules/uc.micro": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/uc.micro/-/uc.micro-2.1.0.tgz", + "integrity": "sha512-ARDJmphmdvUk6Glw7y9DQ2bFkKBHwQHLi2lsaH6PPmz/Ka9sFOBsBluozhDltWmnv9u/cF6Rt87znRTPV+yp/A==", + "dev": true, + "license": "MIT" + }, "node_modules/undici-types": { "version": "6.21.0", "dev": true, "license": "MIT" + }, + "node_modules/yaml": { + "version": "2.8.0", + "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.8.0.tgz", + "integrity": "sha512-4lLa/EcQCB0cJkyts+FpIRx5G/llPxfP6VQU5KByHEhLxY3IJCH0f0Hy1MHI8sClTvsIb8qwRJ6R/ZdlDJ/leQ==", + "dev": true, + "license": "ISC", + "bin": { + "yaml": "bin.mjs" + }, + "engines": { + "node": ">= 14.6" + } } } } diff --git a/web/packages/esbuild-plugin-live-reload/package.json b/web/packages/esbuild-plugin-live-reload/package.json index ecada0e8ff..4a8205f9c2 100644 --- a/web/packages/esbuild-plugin-live-reload/package.json +++ b/web/packages/esbuild-plugin-live-reload/package.json @@ -1,10 +1,14 @@ { "name": "@goauthentik/esbuild-plugin-live-reload", "version": "1.0.5", - "description": "ESBuild plugin to watch for file changes and trigger client-side reloads.", + "description": "ESBuild + browser refresh. Build completes, page reloads.", "license": "MIT", "scripts": { - "build": "tsc -p ." + "build": "npm run build:types && npm run build:docs", + "build:docs": "typedoc", + "build:types": "tsc -p .", + "prettier": "prettier --cache --write -u .", + "prettier-check": "prettier --cache --check -u ." }, "main": "index.js", "type": "module", @@ -31,17 +35,32 @@ "@goauthentik/tsconfig": "^1.0.4", "@trivago/prettier-plugin-sort-imports": "^5.2.2", "@types/node": "^22.15.21", - "esbuild": "^0.25.4", + "esbuild": "^0.25.5", "prettier": "^3.5.3", "prettier-plugin-packagejson": "^2.5.14", + "typedoc": "^0.28.5", + "typedoc-plugin-markdown": "^4.6.3", "typescript": "^5.8.3" }, "peerDependencies": { - "esbuild": "^0.25.4" + "esbuild": "^0.25.5" }, "engines": { "node": ">=22" }, + "keywords": [ + "esbuild", + "live-reload", + "browser", + "refresh", + "reload", + "authentik" + ], + "repository": { + "type": "git", + "url": "git+https://github.com/goauthentik/authentik.git", + "directory": "web/packages/esbuild-plugin-live-reload" + }, "types": "./out/index.d.ts", "files": [ "./index.js", diff --git a/web/packages/esbuild-plugin-live-reload/plugin/index.js b/web/packages/esbuild-plugin-live-reload/plugin/index.js index 6141b01ae1..5a48afa836 100644 --- a/web/packages/esbuild-plugin-live-reload/plugin/index.js +++ b/web/packages/esbuild-plugin-live-reload/plugin/index.js @@ -7,12 +7,18 @@ */ import { findFreePorts } from "find-free-ports"; import * as http from "node:http"; -import * as path from "node:path"; +import { resolve as resolvePath } from "node:path"; /** * Serializes a custom event to a text stream. + * * @param {Event} event * @returns {string} + * + * @category Server API + * @ignore + * @internal + * @runtime node */ export function serializeCustomEventToStream(event) { // @ts-expect-error - TS doesn't know about the detail property @@ -54,17 +60,26 @@ async function findDisparatePort() { * @property {string} pathname * @property {EventTarget} dispatcher * @property {string} [logPrefix] + * + * @category Server API + * @runtime node */ /** * @typedef {(req: http.IncomingMessage, res: http.ServerResponse) => void} RequestHandler + * + * @category Server API + * @runtime node */ /** * Create an event request handler. + * * @param {EventServerInit} options * @returns {RequestHandler} - * @category ESBuild + * + * @category Server API + * @runtime node */ export function createRequestHandler({ pathname, dispatcher, logPrefix = "Build Observer" }) { const log = console.log.bind(console, `[${logPrefix}]`); @@ -129,6 +144,9 @@ export function createRequestHandler({ pathname, dispatcher, logPrefix = "Build /** * Options for the build observer plugin. * + * @category Plugin API + * @runtime node + * * @typedef {object} LiveReloadPluginOptions * * @property {HTTPServer | HTTPSServer} [server] A server to listen on. If not provided, a new server will be created. @@ -141,8 +159,7 @@ export function createRequestHandler({ pathname, dispatcher, logPrefix = "Build /** * Creates a plugin that listens for build events and sends them to a server-sent event stream. * - * @param { - * } [options] + * @param {LiveReloadPluginOptions} [options] * @returns {import('esbuild').Plugin} */ export function liveReloadPlugin(options = {}) { @@ -234,7 +251,7 @@ export function liveReloadPlugin(options = {}) { location: error.location ? { ...error.location, - file: path.resolve(relativeRoot, error.location.file), + file: resolvePath(relativeRoot, error.location.file), } : null, })), diff --git a/web/packages/esbuild-plugin-live-reload/tsconfig.json b/web/packages/esbuild-plugin-live-reload/tsconfig.json index a3d5376967..e3f6b7dfe7 100644 --- a/web/packages/esbuild-plugin-live-reload/tsconfig.json +++ b/web/packages/esbuild-plugin-live-reload/tsconfig.json @@ -6,5 +6,9 @@ "baseUrl": ".", "checkJs": true, "emitDeclarationOnly": true - } + }, + "exclude": [ + // --- + "**/out/**/*" + ] } diff --git a/web/packages/esbuild-plugin-live-reload/typedoc.json b/web/packages/esbuild-plugin-live-reload/typedoc.json new file mode 100644 index 0000000000..4112c2f133 --- /dev/null +++ b/web/packages/esbuild-plugin-live-reload/typedoc.json @@ -0,0 +1,66 @@ +{ + "$schema": "https://typedoc-plugin-markdown.org/schema.json", + "entryPoints": ["./plugin/index.js"], + "plugin": ["typedoc-plugin-markdown"], + "name": "ESBuild Plugin Live Reload", + "formatWithPrettier": true, + "prettierConfigFile": "@goauthentik/prettier-config", + "flattenOutputFiles": true, + "readme": ".github/README.md", + "mergeReadme": true, + "enumMembersFormat": "table", + "parametersFormat": "table", + "interfacePropertiesFormat": "table", + "typeDeclarationFormat": "table", + "indexFormat": "table", + "router": "module", + "jsDocCompatibility": true, + "defaultCategory": "Plugin API", + "disableSources": true, + "out": ".", + "cleanOutputDir": false, + "blockTags": [ + "@runtime", + "@file", + "@defaultValue", + "@deprecated", + "@example", + "@param", + "@privateRemarks", + "@remarks", + "@returns", + "@see", + "@throws", + "@typeParam", + "@author", + "@callback", + "@category", + "@categoryDescription", + "@default", + "@document", + "@extends", + "@augments", + "@yields", + "@group", + "@groupDescription", + "@import", + "@inheritDoc", + "@jsx", + "@license", + "@module", + "@mergeModuleWith", + "@prop", + "@property", + "@return", + "@satisfies", + "@since", + "@template", + "@type", + "@typedef", + "@summary", + "@preventInline", + "@inlineType", + "@preventExpand", + "@expandType" + ] +} diff --git a/web/packages/sfe/package.json b/web/packages/sfe/package.json index 6e772c814c..c1602e7e04 100644 --- a/web/packages/sfe/package.json +++ b/web/packages/sfe/package.json @@ -30,7 +30,6 @@ "rollup-plugin-copy": "^3.5.0" }, "optionalDependencies": { - "@swc/core": "^1.7.28", "@swc/core-darwin-arm64": "^1.6.13", "@swc/core-darwin-x64": "^1.6.13", "@swc/core-linux-arm-gnueabihf": "^1.6.13", diff --git a/web/scripts/build-web.mjs b/web/scripts/build-web.mjs index 2a768709f0..1f658bd6bd 100644 --- a/web/scripts/build-web.mjs +++ b/web/scripts/build-web.mjs @@ -6,7 +6,6 @@ */ import { mdxPlugin } from "#bundler/mdx-plugin/node"; import { createBundleDefinitions } from "#bundler/utils/node"; -import { DistDirectoryName } from "#paths"; import { DistDirectory, EntryPoint, PackageRoot } from "#paths/node"; import { NodeEnvironment } from "@goauthentik/core/environment/node"; import { MonoRepoRoot, resolvePackage } from "@goauthentik/core/paths/node"; @@ -29,7 +28,6 @@ const BASE_ESBUILD_OPTIONS = { entryNames: `[dir]/[name]-${readBuildIdentifier()}`, chunkNames: "[dir]/chunks/[hash]", assetNames: "assets/[dir]/[name]-[hash]", - publicPath: path.join("/static", DistDirectoryName), outdir: DistDirectory, bundle: true, write: true, diff --git a/web/src/admin/admin-overview/AdminOverviewPage.ts b/web/src/admin/admin-overview/AdminOverviewPage.ts index bb114d1aef..910e7d7208 100644 --- a/web/src/admin/admin-overview/AdminOverviewPage.ts +++ b/web/src/admin/admin-overview/AdminOverviewPage.ts @@ -85,8 +85,8 @@ export class AdminOverviewPage extends AdminOverviewBase { render(): TemplateResult { const username = this.user?.user.name || this.user?.user.username; - return html` diff --git a/web/src/admin/brands/Certificates.ts b/web/src/admin/brands/Certificates.ts index cf0bc1e973..496d37463d 100644 --- a/web/src/admin/brands/Certificates.ts +++ b/web/src/admin/brands/Certificates.ts @@ -1,26 +1,38 @@ -import { DEFAULT_CONFIG } from "@goauthentik/common/api/config"; +import { DEFAULT_CONFIG } from "#common/api/config"; +import { + DataProvision, + DualSelectPair, + DualSelectPairSource, +} from "#elements/ak-dual-select/types"; import { CertificateKeyPair, CryptoApi } from "@goauthentik/api"; -const certToSelect = (s: CertificateKeyPair) => [s.pk, s.name, s.name, s]; +const certToSelect = (cert: CertificateKeyPair): DualSelectPair => { + return [cert.pk, cert.name, cert.name, cert]; +}; -export async function certificateProvider(page = 1, search = "") { - const certificates = await new CryptoApi(DEFAULT_CONFIG).cryptoCertificatekeypairsList({ - ordering: "name", - pageSize: 20, - search: search.trim(), - page, - hasKey: undefined, - }); - return { - pagination: certificates.pagination, - options: certificates.results.map(certToSelect), - }; +export async function certificateProvider(page = 1, search = ""): Promise { + return new CryptoApi(DEFAULT_CONFIG) + .cryptoCertificatekeypairsList({ + ordering: "name", + pageSize: 20, + search: search.trim(), + page, + hasKey: undefined, + }) + .then(({ pagination, results }) => { + return { + pagination, + options: results.map(certToSelect), + }; + }); } -export function certificateSelector(instanceMappings?: string[]) { +export function certificateSelector( + instanceMappings?: string[], +): DualSelectPairSource { if (!instanceMappings) { - return []; + return () => Promise.resolve([]); } return async () => { diff --git a/web/src/admin/common/ak-license-notice.ts b/web/src/admin/common/ak-license-notice.ts index 2fbc15710a..81829be442 100644 --- a/web/src/admin/common/ak-license-notice.ts +++ b/web/src/admin/common/ak-license-notice.ts @@ -1,3 +1,4 @@ +import { $PFBase } from "#common/theme"; import { WithLicenseSummary } from "#elements/mixins/license"; import "@goauthentik/elements/Alert"; import { AKElement } from "@goauthentik/elements/Base"; @@ -8,6 +9,8 @@ import { customElement, property } from "lit/decorators.js"; @customElement("ak-license-notice") export class AkLicenceNotice extends WithLicenseSummary(AKElement) { + static styles = [$PFBase]; + @property() notice = msg("Enterprise only"); diff --git a/web/src/admin/flows/BoundStagesList.ts b/web/src/admin/flows/BoundStagesList.ts index fc5e07fcbd..a71deeb467 100644 --- a/web/src/admin/flows/BoundStagesList.ts +++ b/web/src/admin/flows/BoundStagesList.ts @@ -1,5 +1,6 @@ import "@goauthentik/admin/flows/StageBindingForm"; import "@goauthentik/admin/policies/BoundPoliciesList"; +import "@goauthentik/admin/rbac/ObjectPermissionModal"; import "@goauthentik/admin/stages/StageWizard"; import { DEFAULT_CONFIG } from "@goauthentik/common/api/config"; import "@goauthentik/elements/Tabs"; @@ -14,7 +15,11 @@ import { TemplateResult, html } from "lit"; import { customElement, property } from "lit/decorators.js"; import { ifDefined } from "lit/directives/if-defined.js"; -import { FlowStageBinding, FlowsApi } from "@goauthentik/api"; +import { + FlowStageBinding, + FlowsApi, + RbacPermissionsAssignedByUsersListModelEnum, +} from "@goauthentik/api"; @customElement("ak-bound-stages-list") export class BoundStagesList extends Table { @@ -99,7 +104,12 @@ export class BoundStagesList extends Table { - `, + + + `, ]; } diff --git a/web/src/admin/policies/BoundPoliciesList.ts b/web/src/admin/policies/BoundPoliciesList.ts index 960bfffb61..1ca245f2b2 100644 --- a/web/src/admin/policies/BoundPoliciesList.ts +++ b/web/src/admin/policies/BoundPoliciesList.ts @@ -6,6 +6,7 @@ import { PolicyBindingCheckTarget, PolicyBindingCheckTargetToLabel, } from "@goauthentik/admin/policies/utils"; +import "@goauthentik/admin/rbac/ObjectPermissionModal"; import "@goauthentik/admin/users/UserForm"; import { DEFAULT_CONFIG } from "@goauthentik/common/api/config"; import { PFSize } from "@goauthentik/common/enums.js"; @@ -22,7 +23,11 @@ import { TemplateResult, html, nothing } from "lit"; import { customElement, property } from "lit/decorators.js"; import { ifDefined } from "lit/directives/if-defined.js"; -import { PoliciesApi, PolicyBinding } from "@goauthentik/api"; +import { + PoliciesApi, + PolicyBinding, + RbacPermissionsAssignedByUsersListModelEnum, +} from "@goauthentik/api"; @customElement("ak-bound-policies-list") export class BoundPoliciesList extends Table { @@ -178,7 +183,12 @@ export class BoundPoliciesList extends Table { - `, + + + `, ]; } diff --git a/web/src/admin/sources/ldap/LDAPSourceForm.ts b/web/src/admin/sources/ldap/LDAPSourceForm.ts index fe4ba4dd91..c0ff548aaa 100644 --- a/web/src/admin/sources/ldap/LDAPSourceForm.ts +++ b/web/src/admin/sources/ldap/LDAPSourceForm.ts @@ -148,6 +148,26 @@ export class LDAPSourceForm extends BaseSourceForm { ${msg("Sync groups")} + + +

+ ${msg( + "Delete authentik users and groups which were previously supplied by this source, but are now missing from it.", + )} +

+ ${msg("Connection settings")}
@@ -409,10 +429,25 @@ export class LDAPSourceForm extends BaseSourceForm { />

${msg( - "Field which contains members of a group. Note that if using the \"memberUid\" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...'. When selecting 'Lookup using a user attribute', this should be a user attribute, otherwise a group attribute.", + "Field which contains members of a group. The value of this field is matched against User membership attribute.", )}

+ + +

+ ${msg("Attribute which matches the value of Group membership field.")} +

+
diff --git a/web/xliff/cs_CZ.xlf b/web/xliff/cs_CZ.xlf new file mode 100644 index 0000000000..fc7f287894 --- /dev/null +++ b/web/xliff/cs_CZ.xlf @@ -0,0 +1,9014 @@ + + + + + English + Angličtina + + + + French + Francouzština + + + + Turkish + Turečtina + + + + Spanish + Španělština + + + + Polish + Polština + + + + Taiwanese Mandarin + Mandarinská Thajština + + + + Chinese (simplified) + Čínština (zjednodušená) + + + + Chinese (traditional) + Čínština (tradiční) + + + + German + Němčina + + + + Loading... + Načítání... + + + + Application + Aplikace + + + + Logins + Přihlášení + + + + Show less + Zobrazit méně + + + + Show more + Zobrazit více + + + + UID + UID + + + + Name + Jméno + + + + App + Apl + + + + Model Name + Jméno modelu + + + + Message + Zpráva + + + + Subject + Předmět + + + + From + Od + + + + To + Komu + + + + Context + Kontext + + + + User + Uživatel + + + + Affected model: + Ovlivněný model: + + + + Authorized application: + Autorizovaná aplikace: + + + + Using flow + S použitím toku + + + + Email info: + Emailové informace: + + + + Secret: + Secret: + + + + Open issue on GitHub... + Otevřít problém na GitHubu... + + + + Exception + Výjimka + + + + Expression + Výraz + + + + Binding + Přiřazování + + + + Request + Požadavek + + + + Object + Objekt + + + + Result + Výsledek + + + + Passing + Přenos + + + + Messages + Zprávy + + + + Using source + S použitím zdroje + + + + Attempted to log in as + Pokus o přihlášení jako + + + + + No additional data available. + Žádná další data nejsou k dispozici. + + + + Click to change value + Klikněte pro změnu hodnoty + + + + Select an object. + Vyberte objekt + + + + Loading options... + Načítání možností... + + + + Connection error, reconnecting... + Chyba spojení, znovu se připojuji... + + + + Login + Přihlášení + + + + Failed login + Chybné přihlášení + + + + Logout + Odhlášení + + + + User was written to + Uživatel byl zapsaný do + + + + Suspicious request + Podezřelý požadavek + + + + Password set + Heslo je nastavené + + + + Secret was viewed + Secret byl zobrazený + + + + Secret was rotated + Secret byl změněn + + + + Invitation used + Pozvánka byla použitá + + + + Application authorized + Aplikace byla autorizovaná + + + + Source linked + Zdroj byl přiřazený + + + + Impersonation started + Zosobnění bylo spuštěno + + + + Impersonation ended + Zosobnění bylo ukončeno + + + + Flow execution + Spuštění toku + + + + Policy execution + Spuštění zásady + + + + Policy exception + Chyba zásady + + + + Property Mapping exception + Chyba mapování vlastnosti + + + + System task execution + Spuštění systémové úlohy + + + + System task exception + Chyba systémové úlohy + + + + General system exception + Obecná systémová chyba + + + + Configuration error + Chyba nastavení + + + + Model created + Model vytvořen + + + + Model updated + Model upraven + + + + Model deleted + Model smazán + + + + Email sent + Email odeslán + + + + Update available + Dostupná aktualizace + + + + Unknown severity + Neznámá závažnost + + + + Alert + Upozornění + + + + Notice + Poznámka + + + + Warning + Upozornění + + + + no tabs defined + žádné záložky + + + + - of + + - + z + + + + + Go to previous page + Na předchozí stranu + + + + Go to next page + Na další stranu + + + + Search... + Vyhledávání… + + + + Loading + Načítání + + + + No objects found. + Nebyly nalezeny žádné objekty. + + + + Failed to fetch objects. + Načítání objektů selhalo. + + + + Refresh + Obnovit + + + + Select all rows + Vybrat všechny řádky + + + + Action + Akce + + + + Creation Date + Datum vytvoření + + + + Client IP + IP adresa klienta + + + + Recent events + Nedávné události + + + + On behalf of + Jménem + + + + + - + - + + + + No Events found. + Žádné události nenalezeny. + + + + No matching events could be found. + Žádné odpovídající události nenalezeny. + + + + Embedded outpost is not configured correctly. + Zabudovaný outpost není správně nastaven. + + + + Check outposts. + Ověřit outposty. + + + + HTTPS is not detected correctly + HTTPS nebylo správně zjištěno + + + + Server and client are further than 5 seconds apart. + Server a klient mají větší rozdíl v čase než 5 vteřin. + + + + OK + OK + + + + Everything is ok. + Všechno je ok. + + + + System status + Stav systému + + + + Based on + Založeno na + + + + + is available! + + je k dispozici! + + + + Up-to-date! + Všechno aktuální! + + + + Version + Verze + + + + Workers + Agenti + + + + No workers connected. Background tasks will not run. + Žádní agenti nepřipojeni. Úkoly na pozadí se nebudou provádět. + + + + Authorizations + Autorizace + + + + Failed Logins + Nesprávná přihlášení + + + + Successful Logins + Úspěšná přihlášení + + + + : + + : + + + + + Cancel + Zrušit + + + + LDAP Source + LDAP zdroj + + + + SCIM Provider + Poskytovatel SCIM + + + + Healthy + Zdravý + + + + Healthy outposts + Zdravé outposty + + + + Admin + Admin + + + + Not found + Nenalezeno + + + + The URL "" was not found. + URL " + " nebylo nalezeno. + + + + Return home + Zpět domů + + + + General system status + Obecný stav systému + + + + Welcome, . + Vítejte, + . + + + + Quick actions + Rychlé akce + + + + Create a new application + Vytvořit novou aplikaci + + + + Check the logs + Zkontrolovat protokoly + + + + Explore integrations + Prozkoumat integrace + + + + Manage users + Spravovat uživatele + + + + Outpost status + Stav outpostu + + + + Sync status + Stav synchronizace + + + + Logins and authorizations over the last week (per 8 hours) + Přihlášení a autorizace za uplynulý týden (po 8 hodinách) + + + + Apps with most usage + Nejvíc používané aplikace + + + + days ago + +Před dny + + + + Objects created + Objektů vytvořeno + + + + Users created per day in the last month + Uživatelé vytvoření za den v posledním měsíci + + + + Logins per day in the last month + Přihlášení za den za poslední měsíc + + + + Failed Logins per day in the last month + Chybných přihlášení za den za poslední měsíc + + + + Clear search + Vyčistit vyhledávání + + + + System Tasks + Systémové úkoly + + + + Long-running operations which authentik executes in the background. + Dlouhodobé operace, které authentik provádí na pozadí. + + + + Identifier + Identifikátor + + + + Description + Popis + + + + Last run + Poslední běh + + + + Status + Stav + + + + Actions + Akce + + + + Successful + Úspěch + + + + Error + Chyba + + + + Unknown + Neznámý + + + + Duration + Trvání + + + + seconds + + sekund + + + + Authentication + Autentikace + + + + Authorization + Autorizace + + + + Enrollment + Zápis + + + + Invalidation + Zneplatnění + + + + Recovery + Obnovení + + + + Stage Configuration + Nastavení kroku + + + + Unenrollment + Zrušení zápisu + + + + Unknown designation + Neznámé označení + + + + Stacked + Stohované + + + + Content left + Obsah vlevo + + + + Content right + Obsah vpravo + + + + Sidebar left + Postranní panel vlevo + + + + Sidebar right + Postranní panel vpravo + + + + Unknown layout + Neznámé rozložení + + + + Successfully updated provider. + Poskytovatel byl úspěšně aktualizován. + + + + Successfully created provider. + Poskytovatel byl úspěšně vytvořen. + + + + Bind flow + Svázat tok + + + + Flow used for users to authenticate. + Tok používaný pro ověřování uživatelů. + + + + Bind mode + Režim vazby + + + + Cached binding + Vazba v mezipaměti + + + + Flow is executed and session is cached in memory. Flow is executed when session expires + Provede se krok a relace se uloží do mezipaměti. Krok se spustí, když vyprší platnost relace + + + + Direct binding + Přímá vazba + + + + Always execute the configured bind flow to authenticate the user + Vždy provést nakonfigurovaný tok vazby pro ověření uživatele + + + + Configure how the outpost authenticates requests. + Konfigurace způsobu ověřování požadavků v outpostu + + + + Search mode + Režim vyhledávání + + + + Cached querying + Dotazování z mezipaměti + + + + The outpost holds all users and groups in-memory and will refresh every 5 Minutes + Outpost uchovává všechny uživatele a skupiny v paměti a obnovuje se každých 5 minut + + + + Direct querying + Přímé dotazování + + + + Always returns the latest data, but slower than cached querying + Vždy vrací nejnovější data, ale je pomalejší než dotazování z mezipaměti + + + + Configure how the outpost queries the core authentik server's users. + Konfigurace způsobu, jakým se outpost dotazuje na uživatele core serveru authentik. + + + + Protocol settings + Nastavení protokolu + + + + Base DN + Základní DN + + + + LDAP DN under which bind requests and search requests can be made. + + + + Certificate + Certifikát + + + + UID start number + Počáteční číslo UID + + + + The start for uidNumbers, this number is added to the user.Pk to make sure that the numbers aren't too low for POSIX users. Default is 2000 to ensure that we don't collide with local users uidNumber + Začátek pro uidNumbers, toto číslo se přidává k user.Pk, aby se zajistilo, že čísla nebudou pro uživatele POSIX příliš nízká. Výchozí hodnota je 2000, aby se zajistilo, že nebudeme kolidovat s místními uživateli uidNumber + + + + GID start number + Počáteční číslo GID + + + + The start for gidNumbers, this number is added to a number generated from the group.Pk to make sure that the numbers aren't too low for POSIX groups. Default is 4000 to ensure that we don't collide with local groups or users primary groups gidNumber + Začátek pro gidNumbers, toto číslo se přičte k číslu vygenerovanému z group.Pk, aby se zajistilo, že čísla nebudou příliš nízká pro skupiny POSIX. Výchozí hodnota je 4000, aby se zajistilo, že nebudeme kolidovat s místními skupinami nebo primárními skupinami uživatelů gidNumber + + + + The following keywords are supported: + Podporována jsou následující klíčová slova: + + + + Authentication flow + Tok ověřování + + + + Flow used when a user access this provider and is not authenticated. + Tok používaný v případě, že uživatel přistupuje k tomuto poskytovateli a není ověřen. + + + + Authorization flow + Tok autorizace + + + + Flow used when authorizing this provider. + Tok používaný při autorizaci tohoto poskytovatele. + + + + Client type + Typ klienta + + + + Confidential + Důvěrné + + + + Confidential clients are capable of maintaining the confidentiality of their credentials such as client secrets + Důvěrní klienti jsou schopni zachovávat důvěrnost svých pověření, jako je secret klienta + + + + Public + Veřejné + + + + Public clients are incapable of maintaining the confidentiality and should use methods like PKCE. + Veřejní klienti nejsou schopni zachovat důvěrnost a měli by používat metody jako PKCE. + + + + Client ID + ID klienta + + + + Client Secret + Secret klienta + + + + If no explicit redirect URIs are specified, the first successfully used redirect URI will be saved. + + + + Signing Key + Podpisový klíč + + + + Key used to sign the tokens. + + + + Advanced protocol settings + Pokročilá nastavení protokolu + + + + Access code validity + + + + Configure how long access codes are valid for. + + + + Access Token validity + Platnost přístupového tokenu + + + + Configure how long access tokens are valid for. + + + + Refresh Token validity + Obnovit platnost tokenu + + + + Configure how long refresh tokens are valid for. + Konfigurace doby platnosti obnovovacích tokenů. + + + + Scopes + Scopes + + + + Select which scopes can be used by the client. The client still has to specify the scope to access the data. + Vyberte, které scopes může klient používat. Klient musí ještě určit scope pro přístup k datům. + + + + Subject mode + Režim předmětu + + + + Based on the User's hashed ID + + + + Based on the User's ID + + + + Based on the User's UUID + + + + Based on the User's username + + + + Based on the User's Email + + + + This is recommended over the UPN mode. + + + + Based on the User's UPN + + + + Requires the user to have a 'upn' attribute set, and falls back to hashed user ID. Use this mode only if you have different UPN and Mail domains. + + + + Configure what data should be used as unique User Identifier. For most cases, the default should be fine. + + + + Include claims in id_token + Zahrnout claims do id_token + + + + Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint. + Zahrnout claimy uživatele ze scopů do id_tokenu pro aplikace, které nemají přístup ke koncovému bodu informací o uživateli. + + + + Issuer mode + Režim vydavatele + + + + Each provider has a different issuer, based on the application slug + + + + Same identifier is used for all providers + + + + Configure how the issuer field of the ID Token should be filled. + + + + Machine-to-Machine authentication settings + Nastavení ověřování Machine-to-Machine + + + + JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider. + + + + HTTP-Basic Username Key + Klíč uživatelského jména HTTP-Basic + + + + User/Group Attribute used for the user part of the HTTP-Basic Header. If not set, the user's Email address is used. + + + + HTTP-Basic Password Key + Klíč hesla HTTP-Basic + + + + User/Group Attribute used for the password part of the HTTP-Basic Header. + + + + Proxy + Proxy + + + + Forward auth (single application) + + + + Forward auth (domain level) + + + + This provider will behave like a transparent reverse-proxy, except requests must be authenticated. If your upstream application uses HTTPS, make sure to connect to the outpost using HTTPS as well. + + + + External host + Externí hostitel + + + + The external URL you'll access the application at. Include any non-standard port. + + + + Internal host + Interní hostitel + + + + Upstream host that the requests are forwarded to. + + + + Internal host SSL Validation + + + + Validate SSL Certificates of upstream servers. + + + + Use this provider with nginx's auth_request or traefik's forwardAuth. Only a single provider is required per root domain. You can't do per-application authorization, but you don't have to create a provider for each application. + + + + An example setup can look like this: + + + + authentik running on auth.example.com + + + + app1 running on app1.example.com + + + + In this case, you'd set the Authentication URL to auth.example.com and Cookie domain to example.com. + + + + Authentication URL + URL pro ověření + + + + The external URL you'll authenticate at. The authentik core server should be reachable under this URL. + + + + Cookie domain + Cookie doména + + + + Set this to the domain you wish the authentication to be valid for. Must be a parent domain of the URL above. If you're running applications as app1.domain.tld, app2.domain.tld, set this to 'domain.tld'. + + + + Unknown proxy mode + Neznámý režim proxy + + + + Token validity + Platnost tokenu + + + + Configure how long tokens are valid for. + + + + Additional scopes + Další scopes + + + + Additional scope mappings, which are passed to the proxy. + Další mapování scopes, které jsou předávány proxy serveru. + + + + Unauthenticated URLs + Neověřené URL + + + + Unauthenticated Paths + Neověřené cesty + + + + Regular expressions for which authentication is not required. Each new line is interpreted as a new expression. + + + + When using proxy or forward auth (single application) mode, the requested URL Path is checked against the regular expressions. When using forward auth (domain mode), the full requested URL including scheme and host is matched against the regular expressions. + + + + Authentication settings + Nastavení ověření + + + + Intercept header authentication + + + + When enabled, authentik will intercept the Authorization header to authenticate the request. + + + + Send HTTP-Basic Authentication + Odesílat ověřování HTTP-Basic + + + + Send a custom HTTP-Basic Authentication header based on values from authentik. + + + + ACS URL + ACS URL + + + + Issuer + Vydavatel + + + + Also known as EntityID. + + + + Service Provider Binding + Vazba na poskytovatele služby + + + + Redirect + Přesměrování + + + + Post + Odeslat + + + + Determines how authentik sends the response back to the Service Provider. + + + + Audience + Publikum + + + + Signing Certificate + Podepisovací certifikát + + + + Certificate used to sign outgoing Responses going to the Service Provider. + + + + Verification Certificate + Ověřovací certifikát + + + + When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default. + + + + Property mappings + Mapování vlastností + + + + NameID Property Mapping + + + + Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be respected. + + + + Assertion valid not before + + + + Configure the maximum allowed time drift for an assertion. + + + + Assertion valid not on or after + + + + Assertion not valid on or after current time + this value. + + + + Session valid not on or after + + + + Session not valid on or after current time + this value. + + + + Digest algorithm + Hashovací algoritmus + + + + Signature algorithm + Podpisový algoritmus + + + + Successfully imported provider. + Poskytovatel byl úspěšně importován. + + + + Metadata + Metadata + + + + Apply changes + Použít změny + + + + Close + Zavřít + + + + Finish + Dokončit + + + + Back + Zpět + + + + No form found + Nenalezený žádný formulář + + + + Form didn't return a promise for submitting + + + + Select type + Vyberte typ + + + + Create + Vytvořit + + + + New provider + Nový poskytovatel + + + + Create a new provider. + + + + Create + Vytvořit + + + + + Shared secret + Sdílený secret + + + + Client Networks + Klientské sítě + + + + URL + URL + + + + SCIM base url, usually ends in /v2. + + + + Token + Token + + + + Token to authenticate with. Currently only bearer authentication is supported. + + + + User filtering + Filtrování uživatelů + + + + Exclude service accounts + Vyloučit účty služeb + + + + Group + Skupina + + + + Only sync users within the selected group. + + + + Attribute mapping + Mapování atributů + + + + User Property Mappings + Mapování vlastností uživatele + + + + Property mappings used to user mapping. + + + + Group Property Mappings + Mapování vlastností skupiny + + + + Property mappings used to group creation. + + + + Not used by any other object. + + + + object will be DELETED + + + + connection will be deleted + + + + reference will be reset to default value + + + + reference will be set to an empty value + + + + () + + ( + ) + + + + ID + ID + + + + Successfully deleted + Úspěšně smazáno + + + Failed to delete : + Nepodařio se smazat + : + + + + + Delete + Smazat + + + + + Are you sure you want to delete ? + + + Delete + Smazat + + + + Providers + Poskytovatelé + + + + Provide support for protocols like SAML and OAuth to assigned applications. + Zajištění podpory protokolů jako SAML a OAuth pro přiřazené aplikace. + + + + Type + Typ + + + + Provider(s) + Poskytovatel(é) + + + + Assigned to application + Přiřazeno k aplikaci + + + + Assigned to application (backchannel) + + + + Warning: Provider not assigned to any application. + + + + Update + Aktualizovat + + + + Update + Aktualizovat + + + + + Select providers to add to application + + + + Add + Přidat + + + + Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test". + + + + Path template for users created. Use placeholders like `%(slug)s` to insert the source slug. + + + + Successfully updated application. + Aplikace byla úspěšně aktualizována. + + + + Successfully created application. + Aplikace byla úspěšně vytvořena. + + + + Application's display Name. + Zobrazovaný název aplikace. + + + + Slug + Slug + + + + Optionally enter a group name. Applications with identical groups are shown grouped together. + + + + Provider + Poskytovatel + + + + Select a provider that this application should use. + + + + Select backchannel providers which augment the functionality of the main provider. + + + + Policy engine mode + Režim mechanismu zásad + + + + Any policy must match to grant access + Pro udělení přístupu se musí shodovat s některou zásadou + + + + All policies must match to grant access + Pro udělení přístupu se musí všechny zásady shodovat + + + + UI settings + Nastavení UI + + + + Launch URL + Spouštěcí URL + + + + If left empty, authentik will try to extract the launch URL based on the selected provider. + + + + Open in new tab + + + + If checked, the launch URL will open in a new browser tab or window from the user's application library. + + + + Icon + Ikona + + + + Currently set to: + Aktuálně nastaveno na: + + + + Clear icon + Vymazat ikonu + + + + Publisher + Vydavatel + + + + Create Application + Vytvořit Aplikaci + + + + Overview + Přehled + + + + Changelog + Seznam změn + + + + Warning: Provider is not used by any Outpost. + + + + Assigned to application + Přiřazeno k aplikaci + + + + Update LDAP Provider + Aktualizovat LDAP poskytovatele + + + + Edit + Upravit + + + + How to connect + Jak se připojit + + + + Connect to the LDAP Server on port 389: + + + + Check the IP of the Kubernetes service, or + + + + The Host IP of the docker host + + + + Bind DN + Svázat DN + + + + Bind Password + Svázat heslo + + + + Search base + Základ vyhledávání + + + + Preview + Náhled + + + + Warning: Provider is not used by an Application. + + + + Redirect URIs + URI pro Přesměrování + + + + Update OAuth2 Provider + Aktualizovat OAuth2 poskytovatele + + + + OpenID Configuration URL + Konfigurace OpenID URL + + + + OpenID Configuration Issuer + Konfigurace OpenID vydavatele + + + + Authorize URL + URL pro Autorizaci + + + + Token URL + URL pro Token + + + + Userinfo URL + URL pro Uživatelské informace + + + + Logout URL + URL pro Odhlášení + + + + JWKS URL + URL pro JWKS + + + + Forward auth (domain-level) + + + + Nginx (Ingress) + Nginx (Ingress) + + + + Nginx (Proxy Manager) + Nginx (Proxy Manager) + + + + Nginx (standalone) + Nginx (samostatně) + + + + Traefik (Ingress) + Traefik (Ingress) + + + + Traefik (Compose) + Traefik (Compose) + + + + Traefik (Standalone) + Traefik (samostatně) + + + + Caddy (Standalone) + Caddy (samostatně) + + + + Internal Host + Interní Hostitel + + + + External Host + Externí Hostitel + + + + Basic-Auth + Jednoduché Ověření + + + + Yes + Ano + + + + Mode + Režim + + + + Update Proxy Provider + Aktualizovat proxy poskytovatele + + + + Protocol Settings + Nastavení protokolu + + + + Allowed Redirect URIs + Povolené URI pro přesměrování + + + + Setup + Nastavení + + + + No additional setup is required. + Žádné další nastavení není vyžadováno. + + + + Update Radius Provider + Aktualizovat Radius poskytovatele + + + + Download + Stáhnout + + + + Copy download URL + Kopírovat URL pro stažení + + + + Download signing certificate + Stáhnout podepisovací certifikát + + + + Related objects + Související objekty + + + + Update SAML Provider + Aktualizovat poskytovatele SAML + + + + SAML Configuration + Konfigurace SAML + + + + EntityID/Issuer + EntityID/Vydavatel + + + + SSO URL (Post) + SSO URL (Post) + + + + SSO URL (Redirect) + SSO URL (Redirect) + + + + SSO URL (IdP-initiated Login) + SSO URL (přihlášení iniciované IdP) + + + + SLO URL (Post) + SLO URL (Post) + + + + SLO URL (Redirect) + SLO URL (Redirect) + + + + SAML Metadata + SAML Metadata + + + + Example SAML attributes + Příklad SAML atributů + + + + NameID attribute + Atribut NameID + + + + Warning: Provider is not assigned to an application as backchannel provider. + Varování: Poskytovatel není přiřazený k aplikaci jako backchannel poskytovatel. + + + + Update SCIM Provider + Aktualizovat SCIM poskytovatele + + + + Run sync again + Znovu spustit synchronizaci + + + + LDAP + LDAP + + + + New application + Nová aplikace + + + + Applications + Aplikace + + + + Provider Type + Typ poskytovatele + + + + Application(s) + Aplikace + + + + Application Icon + Ikona aplikace + + + + Update Application + Aktualizovat aplikaci + + + + Successfully sent test-request. + + + + Log messages + Zprávy protokolu + + + + No log messages. + Žádné zprávy v protokolu. + + + + Active + Aktivní + + + + Last login + Poslední přihlášení + + + + Select users to add + + + + Successfully updated group. + Skupina byla úspěšně aktualizována. + + + + Successfully created group. + Skupina byla úspěšně vytvořena. + + + + Is superuser + Je superuživatel + + + + Users added to this group will be superusers. + + + + Parent + Rodič + + + + Attributes + Atributy + + + + Set custom attributes using YAML or JSON. + + + + Successfully updated binding. + Vazba byla úspěšně aktualizována. + + + + Successfully created binding. + Vazba byla úspěšně vytvořena. + + + + Policy + Zásada + + + + Group mappings can only be checked if a user is already logged in when trying to access this source. + + + + User mappings can only be checked if a user is already logged in when trying to access this source. + + + + Enabled + Povoleno + + + + Negate result + Negovat výsledek + + + + Negates the outcome of the binding. Messages are unaffected. + + + + Order + Pořadí + + + + Timeout + Časový limit + + + + Successfully updated policy. + Zásada byla úspěšně aktualizována. + + + + Successfully created policy. + Zásada byla úspěšně vytvořena. + + + + A policy used for testing. Always returns the same result as specified below after waiting a random duration. + + + + Execution logging + + + + When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. + + + + Policy-specific settings + Specifická nastavení zásady + + + + Pass policy? + + + + Wait (min) + Čekat (min) + + + + The policy takes a random time to execute. This controls the minimum time it will take. + + + + Wait (max) + Čekat (max) + + + + Matches an event against a set of criteria. If any of the configured values match, the policy passes. + + + + Match created events with this action type. When left empty, all action types will be matched. + + + + Match events created by selected application. When left empty, all applications are matched. + + + + Checks if the request's user's password has been changed in the last x days, and denys based on settings. + + + + Maximum age (in days) + + + + Only fail the policy, don't invalidate user's password + Pouze selhání zásady, nikoli zneplatnění hesla uživatele + + + + Executes the python snippet to determine whether to allow or deny a request. + + + + Expression using Python. + Výraz používá Python. + + + + See documentation for a list of all variables. + + + + Static rules + Statická pravidla + + + + Minimum length + Minimální délka + + + + Minimum amount of Uppercase Characters + Minimální množství velkých písmen + + + + Minimum amount of Lowercase Characters + Minimální množství malých písmen + + + + Minimum amount of Digits + Minimální množství číslic + + + + Minimum amount of Symbols Characters + Minimální množství speciálních znaků + + + + Error message + Chybová zpráva + + + + Symbol charset + Maximální délka + + + + Characters which are considered as symbols. + + + + HaveIBeenPwned settings + Nastavení HaveIBeenPwned + + + + Allowed count + Povolený počet + + + + Allow up to N occurrences in the HIBP database. + + + + zxcvbn settings + Nastavení zxcvbn + + + + Score threshold + Práh skóre + + + + If the password's score is less than or equal this value, the policy will fail. + Pokud je skóre hesla nižší nebo rovno této hodnotě, zásada nebude uznána. + + + + Checks the value from the policy request against several rules, mostly used to ensure password strength. + + + + Password field + Pole hesla + + + + Field key to check, field keys defined in Prompt stages are available. + + + + Check static rules + Zkontrolovat statická pravidla + + + + Check haveibeenpwned.com + Zkontrolovat haveibeenpwned.com + + + + For more info see: + + + + Check zxcvbn + Zkontrolovat zxcvbn + + + + Password strength estimator created by Dropbox, see: + + + + Allows/denys requests based on the users and/or the IPs reputation. + Povolí/zamítne požadavky na základě reputace uživate a/nebo IP. + + + + Invalid login attempts will decrease the score for the client's IP, and the +username they are attempting to login as, by one. + + + The policy passes when the reputation score is below the threshold, and +doesn't pass when either or both of the selected options are equal or above the threshold. + + + Check IP + Zkontrolovat IP + + + + Check Username + Zkontrolovat uživatelské jméno + + + + Threshold + Práh + + + + New policy + Nová zásada + + + + Create a new policy. + Vytvořit novou zásadu. + + + + Create Binding + Vytvořit vazbu + + + + Superuser + Superuživatel + + + + Members + Členové + + + + Select groups to add user to + Zvolte skupiny do kterých chcete zařadit uživatele + + + + Warning: Adding the user to the selected group(s) will give them superuser permissions. + + + + Successfully updated user. + Uživatel byl úspěšně aktualizován. + + + + Successfully created user. + Uživatel byl úspěšně vytvořen. + + + + Username + Uživatelské jméno + + + + User's primary identifier. 150 characters or fewer. + + + + User's display name. + Zobrazované jméno uživatele. + + + + Email + E-mail + + + + Is active + Je aktivní + + + + Designates whether this user should be treated as active. Unselect this instead of deleting accounts. + + + + Path + Cesta + + + + Policy + Zásada + + + + + Group + Skupina + + + + + User + Uživatel + + + + + Edit Policy + Upravit zásadu + + + + Update Group + Aktualizovat Skupinu + + + + Edit Group + Upravit skupinu + + + + Update User + Aktualizovat Uživatele + + + + Edit User + Upravit uživatele + + + + Policy binding(s) + Vazba(y) zásady + + + + Update Binding + Aktualizovat vazbu + + + + Edit Binding + Upravit vazbu + + + + No Policies bound. + Není přiřazena žádná zásada. + + + + No policies are currently bound to this object. + K tomuto objektu nejsou v současné době vázány žádné zásady. + + + + Warning: Application is not used by any Outpost. + + + + Related + Související + + + + Backchannel Providers + + + + Check access + Zkontrolovat přístup + + + + Check + Zkontrolovat + + + + Check Application access + Zkontrolovat přístup aplikace + + + + Test + Test + + + + Launch + Spustit + + + + Logins over the last week (per 8 hours) + Přihlášení za poslední týden (po 8 hodinách) + + + + Policy / Group / User Bindings + Zásada / Skupina / Vazby uživatele + + + + These policies control which users can access this application. + + + + Successfully updated source. + Zdroj byl úspěšně aktualizován. + + + + Successfully created source. + Zdroj byl úspěšně vytvořen. + + + + Sync users + Synchronizovat uživatele + + + + User password writeback + Zpětný zápis uživatelského hesla + + + + Login password is synced from LDAP into authentik automatically. Enable this option only to write password changes in authentik back to LDAP. + Heslo pro přihlášení je do authentik z LDAP synchronizováno automaticky. Zapněte tuto možnost pouze pokud chcete změnu hesla zapsat zpět do LDAP. + + + + Sync groups + Synchronizovat skupiny + + + + Connection settings + Nastavení připojení + + + + Server URI + URI serveru + + + + Specify multiple server URIs by separating them with a comma. + + + + Enable StartTLS + Povolit StartTLS + + + + To use SSL instead, use 'ldaps://' and disable this option. + + + + TLS Verification Certificate + Ověřovací TLS certifikát + + + + When connecting to an LDAP Server with TLS, certificates are not checked by default. Specify a keypair to validate the remote certificate. + + + + Bind CN + Svázat CN + + + + LDAP Attribute mapping + Mapování LDAP atributů + + + + Additional settings + Další nastavení + + + + Parent group for all the groups imported from LDAP. + Nadřazená skupina pro všechny skupiny importované z LDAP. + + + + User path + Cesta uživatele + + + + Addition User DN + + + + Additional user DN, prepended to the Base DN. + + + + Addition Group DN + + + + Additional group DN, prepended to the Base DN. + + + + User object filter + + + + Consider Objects matching this filter to be Users. + + + + Group object filter + + + + Consider Objects matching this filter to be Groups. + + + + Group membership field + + + + Object uniqueness field + + + + Field which contains a unique Identifier. + + + + Link users on unique identifier + + + + Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses + + + + Use the user's email address, but deny enrollment when the email address already exists + + + + Link to a user with identical username. Can have security implications when a username is used with another source + + + + Use the user's username, but deny enrollment when the username already exists + Použít uživatelské jméno uživatele, ale odmítnout registraci, pokud uživatelské jméno již existuje. + + + + Unknown user matching mode + + + + URL settings + URL nastavení + + + + Authorization URL + URL pro autorizaci + + + + URL the user is redirect to to consent the authorization. + URL na kterou je uživatel přesměrován pro udělení souhlasu k autorizaci. + + + + Access token URL + URL přístupového tokenu + + + + URL used by authentik to retrieve tokens. + + + + Profile URL + URL profilu + + + + URL used by authentik to get user information. + + + + Request token URL + URL tokenu požadavku + + + + URL used to request the initial token. This URL is only required for OAuth 1. + + + + OIDC Well-known URL + + + + OIDC well-known configuration URL. Can be used to automatically configure the URLs above. + + + + OIDC JWKS URL + + + + JSON Web Key URL. Keys from the URL will be used to validate JWTs from this source. + + + + OIDC JWKS + OIDC JWKS + + + + Raw JWKS data. + + + + User matching mode + + + + Delete currently set icon. + + + + Consumer key + Klíč spotřebitele + + + + Consumer secret + Spotřebitelský secret + + + + Additional scopes to be passed to the OAuth Provider, separated by space. To replace existing scopes, prefix with *. + Další scopes, které mají být předány poskytovateli OAuth, oddělené mezerou. Chcete-li nahradit stávající scopes, použijte předponu *. + + + + Flow settings + Nastavení toku + + + + Flow to use when authenticating existing users. + Tok, který se použije při ověřování stávajících uživatelů. + + + + Enrollment flow + Výzva zápisu + + + + Flow to use when enrolling new users. + Tok, který se používá při registraci nových uživatelů. + + + + Load servers + Načíst servery + + + + Re-authenticate with plex + + + + Allow friends to authenticate via Plex, even if you don't share any servers + + + + Allowed servers + Povolené servery + + + + Select which server a user has to be a member of to be allowed to authenticate. + + + + SSO URL + SSO URL + + + + URL that the initial Login request is sent to. + + + + SLO URL + SLO URL + + + + Optional URL if the IDP supports Single-Logout. + + + + Also known as Entity ID. Defaults the Metadata URL. + + + + Binding Type + Typ vazby + + + + Redirect binding + Přesměrovat vazbu + + + + Post-auto binding + + + + Post binding but the request is automatically sent and the user doesn't have to confirm. + + + + Post binding + + + + Signing keypair + Podepisovací pár klíčů + + + + Keypair which is used to sign outgoing requests. Leave empty to disable signing. + + + + Allow IDP-initiated logins + + + + Allows authentication flows initiated by the IdP. This can be a security risk, as no validation of the request ID is done. + + + + NameID Policy + NameID zásada + + + + Persistent + Trvalý + + + + Email address + E-mailová adresa + + + + Windows + Windows + + + + X509 Subject + X509 předmět + + + + Transient + Přechodný + + + + Delete temporary users after + Smazat dočasné uživatele po + + + + Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually. + + + + Pre-authentication flow + Tok před ověřením + + + + Flow used before authentication. + Tok používaný před ověřením. + + + + New source + Nový zdroj + + + + Create a new source. + Vytvořit nový zdroj. + + + + Sources of identities, which can either be synced into authentik's database, or can be used by users to authenticate and enroll themselves. + Zdroje identit, které mohou být buď synchronizovány s databází authentik, nebo je mohou uživatelé používat k ověřování a registraci. + + + + Source(s) + Zdroj(e) + + + + Disabled + Zakázáno + + + + Built-in + Vestavěný + + + + Update LDAP Source + Aktualizovat zdroj LDAP + + + + Not synced yet. + Ještě není synchronizováno. + + + + OAuth Source + OAuth zdroj + + + + + Generic OpenID Connect + Obecný OpenID Connect + + + + Unknown provider type + Neznámý typ poskytovatele + + + + Details + Podrobnosti + + + + Callback URL + URL zpětného volání + + + + Access Key + Přístupový klíč + + + + Update OAuth Source + Aktualizovat OAuth zdroj + + + + Diagram + Diagram + + + + Policy Bindings + Vazby zásady + + + + These bindings control which users can access this source. + You can only use policies here as access is checked before the user is authenticated. + + + Update Plex Source + Aktualizovat Plex zdroj + + + + Update SAML Source + Aktualizovat SAML zdroj + + + + Successfully updated mapping. + Mapováno bylo úspěšně aktualizováno. + + + + Successfully created mapping. + Mapováno bylo úspěšně vytvořeno. + + + + SAML Attribute Name + + + + Attribute name used for SAML Assertions. Can be a URN OID, a schema reference, or a any other string. If this property mapping is used for NameID Property, this field is discarded. + + + + Friendly Name + Přátelský název + + + + Optionally set the 'FriendlyName' value of the Assertion attribute. + + + + Scope name + Název scope + + + + Scope which the client can specify to access these properties. + Scope, který může klient zadat pro přístup k těmto vlastnostem. + + + + Description shown to the user when consenting. If left empty, the user won't be informed. + + + + Example context data + + + + Active Directory User + + + + Active Directory Group + + + + New property mapping + + + + Create a new property mapping. + + + + Property Mappings + Mapování vlastnosti + + + + Control how authentik exposes and interprets information. + + + + Property Mapping(s) + Mapování vlastností + + + + Test Property Mapping + + + + Hide managed mappings + + + + Successfully updated token. + Token úspěšně aktualizován. + + + + Successfully created token. + Token úspěšně vytvořen. + + + + Unique identifier the token is referenced by. + + + + Intent + Záměr + + + + API Token + API token + + + + Used to access the API programmatically + + + + App password. + Heslo aplikace. + + + + Used to login using a flow executor + Používá se k přihlášení pomocí vykonavatele toku + + + + Expiring + Expirující + + + + If this is selected, the token will expire. Upon expiration, the token will be rotated. + + + + Expires on + Expiruje v + + + + API Access + API přístup + + + + App password + Heslo aplikace + + + + Verification + Ověření + + + + Unknown intent + Neznámý záměr + + + + Tokens + Tokeny + + + + Tokens are used throughout authentik for Email validation stages, Recovery keys and API access. + Tokeny se používají v celém systému authentik pro fáze ověřování e-mailů, klíčů pro obnovení a přístupu k rozhraní API. + + + + Expires? + Expiruje? + + + + Expiry date + Datum expirace + + + + Token(s) + Token(y) + + + + Create Token + Vytvořit token + + + + Token is managed by authentik. + Token spravuje authentik + + + + Update Token + Aktualizovat token + + + + Domain + Doména + + + + Matching is done based on domain suffix, so if you enter domain.tld, foo.domain.tld will still match. + + + + Default + Výchozí + + + + Branding settings + Nastavení značky + + + + Title + Název + + + + Branding shown in page title and several other places. + + + + Logo + Logo + + + + Icon shown in sidebar/header and flow executor. + Ikona zobrazená v postranním panelu/záhlaví a ve vykonavateli toku. + + + + Favicon + Favicon + + + + Icon shown in the browser tab. + Ikona zobrazená v záložce prohlížeče. + + + + Default flows + Výchozí toky + + + + Flow used to authenticate users. If left empty, the first applicable flow sorted by the slug is used. + + + + Invalidation flow + Tok zneplatnění + + + + Flow used to logout. If left empty, the first applicable flow sorted by the slug is used. + + + + Recovery flow + Tok obnovy + + + + Unenrollment flow + Tok zrušení zápisu + + + + If set, users are able to unenroll themselves using this flow. If no flow is set, option is not shown. + + + + User settings flow + Tok uživatelských nastavení + + + + If set, users are able to configure details of their profile. + + + + Device code flow + Tok kódu zařízení + + + + If set, the OAuth Device Code profile can be used, and the selected flow will be used to enter the code. + + + + Other global settings + Další globální nastavení + + + + Web Certificate + Webový certifikát + + + + Event retention + Zachování události + + + + Duration after which events will be deleted from the database. + + + + This setting only affects new Events, as the expiration is saved per-event. + + + + Configure visual settings and defaults for different domains. + + + + Default? + Výchozí? + + + + Policies + Zásady + + + + Allow users to use Applications based on properties, enforce Password Criteria and selectively apply Stages. + + + + Assigned to object(s). + Přiřazeno k + objektu(ům). + + + + Warning: Policy is not assigned. + Varování: Zásada není přiřazena. + + + + Test Policy + Test zásady + + + + Policy / Policies + Zásada / Zásady + + + + Successfully cleared policy cache + Úspěšně vymazána mezipaměť zásady + + + + Failed to delete policy cache + Nepodařilo se odstranit mezipaměť zásady + + + + Clear cache + Vymazat mezipaměť + + + + Clear Policy cache + Vymazat mezipamět zásady + + + + Are you sure you want to clear the policy cache? This will cause all policies to be re-evaluated on their next usage. + + + Reputation scores + Skóre reputace + + + + Reputation for IP and user identifiers. Scores are decreased for each failed login and increased for each successful login. + + + + IP + IP + + + + Score + Skóre + + + + Updated + Aktualizováno + + + + Reputation + Reputace + + + + Groups + Skupiny + + + + Group users together and give them permissions based on the membership. + Seskupte uživatele a přidělte jim oprávnění na základě členství. + + + + Superuser privileges? + Práva superuživatele? + + + + Group(s) + Skupiny + + + + Create Group + Vytvořit skupinu + + + + Create group + Vytvořit skupinu + + + + Enabling this toggle will create a group named after the user, with the user as member. + + + + Use the username and password below to authenticate. The password can be retrieved later on the Tokens page. + + + + Password + Heslo + + + + Valid for 360 days, after which the password will automatically rotate. You can copy the password from the Token List. + + + + The following objects use + + + + connecting object will be deleted + + + + Successfully updated + Úspěšně aktualizováno + + + Failed to update : + Nepodařilo se aktualizovat + : + + + + + Are you sure you want to update ""? + + + + Successfully updated password. + Heslo byl úspěšně aktualizováno. + + + + Successfully sent email. + Email byl úspěšně odeslán. + + + + Email stage + Krok e-mailu + + + + Successfully added user(s). + + + + Users to add + + + + User(s) + Uživatel(é) + + + + Remove Users(s) + Odstranit uživatele + + + + Are you sure you want to remove the selected users from the group ? + Jste si jisti že chcete odebrat zvolené uživatele ze skupiny +? + + + + Remove + Odstranit + + + + Impersonate + Zosobnit + + + + User status + Stav uživatele + + + + Change status + Změnit stav + + + + Deactivate + Deaktivovat + + + + Update password + Aktualizovat heslo + + + + Set password + Nastavit heslo + + + + Successfully generated recovery link + Odkaz k obnovení úspěšně vytvořen + + + + Copy recovery link + Kopírovat odkaz pro obnovení + + + + Send link + Odeslat odkaz + + + + Send recovery link to user + Poslat uživateli odkaz k obnovení + + + + Email recovery link + Odkaz pro obnovení e-mailu + + + + Recovery link cannot be emailed, user has no email address saved. + Odkaz pro obnovení nemůže být odeslán emailem, protože uživatel nemá nastavenou emailovou adresu. + + + + Add User + Přidat uživatele + + + + Warning: This group is configured with superuser access. Added users will have superuser access. + + + + Add existing user + Přidat stávajícího uživatele + + + + Create user + Vytvořit uživatele + + + + Create User + Vytvořit uživatele + + + + Create Service account + Vytvořit účet služby + + + + Hide service-accounts + Skrýt účty služeb + + + + Group Info + Informace o skupině + + + + Notes + Poznámky + + + + Edit the notes attribute of this group to add notes here. + + + + Users + Uživatelé + + + + Root + Root + + + + Warning: You're about to delete the user you're logged in as (). Proceed at your own risk. + + + + Hide deactivated user + Skrýt deaktivované uživatele + + + + User folders + Složky uživatelů + + + + Successfully added user to group(s). + Uživatel byl úspěšně přidán do skupin(y) + + + + Groups to add + Skupiny k přidání + + + + Remove from Group(s) + Odebrat ze skupin(y) + + + + Are you sure you want to remove user from the following groups? + Jste si jisti že chcete odebrat uživatele +z následujících skupin? + + + + Add Group + Přidat skupinu + + + + Add to existing group + Přidat do existující skupiny + + + + Add new group + Přidat novou skupinu + + + + Application authorizations + Oprávnění k aplikaci + + + + Revoked? + Odvolán? + + + + Expires + Expiruje + + + + ID Token + ID tokenu + + + + Refresh Tokens(s) + Obnovit token(y) + + + + Last IP + Poslední IP + + + + Session(s) + Relace + + + + Expiry + Expirace + + + + (Current session) + (Aktuální relace) + + + + Permissions + Oprávnění + + + + Consent(s) + Souhlas(y) + + + + Successfully updated device. + Zařízení bylo úspěšně aktualizováno. + + + + Static tokens + Statické tokeny + + + + TOTP Device + TOTP zařízení + + + + Enroll + Zapsat + + + + Device(s) + Zařízení + + + + Update Device + Aktualizovat zařízení + + + + Confirmed + Potvrzeno + + + + User Info + Informace o uživateli + + + + Actions over the last week (per 8 hours) + Akce za poslední týden (po 8 hodinách) + + + + Edit the notes attribute of this user to add notes here. + + + + Sessions + Relace + + + + User events + Události uživatele + + + + Explicit Consent + Explicitní souhlas + + + + OAuth Refresh Tokens + Obnovovací tokeny pro OAuth + + + + MFA Authenticators + MFA autentikátory + + + + Successfully updated invitation. + Pozvánka byla úspěšně aktualizována. + + + + Successfully created invitation. + Pozvánka byla úspěšně vytvořena. + + + + Flow + Tok + + + + When selected, the invite will only be usable with the flow. By default the invite is accepted on all flows with invitation stages. + + + + Optional data which is loaded into the flow's 'prompt_data' context variable. YAML or JSON. + + + + Single use + Pro jedno použití + + + + When enabled, the invitation will be deleted after usage. + + + + Select an enrollment flow + Vyberte tok zápisu + + + + Link to use the invitation. + + + + Invitations + Pozvánky + + + + Create Invitation Links to enroll Users, and optionally force specific attributes of their account. + Vytvořte odkazy na pozvánky k registraci uživatelů a volitelně vynuťte konkrétní atributy jejich účtu. + + + + Created by + Vytvořil + + + + Invitation(s) + Pozvánky + + + + Invitation not limited to any flow, and can be used with any enrollment flow. + + + + Update Invitation + Aktualizovat pozvánku + + + + Create Invitation + Vytvořit pozvánku + + + + Warning: No invitation stage is bound to any flow. Invitations will not work as expected. + + + + Auto-detect (based on your browser) + Automatická detekce (dle prohlížeče) + + + + Required. + Vyžadováno. + + + + Continue + Pokračovat + + + + Successfully updated prompt. + Výzva byla úspěšně aktualizována. + + + + Successfully created prompt. + Výzva byla úspěšně vytvořena. + + + + Text: Simple Text input + + + + Text Area: Multiline text input + + + + Text (read-only): Simple Text input, but cannot be edited. + + + + Text Area (read-only): Multiline text input, but cannot be edited. + + + + Username: Same as Text input, but checks for and prevents duplicate usernames. + + + + Email: Text field with Email type. + + + + Password: Masked input, multiple inputs of this type on the same prompt need to be identical. + + + + Number + Číslo + + + + Checkbox + Zaškrtávací pole + + + + Radio Button Group (fixed choice) + + + + Dropdown (fixed choice) + + + + Date + Datum + + + + Date Time + Datum čas + + + + File + Soubor + + + + Separator: Static Separator Line + + + + Hidden: Hidden field, can be used to insert data into form. + + + + Static: Static value, displayed as-is. + + + + authentik: Locale: Displays a list of locales authentik supports. + authentik: Jazyk: Zobrazí seznam místních jazyků, které authentik podporuje. + + + + Preview errors + Chyby náhledu + + + + Data preview + Náhled dat + + + + Unique name of this field, used for selecting fields in prompt stages. + + + + Field Key + Klíč pole + + + + Name of the form field, also used to store the value. + + + + When used in conjunction with a User Write stage, use attributes.foo to write attributes. + + + + Label + Štítek + + + + Label shown next to/above the prompt. + + + + Required + Vyžadováno + + + + Interpret placeholder as expression + + + + When checked, the placeholder will be evaluated in the same way a property mapping is. + If the evaluation fails, the placeholder itself is returned. + + + Placeholder + Zástupný text + + + + Optionally provide a short hint that describes the expected input value. + When creating a fixed choice field, enable interpreting as expression and return a + list to return multiple choices. + + + Interpret initial value as expression + + + + When checked, the initial value will be evaluated in the same way a property mapping is. + If the evaluation fails, the initial value itself is returned. + + + Initial value + Počáteční hodnota + + + + Optionally pre-fill the input with an initial value. + When creating a fixed choice field, enable interpreting as expression and + return a list to return multiple default choices. + + + Help text + Text nápovědy + + + + Any HTML can be used. + + + + Prompts + Výzvy + + + + Single Prompts that can be used for Prompt Stages. + + + + Field + Pole + + + + Stages + Kroky + + + + Prompt(s) + Výzva(y) + + + + Update Prompt + Aktualizovat výzvu + + + + Create Prompt + Vytvořit výzvu + + + + Target + Cíl + + + + Stage + Krok + + + + Evaluate when flow is planned + Vyhodnotit, když je tok plánován + + + + Evaluate policies during the Flow planning process. + Vyhodnotit zásady během procesu plánování toku. + + + + Evaluate when stage is run + Vyhodnotit při běhu kroku + + + + Invalid response behavior + + + + Returns the error message and a similar challenge to the executor + + + + Restarts the flow from the beginning + Restartuje tok od začátku + + + + Restarts the flow from the beginning, while keeping the flow context + + + + Configure how the flow executor should handle an invalid response to a challenge given by this bound stage. + + + + Successfully updated stage. + Krok byl úspěšně aktualizován. + + + + Successfully created stage. + Krok byl úspěšně vytvořen. + + + + Stage used to configure a duo-based authenticator. This stage should be used for configuration flows. + + + + Authenticator type name + + + + Display name of this authenticator, used by users when they enroll an authenticator. + + + + API Hostname + Název hostitele API + + + + Duo Auth API + Duo Auth API + + + + Integration key + Klíč integrace + + + + Secret key + Secret klíč + + + + Duo Admin API (optional) + + + + When using a Duo MFA, Access or Beyond plan, an Admin API application can be created. + This will allow authentik to import devices automatically. + Při použití Duo MFA, Access nebo Beyond plánu lze vytvořit Admin API aplikaci. + Tím umožníte authentiku automaticky importovat zařízení. + + + Stage-specific settings + Specifická nastavení kroku + + + + Configuration flow + Tok konfigurace + + + + Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. + + + + Twilio Account SID + + + + Get this value from https://console.twilio.com + + + + Twilio Auth Token + + + + Authentication Type + Typ ověření + + + + Basic Auth + Základní autorizace + + + + Bearer Token + Bearer token + + + + External API URL + + + + This is the full endpoint to send POST requests to. + + + + API Auth Username + + + + This is the username to be used with basic auth or the token when used with bearer token + + + + API Auth password + + + + This is the password to be used with basic auth + + + + Mapping + Mapování + + + + Modify the payload sent to the custom provider. + + + + Stage used to configure an SMS-based TOTP authenticator. + Krok sloužící ke konfiguraci TOTP autentifikátoru založeného na SMS. + + + + Twilio + Twilio + + + + Generic + Obecný + + + + From number + + + + Number the SMS will be sent from. + + + + Hash phone number + + + + If enabled, only a hash of the phone number will be saved. This can be done for data-protection reasons. Devices created from a stage with this enabled cannot be used with the authenticator validation stage. + + + + Stage used to configure a static authenticator (i.e. static tokens). This stage should be used for configuration flows. + + + + Token count + Počet tokenů + + + + Stage used to configure a TOTP authenticator (i.e. Authy/Google Authenticator). + Krok sloužící ke konfiguraci autentizátoru TOTP (např. Authy/Google Authenticator). + + + + Digits + Číslice + + + + 6 digits, widely compatible + + + + 8 digits, not compatible with apps like Google Authenticator + + + + Stage used to validate any authenticator. This stage should be used during authentication or authorization flows. + + + + Device classes + Třídy zařízení + + + + Static Tokens + Statické tokeny + + + + TOTP Authenticators + TOTP autentikátory + + + + WebAuthn Authenticators + WebAuthn autentikátory + + + + Duo Authenticators + Duo Autentikátory + + + + SMS-based Authenticators + Autentikátory založené na SMS + + + + Device classes which can be used to authenticate. + + + + Last validation threshold + + + + Not configured action + + + + Force the user to configure an authenticator + + + + Deny the user access + Zamítnout uživateli přístup + + + + WebAuthn User verification + WebAuthn ověření uživatele + + + + User verification must occur. + Musí proběhnout oveření uživatele. + + + + User verification is preferred if available, but not required. + Ověření uživatele je upřednostňováno pokud je k dispozici, ale není vyžadováno. + + + + User verification should not occur. + + + + Configuration stages + Kroky konfigurace + + + + Stages used to configure Authenticator when user doesn't have any compatible devices. After this configuration Stage passes, the user is not prompted again. + + + + When multiple stages are selected, the user can choose which one they want to enroll. + + + + User verification + Ověření uživatele + + + + Resident key requirement + + + + Authenticator Attachment + Příloha autentikátoru + + + + No preference is sent + + + + A non-removable authenticator, like TouchID or Windows Hello + + + + A "roaming" authenticator, like a YubiKey + + + + This stage checks the user's current session against the Google reCaptcha (or compatible) service. + + + + Public Key + Veřejný klíč + + + + Public key, acquired from https://www.google.com/recaptcha/intro/v3.html. + + + + Private Key + Soukromý klíč + + + + Private key, acquired from https://www.google.com/recaptcha/intro/v3.html. + + + + Advanced settings + Rozšířená nastavení + + + + JS URL + JS URL + + + + URL to fetch JavaScript from, defaults to recaptcha. Can be replaced with any compatible alternative. + + + + API URL + API URL + + + + URL used to validate captcha response, defaults to recaptcha. Can be replaced with any compatible alternative. + + + + Prompt for the user's consent. The consent can either be permanent or expire in a defined amount of time. + + + + Always require consent + Vždy požadovat souhlas + + + + Consent expires in + Platnost souhlasu vyprší v + + + + Offset after which consent expires. + + + + Dummy stage used for testing. Shows a simple continue button and always passes. + + + + Throw error? + Vyhodit chybu? + + + + SMTP Host + SMTP hostitel + + + + SMTP Port + SMTP port + + + + SMTP Username + SMTP uživatelské jméno + + + + SMTP Password + SMTP heslo + + + + Use TLS + Použít TLS + + + + Use SSL + Použít SSL + + + + From address + Z adresy + + + + Verify the user's email address by sending them a one-time-link. Can also be used for recovery to verify the user's authenticity. + + + + Activate pending user on success + + + + When a user returns from the email successfully, their account will be activated. + + + + Use global settings + Použít globální nastavení + + + + When enabled, global Email connection settings will be used and connection settings below will be ignored. + + + + Template + Šablona + + + + Let the user identify themselves with their username or Email address. + Umožnit uživateli identifikovat se uživatelským jménem nebo emailovou adresou. + + + + User fields + Uživatelská pole + + + + UPN + UPN + + + + Fields a user can identify themselves with. If no fields are selected, the user will only be able to use sources. + + + + Password stage + Krok hesla + + + + When selected, a password field is shown on the same page instead of a separate page. This prevents username enumeration attacks. + + + + Case insensitive matching + Nerozlišování velkých a malých písem + + + + When enabled, user fields are matched regardless of their casing. + + + + Show matched user + + + + When a valid username/email has been entered, and this option is enabled, the user's username and avatar will be shown. Otherwise, the text that the user entered will be shown. + + + + Source settings + Nastavení zdroje + + + + Sources + Zdroje + + + + Select sources should be shown for users to authenticate with. This only affects web-based sources, not LDAP. + + + + Show sources' labels + + + + By default, only icons are shown for sources. Enable this to show their full names. + + + + Passwordless flow + Tok bez hesla + + + + Optional passwordless flow, which is linked at the bottom of the page. When configured, users can use this flow to authenticate with a WebAuthn authenticator, without entering any details. + + + + Optional enrollment flow, which is linked at the bottom of the page. + + + + Optional recovery flow, which is linked at the bottom of the page. + + + + This stage can be included in enrollment flows to accept invitations. + + + + Continue flow without invitation + Pokračovat v toku bez pozvánky + + + + If this flag is set, this Stage will jump to the next Stage when no Invitation is given. By default this Stage will cancel the Flow when no invitation is given. + + + + Validate the user's password against the selected backend(s). + + + + Backends + Backendy + + + + User database + standard password + + + + User database + app passwords + + + + User database + LDAP password + + + + Selection of backends to test the password against. + + + + Flow used by an authenticated user to configure their password. If empty, user will not be able to configure change their password. + + + + Failed attempts before cancel + + + + How many attempts a user has before the flow is canceled. To lock the user out, use a reputation policy and a user_write stage. + + + + Show arbitrary input fields to the user, for example during enrollment. Data is saved in the flow context under the 'prompt_data' variable. + + + + Fields + Pole + + + + Validation Policies + Zásady ověřování + + + + Selected policies are executed when the stage is submitted to validate the data. + + + + Delete the currently pending user. CAUTION, this stage does not ask for confirmation. Use a consent stage to ensure the user is aware of their actions. + + + Log the currently pending user in. + Přihlásit aktuálně čekajícího uživatele. + + + + Session duration + Doba trvání relace + + + + Determines how long a session lasts. Default of 0 seconds means that the sessions lasts until the browser is closed. + + + + Different browsers handle session cookies differently, and might not remove them even when the browser is closed. + + + + See here. + Podívejte se zde. + + + + Stay signed in offset + + + + If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here. + + + + Terminate other sessions + + + + When enabled, all previous sessions of the user will be terminated. + + + + Remove the user from the current session. + + + + Write any data from the flow's context's 'prompt_data' to the currently pending user. If no user + is pending, a new user is created, and data is written to them. + + + Never create users + Nikdy nevytvářet uživatele + + + + When no user is present in the flow context, the stage will fail. + + + + Create users when required + + + + When no user is present in the the flow context, a new user is created. + + + + Always create new users + Vždy vytvořit nové uživatele + + + + Create a new user even if a user is in the flow context. + + + + Create users as inactive + Vytvářet uživatele jako neaktivní + + + + Mark newly created users as inactive. + Označit nově vytvořené uživatele jako neaktivní. + + + + User path template + + + + Path new users will be created under. If left blank, the default path will be used. + + + + Newly created users are added to this group, if a group is selected. + + + + New stage + Nový krok + + + + Create a new stage. + Vytvořit nový krok. + + + + Successfully imported device. + Zařízení úspěšně importováno. + + + + The user in authentik this device will be assigned to. + + + + Duo User ID + + + + The user ID in Duo, can be found in the URL after clicking on a user. + + + + Automatic import + Automatický import + + + + Successfully imported devices. + + + + Start automatic import + + + + Or manually import + + + + Stages are single steps of a Flow that a user is guided through. A stage can only be executed from within a flow. + + + + Flows + Toky + + + + Stage(s) + Krok(y) + + + + Import + Import + + + + Import Duo device + + + + Successfully updated flow. + Tok byl úspěšně aktualizován. + + + + Successfully created flow. + Tok byl úspěšně vytvořen. + + + + Shown as the Title in Flow pages. + Zobrazeno jako název na stránkách toků. + + + + Visible in the URL. + + + + Designation + Označení + + + + Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik. + + + + No requirement + Žádný požadavek + + + + Require authentication + Vyžadovat ověření + + + + Required authentication level for this flow. + Požadovaná úroveň ověření pro tento tok. + + + + Behavior settings + Nastavení chování + + + + Compatibility mode + Režim kompatibility + + + + Increases compatibility with password managers and mobile devices. + + + + Denied action + Zamítnutá akce + + + + Will follow the ?next parameter if set, otherwise show a message + + + + Will either follow the ?next parameter or redirect to the default interface + + + + Will notify the user the flow isn't applicable + Upozorní uživatele, že tok není použitelný + + + + Decides the response when a policy denies access to this flow for a user. + + + + Appearance settings + Nastavení vzhledu + + + + Layout + Rozvržení + + + + Background + Pozadí + + + + Background shown during execution. + + + + Clear background + Vymazat pozadí + + + + Delete currently set background image. + Smazat aktuálně nastavený obrázek na pozadí. + + + + Successfully imported flow. + Tok byl úspěšně importován. + + + + .yaml files, which can be found on goauthentik.io and can be exported by authentik. + + + + Flows describe a chain of Stages to authenticate, enroll or recover a user. Stages are chosen based on policies applied to them. + + + + Flow(s) + Tok(y) + + + + Update Flow + Aktualizovat tok + + + + Create Flow + Vytvořit tok + + + + Import Flow + Importovat tok + + + + Successfully cleared flow cache + Úspěšně vymazána mezipaměť toku + + + + Failed to delete flow cache + Nepodařilo se odstranit mezipaměť toku + + + + Clear Flow cache + Vymazat mezipamět toku + + + + Are you sure you want to clear the flow cache? + This will cause all flows to be re-evaluated on their next usage. + + + Stage binding(s) + Vazba(y) kroku + + + + Stage type + Typ kroku + + + + Edit Stage + Upravit krok + + + + Update Stage binding + Aktualizovat vazbu kroku + + + + These bindings control if this stage will be applied to the flow. + + + + No Stages bound + Nejsou přiřazené žádné kroky + + + + No stages are currently bound to this flow. + K tomuto toku nejsou přiřazené žádné kroky. + + + + Create Stage binding + Vytvořit přiřazení kroku + + + + Bind existing stage + Přiřadit existující krok + + + + Flow Overview + Přehled toku + + + + Related actions + Související akce + + + + Execute flow + Spustit tok + + + + Normal + Normální + + + + with current user + s aktuálním uživatelem + + + + with inspector + s inspektorem + + + + Export flow + Exportovat tok + + + + Export + Exportovat + + + + Stage Bindings + Přiřazení kroků + + + + These bindings control which users can access this flow. + + + + Event Log + Záznam událostí + + + + Event + Událost + + + + + Event info + Informace o události + + + + Created + Vytvořeno + + + + Successfully updated transport. + Transport byl úspěšně aktualizován. + + + + Successfully created transport. + + + + Local (notifications will be created within authentik) + + + + Webhook (generic) + Webhook (obecný) + + + + Webhook (Slack/Discord) + Webhook (Slack/Discord) + + + + Webhook URL + Webhook URL + + + + Send once + Poslat jednou + + + + Only send notification once, for example when sending a webhook into a chat channel. + + + + Notification Transports + Transporty oznámení + + + + Define how notifications are sent to users, like Email or Webhook. + + + + Notification transport(s) + Transport(y) oznámení + + + + Update Notification Transport + + + + Create Notification Transport + + + + Successfully updated rule. + Pravidlo bylo úspěšně aktualizováno. + + + + Successfully created rule. + Pravidlo bylo úspěšně vytvořeno. + + + + Select the group of users which the alerts are sent to. If no group is selected the rule is disabled. + + + + Transports + Transporty + + + + Select which transports should be used to notify the user. If none are selected, the notification will only be shown in the authentik UI. + + + + Severity + Závažnost + + + + Notification Rules + Pravidla oznámení + + + + Send notifications whenever a specific Event is created and matched by policies. + + + + Sent to group + + + + Notification rule(s) + Pravidla oznámení + + + + None (rule disabled) + + + + Update Notification Rule + Změnit pravidlo pro upozornění + + + + Create Notification Rule + Vytvořit pravidlo pro upozornění + + + + These bindings control upon which events this rule triggers. +Bindings to groups/users are checked against the user of the event. + + + Outpost Deployment Info + + + + View deployment documentation + + + + Click to copy token + + + + If your authentik Instance is using a self-signed certificate, set this value. + + + + If your authentik_host setting does not match the URL you want to login with, add this setting. + + + + Successfully updated outpost. + + + + Successfully created outpost. + + + + Radius + Radius + + + + Integration + Integrace + + + + Selecting an integration enables the management of the outpost by authentik. + + + + Configuration + Konfigurace + + + + See more here: + + + + Documentation + Dokumentace + + + + Last seen + Naposledy viděn + + + + , should be + + , mělo by být + + + + + Hostname + Název hostitele + + + + Not available + Není k dispozici + + + + Unknown type + Neznámý typ + + + + Outposts + Outposty + + + + Outposts are deployments of authentik components to support different environments and protocols, like reverse proxies. + + + + Health and Version + Zdraví a verze + + + + Warning: authentik Domain is not configured, authentication will not work. + + + + Logging in via . + Přihlášuji pomocí + . + + + + No integration active + + + + Update Outpost + + + + View Deployment Info + + + + Detailed health (one instance per column, data is cached so may be out of date) + + + + Outpost(s) + Outposty + + + + Create Outpost + + + + Successfully updated integration. + Integrace byla úspěšně aktualizována. + + + + Successfully created integration. + Integrace byla úspěšně vytvořena. + + + + Local + Místní + + + + If enabled, use the local connection. Required Docker socket/Kubernetes Integration. + + + + Docker URL + Docker URL + + + + CA which the endpoint's Certificate is verified against. Can be left empty for no validation. + + + + TLS Authentication Certificate/SSH Keypair + + + + Certificate/Key used for authentication. Can be left empty for no authentication. + + + + When connecting via SSH, this keypair is used for authentication. + + + + Kubeconfig + Kubeconfig + + + + Verify Kubernetes API SSL Certificate + + + + New outpost integration + + + + Create a new outpost integration. + + + + State + Stav + + + + Unhealthy + Nezdravý + + + + Outpost integration(s) + + + + Successfully generated certificate-key pair. + + + + Common Name + Common Name + + + + Subject-alt name + + + + Optional, comma-separated SubjectAlt Names. + + + + Validity days + Platnost ve dnech + + + + Successfully updated certificate-key pair. + Pár certifikátu a klíče byl úspěšně aktualizován. + + + + Successfully created certificate-key pair. + Pár certifikátu a klíče byl úspěšně vytvořen. + + + + PEM-encoded Certificate data. + + + + Optional Private Key. If this is set, you can use this keypair for encryption. + + + + Certificate-Key Pairs + Páry certifikát-klíč + + + + Import certificates of external providers or create certificates to sign requests with. + + + + Private key available? + + + + Certificate-Key Pair(s) + Pár(y) certifikát-klíč + + + + Managed by authentik + + + + Managed by authentik (Discovered) + + + + Yes () + Ano ( + ) + + + + No + Ne + + + + Update Certificate-Key Pair + + + + Certificate Fingerprint (SHA1) + + + + Certificate Fingerprint (SHA256) + + + + Certificate Subject + Předmět certifikátu + + + + Download Certificate + Stáhnout certifikát + + + + Download Private key + + + + Create Certificate-Key Pair + + + + Generate + Generovat + + + + Generate Certificate-Key Pair + + + + Successfully updated instance. + Instance byla úspěšně aktualizována. + + + + Successfully created instance. + Instance byla úspěšně vytvořena. + + + + Disabled blueprints are never applied. + + + + Local path + Místní cesta + + + + OCI Registry + OCI registr + + + + Internal + Interní + + + + OCI URL, in the format of oci://registry.domain.tld/path/to/manifest. + + + + See more about OCI support here: + + + + Blueprint + Plán + + + + Configure the blueprint context, used for templating. + + + + Orphaned + Osiřelé + + + + Blueprints + Plány + + + + Automate and template configuration within authentik. + + + + Last applied + Naposledy použito + + + + Blueprint(s) + Plán(y) + + + + Update Blueprint + Aktualizovat plán + + + + Create Blueprint Instance + + + + API Requests + Požadavky API + + + + Open API Browser + + + + Notifications + Oznámení + + + + unread + + nepřečtených + + + + Successfully cleared notifications + + + + Clear all + Vymazat vše + + + + User interface + Uživatelské rozhraní + + + + Dashboards + Ovládací panely + + + + Events + Události + + + + Logs + Protokoly + + + + Directory + Adresář + + + + System + Systém + + + + Certificates + Certifkáty + + + + Outpost Integrations + + + + API request failed + + + + User's avatar + Avatar uživatele + + + + Something went wrong! Please try again later. + Něco se pokazilo! Zkuste to znovu později. + + + + Request ID + ID požadavku + + + + You may close this page now. + Nyní můžete tuto stránku zavřít. + + + + You're about to be redirect to the following URL. + Budete přesměrováni na následující URL. + + + + Follow redirect + Následovat přesměrování + + + + Request has been denied. + Požadavek byl zamítnut. + + + + Not you? + Nejste to vy? + + + + Need an account? + Potřebujete účet? + + + + Sign up. + Zaregistrovat se. + + + + Forgot username or password? + Zapomněli jste uživatelské jméno nebo heslo? + + + + Or + nebo + + + + Use a security key + + + + Login to continue to . + Přihlášte se pro pokračování na + . + + + + Please enter your password + Prosím zadejte své heslo + + + + Forgot password? + Zapomněli jste heslo? + + + + Application requires following permissions: + Aplikace vyžaduje následující oprávnění: + + + + Application already has access to the following permissions: + Aplikace již má přístup k následujícím oprávněním: + + + + Application requires following new permissions: + Aplikace vyžaduje následující nová oprávnění: + + + + Check your Inbox for a verification email. + + + + Send Email again. + Poslat email znovu. + + + + Successfully copied TOTP Config. + Úspěšně zkopírováno nastavení TOTP. + + + + Copy + Kopírovat + + + + Code + Kód + + + + Please enter your TOTP Code + Zadejte prosím svůj TOTP kód + + + + Duo activation QR code + + + + Alternatively, if your current device has Duo installed, click on this link: + + + + Duo activation + Aktivace Duo + + + + Check status + Zkontrolovat stav + + + + Make sure to keep these tokens in a safe place. + + + + Phone number + Telefonní číslo + + + + Please enter your Phone number. + Prosím zadejte své telefonní číslo. + + + + Please enter the code you received via SMS + Prosím zadejte kód který vám přišel v SMS + + + + A code has been sent to you via SMS. + Na vaše číslo byl odeslám SMS kód. + + + + Open your two-factor authenticator app to view your authentication code. + Otevřete aplikaci dvoufaktorového ověřovatele a zobrazte svůj ověřovací kód. + + + + Static token + Statický token + + + + Authentication code + Ověřovací kód + + + + Please enter your code + Prosím zadejte svůj kód + + + + Retry authentication + Opakovat ověření + + + + Duo push-notifications + Duo push-notifikace + + + + Receive a push notification on your device. + + + + Authenticator + Autentikátor + + + + Use a security key to prove your identity. + + + + Traditional authenticator + Tradiční autentikátor + + + + Use a code-based authenticator. + + + + Recovery keys + Klíče pro obnovu + + + + In case you can't access any other method. + V případě že nemáte k dispozici žádnou jinou metodu. + + + + SMS + SMS + + + + Tokens sent via SMS. + + + + Select an authentication method. + + + + Stay signed in? + Zůstat přihlášen? + + + + Select Yes to reduce the number of times you're asked to sign in. + + + + Authenticating with Plex... + + + + Waiting for authentication... + + + + If no Plex popup opens, click the button below. + + + + Open login + Otevřít přihlášení + + + + Authenticating with Apple... + + + + Retry + Znovu + + + + Enter the code shown on your device. + + + + Please enter your Code + + + + You've successfully authenticated your device. + + + + Flow inspector + Inspektor toku + + + + Next stage + Další krok + + + + Stage name + Název kroku + + + + Stage kind + Druh kroku + + + + Stage object + Objekt kroku + + + + This flow is completed. + Tento tok je dokončen. + + + + Plan history + + + + Current plan context + + + + Session ID + ID relace + + + + Powered by authentik + + + + Error creating credential: + + + + Server validation of credential failed: + + + + Refer to documentation + + + No Applications available. + Nejsou k dispozici žádné aplikace. + + + + Either no applications are defined, or you don’t have access to any. + + + My Applications + Moje aplikace + + + + My applications + Moje aplikace + + + + Change your password + Změna hesla + + + + Change password + Změnit heslo + + + + + + + + + + + Save + Uložit + + + + Delete account + Smazat účet + + + + Successfully updated details + Údaje byly úspěšně aktualizovány + + + + Open settings + Otevřít nastavení + + + + No settings flow configured. + Není nakonfigurován žádný tok nastavení. + + + + Update details + Aktualizace údajů + + + + Successfully disconnected source + + + + Failed to disconnected source: + + + + Disconnect + Odpojit + + + + Connect + Připojit + + + + Error: unsupported source settings: + + + + Connect your user account to the services listed below, to allow you to login using the service instead of traditional credentials. + Připojte svůj uživatelský účet k níže uvedeným službám, abyste se mohli přihlásit pomocí služby namísto tradičních přihlašovacích údajů. + + + + No services available. + Žádné služby nejsou k dispozici. + + + + Create App password + Vytvořit heslo aplikace + + + + User details + Údaje o uživateli + + + + Consent + Souhlas + + + + MFA Devices + MFA zařízení + + + + Connected services + Připojené služby + + + + Tokens and App passwords + Tokeny a hesla aplikací + + + + Unread notifications + Nepřečtená oznámení + + + + Admin interface + Administrátorské rozhraní + + + + Stop impersonation + Ukončit zosobnění + + + + Avatar image + Obrázek avataru + + + + Failed + Selhalo + + + + Unsynced / N/A + Nesynchronizováno / N/A + + + + Outdated outposts + + + + Unhealthy outposts + + + + Next + Další + + + + Inactive + Nektivní + + + + Regular user + Běžný uživatel + + + + Activate + Aktivovat + + + + Use Server URI for SNI verification + + + Required for servers using TLS 1.3+ + + + Client certificate keypair to authenticate against the LDAP Server's Certificate. + + + The certificate for the above configured Base DN. As a fallback, the provider uses a self-signed certificate. + + + TLS Server name + + + DNS name for which the above configured certificate should be used. The certificate cannot be detected based on the base DN, as the SSL/TLS negotiation happens before such data is exchanged. + + + TLS Client authentication certificate + + + Model + Model + + + Match events created by selected model. When left empty, all models are matched. + + + Code-based MFA Support + Podpora MFA založená na kódu + + + When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon. + Pokud je tato funkce povolena, lze vícefaktorové ověřování založené na kódu použít tak, že se k heslu připojí středník a kód TOTP. Tato funkce by měla být povolena pouze v případě, že všichni uživatelé, kteří se budou vázat k tomuto poskytovateli, mají nakonfigurované zařízení TOTP, protože jinak může být heslo nesprávně odmítnuto, pokud obsahuje středník. + + + User type + Typ uživatele + + + Successfully updated license. + Licence byla úspěšně aktualizována. + + + Successfully created license. + Licence byla úspěšně vytvořena. + + + Install ID + Instalační ID + + + License key + Licenční klíč + + + Licenses + Licence + + + License(s) + Licence + + + Cumulative license expiry + + + Update License + Aktualizovat licence + + + Warning: The current user count has exceeded the configured licenses. + Varování: Aktuální počet uživatelů překročil načtené licence. + + + Click here for more info. + Klikněte zde pro více info. + + + Enterprise + Podnik + + + Manage enterprise licenses + Správa podnikových licencí + + + No licenses found. + Nebyly nalezeny žádné licence. + + + Send us feedback! + + + Go to Customer Portal + + + Forecast internal users + + + Estimated user count one year from now based on current internal users and forecasted internal users. + + + Forecast external users + + + Estimated user count one year from now based on current external users and forecasted external users. + + + Install + Instalovat + + + Install License + Instalovat licence + + + Internal users might be users such as company employees, which will get access to the full Enterprise feature set. + + + External users might be external consultants or B2C customers. These users don't get access to enterprise features. + + + Service accounts should be used for machine-to-machine authentication or other automations. + + + More details + Více detailů + + + Remove item + Odstranit položku + + + Open API drawer + + + Open Notification drawer + + + Restart task + Restartovat úlohu + + + Add provider + Přidat poskytovatele + + + Open + Otevřít + + + Copy token + Kopírovat token + + + Add users + Přidat uživatele + + + Add group + Přidat skupinu + + + Import devices + Importovat zařízení + + + Execute + Provést + + + Show details + Zobrazit podrobnosti + + + Apply + Použít + + + Settings + Nastavení + + + Sign out + Odhlásit + + + The number of tokens generated whenever this stage is used. Every token generated per stage execution will be attached to a single static device. + + + Token length + Délka tokenu + + + The length of the individual generated tokens. Can be increased to improve security. + + + Internal: + Interní: + + + External: + Externí: + + + Statically deny the flow. To use this stage effectively, disable *Evaluate when flow is planned* on the respective binding. + + + Create and bind Policy + Vytvořit a svázat zásadu + + + Federation and Social login + Federace a sociální přihlášení + + + Create and bind Stage + Vytvořit a svázat krok + + + Flows and Stages + Toky a kroky + + + New version available + K dispozici je nová verze + + + Failure result + Výsledek selhání + + + Pass + + + Don't pass + + + Result used when policy execution fails. + Výsledek použitý při neúspěšném provedení zásad. + + + Required: User verification must occur. + + + Preferred: User verification is preferred if available, but not required. + + + Discouraged: User verification should not occur. + + + Required: The authenticator MUST create a dedicated credential. If it cannot, the RP is prepared for an error to occur + + + Preferred: The authenticator can create and store a dedicated credential, but if it doesn't that's alright too + + + Discouraged: The authenticator should not create a dedicated credential + + + Lock the user out of this system + + + Allow the user to log in and use this system + + + Temporarily assume the identity of this user + + + Enter a new password for this user + Vložit nové heslo tohoto uživatele + + + Create a link for this user to reset their password + Vytvořit odkaz pomocí kterého si tento uživatel může obnovit heslo + + + WebAuthn requires this page to be accessed via HTTPS. + + + WebAuthn not supported by browser. + WebAuthn není podporováno prohlížečem. + + + Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a managed outpost, this is done for you). + + + Default relay state + + + When using IDP-initiated logins, the relay state will be set to this value. + + + Flow Info + Informace o toku + + + Stage used to configure a WebAuthn authenticator (i.e. Yubikey, FaceID/Windows Hello). + +<<<<<<< HEAD + + Internal application name used in URLs. + + + Submit + Odeslat + + + UI Settings + Nastavení UI + + + Your application has been saved + + + Method's display Name. + + + Custom attributes + Vlastní atributy + + + Don't show this message again. + Tuto zprávu již nezobrazovat. + + + Failed to fetch + + + Failed to fetch data. + + + Successfully assigned permission. + + + Role + Role + + + Assign + Přiřadit + + + Assign permission to role + + + Assign to new role + + + Directly assigned + Přímo přiděleno + + + Assign permission to user + + + Assign to new user + + + User Object Permissions + + + Role Object Permissions + + + Roles + Role + + + Select roles to grant this groups' users' permissions from the selected roles. + + + Update Permissions + Aktualizovat oprávnění + + + Editing is disabled for managed tokens + + + Permissions to add + + + Select permissions + Vybrat oprávnění + + + Assign permission + Přidělit oprávnění + + + Permission(s) + Oprávnění + + + Permission + Oprávnění + + + User doesn't have view permission so description cannot be retrieved. + + + Assigned global permissions + + + Assigned object permissions + + + Successfully updated role. + Role byla úspěšně aktualizována. + + + Successfully created role. + Role byla úspěšně vytvořena. + + + Manage roles which grant permissions to objects within authentik. + Spravujte role, které udělují oprávnění objektům v rámci authentiku. + + + Role(s) + Role + + + Update Role + Aktualizovat roli + + + Create Role + Vytvořit roli + + + Role doesn't have view permission so description cannot be retrieved. + + + Role + Role + + + Role Info + Informace o roli + + + Pseudolocale (for testing) + Pseudojazyk (pro testování) + + + One hint, 'New Application Wizard', is currently hidden + + + Deny message + Zpráva odmítnutí + + + Message shown when this stage is run. + Zpráva se zobrazí při spuštění tohoto kroku. + + + The token has been copied to your clipboard + + + The token was displayed because authentik does not have permission to write to the clipboard + + + A copy of this recovery link has been placed in your clipboard + + + Create recovery link + Vytvořit odkaz pro obnovení + + + Create Recovery Link + Vytvořit odkaz pro obnovení + + + External + Externí + + + Service account + Servisní účet + + + Service account (internal) + + + Check the release notes + Zkontrolovat poznámky k vydání + + + User Statistics + Statistiky uživatelů + + + User type used for newly created users. + + + Users created + Vytvoření uživatelé + + + Failed logins + Neúspěšná přihlášení + + + Also known as Client ID. + + + Also known as Client Secret. + Známý také jako Secret klienta. + + + Global status + Globální stav + + + Vendor + Výrobce + + + No sync status. + + + Sync currently running. + + + Connectivity + Konektivita + + + 0: Too guessable: risky password. (guesses &lt; 10^3) + + + 1: Very guessable: protection from throttled online attacks. (guesses &lt; 10^6) + + + 2: Somewhat guessable: protection from unthrottled online attacks. (guesses &lt; 10^8) + + + 3: Safely unguessable: moderate protection from offline slow-hash scenario. (guesses &lt; 10^10) + + + 4: Very unguessable: strong protection from offline slow-hash scenario. (guesses &gt;= 10^10) + + + Successfully created user and added to group + Uživatel byl úspěšně vytvořen a přidán do skupiny + + + This user will be added to the group "". + + + Pretend user exists + Předstírat že uživatel existuje + + + When enabled, the stage will always accept the given user identifier and continue. + + + There was an error in the application. + V aplikaci se vyskytla chyba. + + + Review the application. + + + There was an error in the provider. + + + Review the provider. + + + There was an error creating the application, but no error message was sent. Please review the server logs. + Při vytváření aplikace došlo k chybě, ale nebyla odeslána žádná chybová zpráva. Prosím zkontrolujte logy serveru. + + + Configure LDAP Provider + + + Configure Proxy Provider + + + Configure Radius Provider + + + Configure SAML Provider + + + Configure SCIM Provider + + + Event volume + Hlasitost události + + + Connection settings. + Nastavení připojení. + + + Successfully updated endpoint. + Koncový bod byl úspěšně aktualizován. + + + Successfully created endpoint. + Koncový bod byl úspěšně vytvořen. + + + Protocol + Protokol + + + RDP + RDP + + + SSH + SSH + + + VNC + VNC + + + Host + Hostitel + + + Hostname/IP to connect to. + + + Endpoint(s) + Koncové body + + + Update Endpoint + Aktualizovat koncový bod + + + These bindings control which users will have access to this endpoint. Users must also have access to the application. + + + Create Endpoint + Vytvořit koncový bod + + + Update RAC Provider + + + Endpoints + Koncové body + + + General settings + Obecná nastavení + + + RDP settings + Nastavení RDP + + + Ignore server certificate + + + Enable wallpaper + Povolit tapetu + + + Enable font-smoothing + Povolit vyhlazování písma + + + Enable full window dragging + + + Network binding + Síťová vazba + + + No binding + Bez vazby + + + Bind ASN + Svázat ASN + + + Bind ASN and Network + + + Bind ASN, Network and IP + + + Configure if sessions created by this stage should be bound to the Networks they were created in. + + + GeoIP binding + GeoIP vazba + + + Bind Continent + Svázat kontinent + + + Bind Continent and Country + + + Bind Continent, Country and City + + + Configure if sessions created by this stage should be bound to their GeoIP-based location + + + RAC + RAC + + + Connection failed after attempts. + + + Re-connecting in second(s). + Opětovné připojení za sekund. + + + Connecting... + Připojování... + + + Select endpoint to connect to + + + Connection expiry + Uplynutí platnosti připojení + + + Determines how long a session lasts before being disconnected and requiring re-authorization. + + + Learn more + Zjistit více + + + Maximum concurrent connections + Maximum současných připojení + + + Maximum concurrent allowed connections to this endpoint. Can be set to -1 to disable the limit. + Maximum povolených současných připojení na tento koncový bod. Pro zakázání limitu může být nastaveno na -1. + + + Korean + Korejština + + + Dutch + Holandština + + + Brand + Značka + + + Successfully updated brand. + Značka byla úspěšně aktualizována. + + + Successfully created brand. + Značka byla úspěšně vytvořena. + + + Use this brand for each domain that doesn't have a dedicated brand. + Použít tuto značku pro každou doménu, která nemá vlastní značku. + + + Set custom attributes using YAML or JSON. Any attributes set here will be inherited by users, if the request is handled by this brand. + + + Brands + Značky + + + Brand(s) + Značka(y) + + + Update Brand + Aktualizovat značku + + + Create Brand + Vytvořit značku + + + To let a user directly reset a their password, configure a recovery flow on the currently active brand. + + + Successfully updated settings. + Nastavení bylo úspěšně aktualizováno. + + + Avatars + Avatary + + + Configure how authentik should show avatars for users. The following values can be set: + + + Disables per-user avatars and just shows a 1x1 pixel transparent picture + + + Uses gravatar with the user's email address + Použije gravatar s emailem uživatele + + + Generated avatars based on the user's name + Generované obrázky na základě jména uživatele + + + Any URL: If you want to use images hosted on another server, you can set any URL. Additionally, these placeholders can be used: + + + The user's username + Uživatelské jméno uživatele + + + The email address, md5 hashed + + + The user's UPN, if set (otherwise an empty string) + + + An attribute path like + attributes.something.avatar, which can be used in + combination with the file field to allow users to upload custom + avatars for themselves. + + + Multiple values can be set, comma-separated, and authentik will fallback to the next mode when no avatar could be found. + + + For example, setting this to gravatar,initials will + attempt to get an avatar from Gravatar, and if the user has not + configured on there, it will fallback to a generated avatar. + + + Allow users to change name + Povolit uživatelům změnu jména + + + Enable the ability for users to change their name. + Umožní uživatelům změnit své jméno. + + + Allow users to change email + Povolit uživatelům změnu emailu + + + Enable the ability for users to change their email. + Umožní uživatelům změnit svou emailovou adresu. + + + Allow users to change username + Povolit uživatelům změnu uživatelského jména + + + Enable the ability for users to change their username. + Umožní uživatelům změnu uživatelského jména. + + + Footer links + Odkazy v zápatí + + + GDPR compliance + Soulad s GDPR + + + When enabled, all the events caused by a user will be deleted upon the user's deletion. + + + Impersonation + Zosobnění + + + Globally enable/disable impersonation. + Globální povolení/zakázání zosobnění. + + + System settings + Systémová nastavení + + + Changes made: + Provedené změny: + + + Key + Klíč + + + Previous value + Předchozí hodnota + + + New value + Nová hodnota + + + Raw event info + + + Anonymous user + Anonymní uživatel + + + Add All Available + + + Remove All Available + + + Remove All + Odstranit vše + + + Available options + Dostupné možnosti + + + Selected options + Vybrané možnosti + + + item(s) marked to add. + položka(y) označené k přidání. + + + item(s) selected. + Vybráno položek. + + + item(s) marked to remove. + položka(y) označené ke smazání. + + + Available Applications + Dostupné aplikace + + + Selected Applications + Vybrané aplikace + + + Last used + Naposledy použito + + + OAuth Access Tokens + + + Credentials / Tokens + Pověření / tokeny + + + Permissions set on users which affect this object. + + + Permissions set on roles which affect this object. + + + Permissions assigned to this user which affect all object instances of a given type. + + + Permissions assigned to this user affecting specific object instances. + + + Permissions assigned to this role which affect all object instances of a given type. + + + JWT payload + JWT payload + + + Preview for user + + + Brand name + Název značky + + + Delete authorization on disconnect + + + When enabled, connection authorizations will be deleted when a client disconnects. This will force clients with flaky internet connections to re-authorize the endpoint. + + + Connection Token(s) + Tokeny připojení + + + Endpoint + Koncový bod + + + Connections + Spojení + + + Unconfigured + Nekonfigurované + + + This option will not be changed by this mapping. + + + RAC Connections + RAC připojení + + + Sending Duo push notification... + + + Failed to authenticate + + + Authenticating... + Ověřování... + + + Customization + Přizpůsobení + + + Authentication failed. Please try again. + + + Failed to register. Please try again. + + + Registering... + Registrace... + + + Failed to register + + + Retry registration + Opakovat registraci + + + Select one of the options below to continue. + + + Latest version unknown + Nejnovější verze není známa + + + Timestamp + Časové razítko + + + Time + Čas + + + Level + Úroveň + + + Event + Událost + + + Logger + Logger + + + Update internal password on login + Při přihlášení aktualizovat interní heslo + + + When the user logs in to authentik using this source password backend, update their credentials in authentik. + + + Source + Zdroj + + + Resume timeout + Časový limit pokračování + + + Amount of time a user can take to return from the source to continue the flow. + + + Your Install ID + + + Enter the email associated with your account, and we'll send you a link to reset your password. + Zadejte e-mail spojený s vaším účtem a my vám zašleme odkaz pro obnovení hesla. + + + Stage name: + Název kroku: + + + Please scan the QR code above using the Microsoft Authenticator, Google Authenticator, or other authenticator apps on your device, and enter the code the device displays below to finish setting up the MFA device. + Naskenujte výše uvedený QR kód pomocí aplikace Microsoft Authenticator, Google Authenticator nebo jiné autentizační aplikace ve svém zařízení a zadejte kód, který zařízení zobrazí níže, pro dokončení nastavení MFA zařízení. + + + Inject an OAuth or SAML Source into the flow execution. This allows for additional user verification, or to dynamically access different sources for different user identifiers (username, email address, etc). + + + A selection is required + + + Device type restrictions + + + Available Device types + + + Selected Device types + + + Optionally restrict which WebAuthn device types may be used. When no device types are selected, all devices are allowed. + + + If the user has successfully authenticated with a device in the classes listed above within this configured duration, this stage will be skipped. + + + WebAuthn-specific settings + Specifická nastavení WebAuthn + + + WebAuthn Device type restrictions + Omezení typu zařízení WebAuthn + + + This restriction only applies to devices created in authentik 2024.4 or later. + + + Default token duration + + + Default duration for generated tokens + + + Default token length + + + Default length of generated tokens + + + deleted + smazáno + + + Select permissions to assign + + + Update SCIM Source + + + SCIM Base URL + + + Provisioned Users + Poskytnutí uživatelé + + + Provisioned Groups + Poskytnutí skupiny + + + removed + odstraněno + + + Verifying... + Ověřování... + + + Request failed. Please try again later. + Požadavek se nezdařil. Zkuste to znovu později. + + + Available Roles + Dostupné role + + + Selected Roles + Vybrané role + + + Internal Service accounts are created and managed by authentik and cannot be created manually. + + + Private key Algorithm + + + RSA + RSA + + + ECDSA + ECDSA + + + Algorithm used to generate the private key. + + + Added ID + + + Removed ID + + + Cleared + Vymazáno + + + Google Workspace Provider + + + Credentials + Pověření + + + Delegated Subject + Delegovaný předmět + + + Default group email domain + + + Default domain that is used to generate a group's email address. Can be customized using property mappings. + + + User deletion action + + + User is deleted + + + Suspend + Pozastavit + + + User is suspended, and connection to user in authentik is removed. + + + Do Nothing + Nedělat nic + + + The connection is removed but the user is not modified + + + Determines what authentik will do when a User is deleted. + + + Group deletion action + + + Group is deleted + + + The connection is removed but the group is not modified + + + Determines what authentik will do when a Group is deleted. + + + Microsoft Entra Provider + + + Google Cloud credentials file. + + + Email address of the user the actions of authentik will be delegated to. + + + Client ID for the app registration. + + + Client secret for the app registration. + Secret klienta pro registraci aplikace. + + + Tenant ID + + + ID of the tenant accounts will be synced into. + + + Update Microsoft Entra Provider + + + Finished successfully + Úspěšně dokončeno + + + Finished with errors + Dokončeno s chybami + + + Sync currently running + + + Update Google Workspace Provider + + + Enterprise only + Pouze podnik + + + Icon + ikona + + + (build ) + (sestavení ) + + + (FIPS) + (FIPS) + + + Score minimum threshold + + + Minimum required score to allow continuing + + + Score maximum threshold + + + Maximum allowed score to allow continuing + + + Error on invalid score + + + When enabled and the resultant score is outside the threshold, the user will not be able to continue. When disabled, the user will be able to continue and the score can be used in policies to customize further stages. + + + Microsoft Entra Group(s) + + + Microsoft Entra User(s) + + + Google Workspace Group(s) + + + Google Workspace User(s) + + + SCIM Group(s) + SCIM skupina(y) + + + SCIM User(s) + SCIM uživatel(é) + + + FIPS compliance: passing + + + Unverified + Neověřeno + + + FIPS compliance: unverified + + + FIPS Status + Stav FIPS + + + Search returned no results. + + + Reputation score(s) + + + See documentation + Viz dokumentace + + + Close dialog + Zavřít dialog + + + Pagination + Stránkování + + + Restore Application Wizard Hint + + + Your authentik password + Vaše authentik heslo + + + Internal Service account + Interní servisní účet + + + Global + Globální + + + Outpost integrations + + + Outpost integrations define how authentik connects to external platforms to manage and deploy Outposts. + + + Operation failed to complete + + + Failed to fetch objects: + + + Available Scopes + Dostupné scopes + + + Selected Scopes + Vybrané scopes + + + Available Property Mappings + + + Selected Property Mappings + + + Available User Property Mappings + + + Selected User Property Mappings + + + Available Group Property Mappings + + + Selected Group Property Mappings + + + Ensure the user satisfies requirements of geography or network topology, based on IP address. If any of the configured values match, the policy passes. + + + ASNs + ASNs + + + List of autonomous system numbers. Comma separated. E.g. 13335, 15169, 20940 + + + Countries + Země + + + Available Countries + Dostupné země + + + Selected Countries + Vybrané země + + + Bind existing policy/group/user + Svázat existující zásadu/skupinu/uživatele + + + Property mappings for user creation. + + + Property mappings for group creation. + + + Link to a group with identical name. Can have security implications when a group is used with another source + + + Use the group's name, but deny enrollment when the name already exists + + + Group matching mode + + + OAuth Attribute mapping + + + Plex Attribute mapping + + + Encryption Certificate + Šifrovací certifikát + + + When selected, encrypted assertions will be decrypted using this keypair. + + + SAML Attribute mapping + + + SCIM Attribute mapping + + + External user settings + Nastavení externího uživatele + + + Default application + Výchozí aplikace + + + When configured, external users will automatically be redirected to this application when not attempting to access a different application + + + Warning: One or more license(s) have expired. + Upozornění: Jedné nebo více licencím vypršela platnost. + + + Warning: One or more license(s) will expire within the next 2 weeks. + Upozornění: Jedné nebo více licencím vyprší platnost během následujících 2 týdnů. + + + Caution: This authentik instance has entered read-only mode due to expired/exceeded licenses. + + + This authentik instance uses a Trial license. + Tato instance authentik používá zkušební licenci. + + + This authentik instance uses a Non-production license. + + + Access Tokens(s) + Přístupové tokeny + + + Created at + Vytvořeno + + + Last updated at + Naposledy aktualizováno v + + + Last used at + Naposledy použito v + + + Provide users with a 'show password' button. + Zpřístupnit uživatelům tlačítko 'zobrazit heslo'. + + + Show password + Zobrazit heslo + + + Hide password + Skrýt heslo + + + An outpost is on an incorrect version! + + + Russian + Ruština + + + Last seen: () + + + Sign assertions + + + When enabled, the assertion element of the SAML response will be signed. + + + Sign responses + + + When selected, assertions will be encrypted using this keypair. + + + Available Sources + Available zdroje + + + Selected Sources + Vybrané zdroje + + + Successfully triggered sync. + + + Sync + Synchronizovat + + + Sync User + Synchronizovat uživatele + + + Available Stages + Dostupné kroky + + + Selected Stages + Vybrané kroky + + + Available Fields + Dostupná pole + + + Selected Fields + Vybraná pole + + + Available Transports + Dostupné transporty + + + Selected Transports + Vybrané transporty + + + Expired + Expirované + + + Expiring soon + Brzy vyprší + + + Unlicensed + Nelicencované + + + Read Only + Pouze pro čtení + + + Valid + Platné + + + Current license status + Aktuální stav licence + + + Overall license status + Celkový stav licence + + + Internal user usage + + + % + % + + + External user usage + + + Matches Event's Client IP (strict matching, for network matching use an Expression Policy). + + + Invalid update request. + + + Sync Group + Synchronizovat skupinu + + + ("", of type ) + + + Parent Group + Rodičovská skupina + + + Flow used when logging out of this provider. + + + Unbind flow + Zrušení vazby toku + + + Flow used for unbinding users. + Tok používaný pro zrušení vazby uživatelů. + + + Verify SCIM server's certificates + + + You've logged out of . You can go back to the overview to launch another application, or log out of your authentik account. + Odhlásili jste se z . Můžete se vrátit na přehled a spustit jinou aplikaci nebo se odhlásit z účtu authentik. + + + Go back to overview + Vrátit se na přehled + + + Log out of + Odhlásit se z + + + Log back into + Přihlásit se zpět do + + + Encryption Key + Šifrovací klíč + + + Key used to encrypt the tokens. + Klíč používaný k šifrování tokenů. + + + Device type cannot be deleted + + + Stage used to verify users' browsers using Google Chrome Device Trust. This stage can be used in authentication/authorization flows. + + + Google Verified Access API + + + Device type cannot be edited + + + Advanced flow settings + Pokročilá nastavení toku + + + Enable this option to write password changes made in authentik back to Kerberos. Ignored if sync is disabled. + + + Realm settings + Nastavení realmu + + + Realm + Realm + + + Kerberos 5 configuration + + + Kerberos 5 configuration. See man krb5.conf(5) for configuration format. If left empty, a default krb5.conf will be used. + + + Sync connection settings + Nastavení synchronizačního připojení + + + Sync principal + + + Principal used to authenticate to the KDC for syncing. + + + Sync password + Synchronizovat heslo + + + Password used to authenticate to the KDC for syncing. Optional if Sync keytab or Sync credentials cache is provided. + + + Sync keytab + + + Keytab used to authenticate to the KDC for syncing. Optional if Sync password or Sync credentials cache is provided. Must be base64 encoded or in the form TYPE:residual. + + + Sync credentials cache + Synchronizovat mezipaměť pověření + + + Credentials cache used to authenticate to the KDC for syncing. Optional if Sync password or Sync keytab is provided. Must be in the form TYPE:residual. + + + SPNEGO settings + + + SPNEGO server name + + + Force the use of a specific server name for SPNEGO. Must be in the form HTTP@domain + + + SPNEGO keytab + + + Keytab used for SPNEGO. Optional if SPNEGO credentials cache is provided. Must be base64 encoded or in the form TYPE:residual. + + + SPNEGO credentials cache + + + Credentials cache used for SPNEGO. Optional if SPNEGO keytab is provided. Must be in the form TYPE:residual. + + + Kerberos Attribute mapping + + + Update Kerberos Source + + + User database + Kerberos password + + + Select another authentication method + + + Enter a one-time recovery code for this user. + + + Enter the code from your authenticator device. + + + Kerberos Source is in preview. + + + Captcha stage + Captcha krok + + + When set, adds functionality exactly like a Captcha stage, but baked into the Identification stage. + + + Endpoint Google Chrome Device Trust is in preview. + + + Interactive + Interaktivní + + + Enable this flag if the configured captcha requires User-interaction. Required for reCAPTCHA v2, hCaptcha and Cloudflare Turnstile. + + + Reason + Důvod + + + Reason for impersonating the user + Důvod vydávání se za uživatele + + + Require reason for impersonation + Požadovat důvod zosobnění + + + Require administrators to provide a reason for impersonating a user. + Požadovat, aby správci uvedli důvod, proč se za uživatele vydávají. + + + Italian + Italština + + + Add entry + Přidat položku + + + Link Title + Název odkazu + + + This option configures the footer links on the flow executor pages. The URL is limited to web and mail addresses. If the name is left blank, the URL will be shown. + + + External applications that use as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. + + + Strict + Striktní + + + Regex + Regex + + + Valid redirect URIs after a successful authorization flow. Also specify any origins here for Implicit flows. + + + To allow any redirect URI, set the mode to Regex and the value to ".*". Be aware of the possible security implications this can have. + + + Federated OIDC Sources + + + Federated OIDC Providers + + + Available Providers + Dostupní poskytovatelé + + + Selected Providers + Vybraní poskytovatelé + + + JWTs signed by the selected providers can be used to authenticate to this provider. + + + KAdmin type + + + MIT krb5 kadmin + + + Heimdal kadmin + Heimdal kadmin + + + Other + Jiné + + + Other type of kadmin + + + To let a user directly reset their password, configure a recovery flow on the currently active brand. + + + Consent given lasts indefinitely + + + Consent expires + Platnost souhlasu vyprší + + + Available Policies + Dostupné zásady + + + Selected Policies + Vybrané zásady + + + Redirect the user to another flow, potentially with all gathered context + + + Static + Statický + + + Target URL + Cílové URL + + + Redirect the user to a static URL. + + + Target Flow + Cílový tok + + + Redirect the user to a Flow. + Přesměrovat uživatele na tok. + + + Keep flow context + Zachovat kontext toku + + + Require no authentication + + + Require superuser + Vyžadovat superuživatele + + + Require being redirected from another flow + Požadovat přesměrování z jiného toku + + + Require Outpost (flow can only be executed from an outpost) + + + An application name is required + + + Not a valid URL + + + Not a valid slug + + + Configure The Application + + + Configure Bindings + Konfigurovat vazby + + + Configure Policy/User/Group Bindings + Konfigurovat zásadu/uživatele/vazby skupiny + + + No bound policies. + Žádné svázané zásady. + + + Bind policy/group/user + Svázat zásadu/skupinu/uživatele + + + Configure Policy Bindings + Konfigurace vazeb zásad + + + Don't Pass + + + Save Binding + Uložit vazbu + + + Create a Policy/User/Group Binding + Vytvořit zásadu/uživatele/vazbu skupiny + + + Please choose a provider type before proceeding. + + + Choose a Provider Type + + + Redirect URIs/Origins (RegEx) + + + Configure OAuth2 Provider + + + Configure Remote Access Provider + + + List of CIDRs (comma-seperated) that clients can connect from. A more specific CIDR will match before a looser one. Clients connecting from a non-specified CIDR will be dropped. + + + Configure Provider + Konfigurovat poskytovatele + + + strict + striktní + + + regexp + regexp + + + Review and Submit Application + + + There was an error. Please go back and review the application. + + + There was an error: + Vyskytla se chyba: + + + Please go back and review the application. + + + Review the Application and Provider + + + Saving application... + Ukládání aplikace... + + + authentik was unable to complete this process. + authentik nebyl schopný dokončit tento proces. + + + Create with wizard + Vytvořit pomocí průvodce + + + Bind existing + + + Successfully updated entitlement. + + + Successfully created entitlement. + + + Application entitlement(s) + + + Update Entitlement + + + These bindings control which users have access to this entitlement. + + + No app entitlements created. + + + This application does currently not have any application entitlement defined. + + + Create Entitlement + + + Create entitlement + + + Application entitlements + + + Application entitlements are in preview. + + + These entitlements can be used to configure user access in this application. + + + Worker with incorrect version connected. + + + (Format: hours=-1;minutes=-2;seconds=-3). + + + (Format: hours=1;minutes=2;seconds=3). + + + Key used to sign the events. + + + Event Retention + + + Determines how long events are stored for. If an event could not be sent correctly, its expiration is also increased by this duration. + + + OIDC Providers + + + SSF Provider is in preview. + + + Update SSF Provider + + + Streams + + + authentik Logo + + + Release + + + Development + + + UI Version + + + Build + Sestavení + + + Python version + + + Platform + Platforma + + + Kernel + Jádro + + + OpenSSL + OpenSSL + + + A newer version () of the UI is available. + Je k dispozici novější verze () UI. + + + No notifications found. + + + You don't have any notifications currently. + Aktuálně nemáte žádná upozornění. + + + Version + Verze + + + Last password change + Poslední změna hesla + + + Evaluate policies before the Stage is presented to the user. + + + Can be in the format of unix:// when connecting to a local + docker daemon, using ssh:// to connect via SSH, or + https://:2376 when connecting to a remote system. + + + When using an external logging solution for archiving, this can be + set to minutes=5. + + + Idle + + + Connecting + Připojování + + + Waiting + Čekání + + + Connected + Připojeno + + + Disconnecting + Odpojování + + + Disconnected + Odpojeno + + + Fewer details + Méně detailů + + + Create a new application and configure a provider for it. + + + Using this form will only create an Application. In order to authenticate with the application, you will have to manually pair it with a Provider. + + + Distance settings + + + Check historical distance of logins + + + When this option enabled, the GeoIP data of the policy request is compared to the specified number of historical logins. + + + Maximum distance + + + Maximum distance a login attempt is allowed from in kilometers. + + + Distance tolerance + + + Tolerance in checking for distances in kilometers. + + + Historical Login Count + + + Amount of previous login events to check against. + + + Check impossible travel + Kontrolovat nemožné cestování + + + When this option enabled, the GeoIP data of the policy request is compared to the specified number of historical logins and if the travel would have been possible in the amount of time since the previous event. + + + Impossible travel tolerance + + + Static rule settings + + + Create with Provider + + + Email address the verification email will be sent from. + + + Stage used to configure an email-based authenticator. + + + Use global connection settings + + + When enabled, global email connection settings will be used and connection settings below will be ignored. + + + Subject of the verification email. + + + Token expiration + + + Time the token sent is valid (Format: hours=3,minutes=17,seconds=300). + + + Email-based Authenticators + + + Caps Lock is enabled. + CapsLock je zapnutý. + + + Configure your email + Nastavte svůj email + + + Please enter your email address. + Zadejte vaši emailovou adresu. + + + Please enter the code you received via email + Zadejte kód z emailu. + + + A code has been sent to you via email + Na vaši emailovou adresu byl odeslán kód + + + Tokens sent via email. + + + Enable dry-run mode + + + When enabled, mutating requests will be dropped and logged instead. + + + Override dry-run mode + + + When enabled, this sync will still execute mutating requests regardless of the dry-run mode in the provider. + + + Dry-run + Nanečisto + + + Successfully cleared application cache + + + Failed to delete application cache + + + Clear Application cache + + + Are you sure you want to clear the application cache? This will cause all policies to be re-evaluated on their next usage. + + + No name set + + + Show inactive users + Zobrazit deaktivované uživatele + + + Time the token sent is valid. + + + Compatibility Mode + Režim kompatibility + + + Default behavior. + Výchozí chování. + + + AWS + AWS + + + Altered behavior for usage with Amazon Web Services. + + + Slack + Slack + + + Altered behavior for usage with Slack. + + + Alter authentik's behavior for vendor-specific SCIM implementations. + + + AuthnContextClassRef Property Mapping + + + Configure how the AuthnContextClassRef value will be created. When left empty, the AuthnContextClassRef will be set based on which authentication methods the user used to authenticate. + + + SSF URL + + + No assigned application + + + Custom CSS + + + Custom CSS to apply to pages when this brand is active. + + + Default flow background + + + Default background used during flow execution. Can be overridden per flow. + + + Task + Úloha + + + Finished + Dokončeno + + + Webhook Body Mapping + + + Webhook Header Mapping + + + Failed to preview prompt + + + Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...'. When selecting 'Lookup using a user attribute', this should be a user attribute, otherwise a group attribute. + + + Lookup using user attribute + + + Field which contains DNs of groups the user is a member of. This field is used to lookup groups from users, e.g. 'memberOf'. To lookup nested groups in an Active Directory environment use 'memberOf:1.2.840.113556.1.4.1941:'. + + + Initial Permissions + + + Unknown Initial Permissions mode + + + Successfully updated initial permissions. + + + Successfully created initial permissions. + + + When a user with the selected Role creates an object, the Initial Permissions will be applied to that object. + + + The Initial Permissions can either be placed on the User creating the object, or the Role selected in the previous field. + + + Available Permissions + + + Selected Permissions + + + Permissions to grant when a new object is created. + + + Set initial permissions for newly created objects. + + + Update Initial Permissions + + + Create Initial Permissions + + + Reputation: lower limit + + + Reputation cannot decrease lower than this value. Zero or negative. + + + Reputation: upper limit + + + Reputation cannot increase higher than this value. Zero or positive. + + + HTTP Basic Auth + + + Include the client ID and secret as request parameters + + + Authorization code authentication method + + + How to perform authentication during an authorization_code token request flow + + + Enable "Remember me on this device" + + + When enabled, the user can save their username in a cookie, allowing them to skip directly to entering their password. + + + Remember me on this device + Zapamatovat na tomto zařízení + + + Ensure that the user's new password is different from their previous passwords. The number of past passwords to check is configurable. + + + Number of previous passwords to check + + + Toggle sidebar + + + Choose a Provider + + + When enabled, the SAML response will be signed. + + + Client Certificates + + + Available Certificates + + + Selected Certificates + + + Client-certificate/mTLS authentication/enrollment. + + + Certificate optional + + + If no certificate was provided, this stage will succeed and continue to the next stage. + + + Certificate required + + + If no certificate was provided, this stage will stop flow execution. + + + Certificate authorities + + + Configure the certificate authority client certificates are validated against. The certificate authority can also be configured on a brand, which allows for different certificate authorities for different domains. + + + Certificate attribute + + + Configure the attribute of the certificate used to look for a user. + + + User attribute + + + Configure the attribute of the user used to look for a user. + + + Delete Not Found Objects + + + Delete authentik users and groups which were previously supplied by this source, but are now missing from it. + + + + \ No newline at end of file diff --git a/web/xliff/de.xlf b/web/xliff/de.xlf index 2df2cd36f9..120deffada 100644 --- a/web/xliff/de.xlf +++ b/web/xliff/de.xlf @@ -3934,6 +3934,7 @@ doesn't pass when either or both of the selected options are equal or above the Groups to add + Gruppen zum Hinzufügen @@ -5978,6 +5979,8 @@ Bindings to groups/users are checked against the user of the event. Yes () + Ja ( + ) @@ -6962,9 +6965,11 @@ Bindings to groups/users are checked against the user of the event. Internal: + Intern: External: + Extern: Statically deny the flow. To use this stage effectively, disable *Evaluate when flow is planned* on the respective binding. @@ -6984,6 +6989,7 @@ Bindings to groups/users are checked against the user of the event. Flows and Stages + Abläufe und Phasen New version available @@ -7071,6 +7077,7 @@ Bindings to groups/users are checked against the user of the event. Submit + Übermitteln UI Settings @@ -7242,6 +7249,7 @@ Bindings to groups/users are checked against the user of the event. External + Extern Service account @@ -7386,6 +7394,7 @@ Bindings to groups/users are checked against the user of the event. Endpoint(s) + Endpunkt(e) Update Endpoint @@ -7401,6 +7410,7 @@ Bindings to groups/users are checked against the user of the event. Endpoints + Endpunkte General settings @@ -7465,6 +7475,7 @@ Bindings to groups/users are checked against the user of the event. Connecting... + Verbinde… Select endpoint to connect to @@ -7496,6 +7507,7 @@ Bindings to groups/users are checked against the user of the event. Brand + Marke Successfully updated brand. @@ -7511,9 +7523,11 @@ Bindings to groups/users are checked against the user of the event. Brands + Marken Brand(s) + Marke(n) Update Brand @@ -7607,6 +7621,7 @@ Bindings to groups/users are checked against the user of the event. Impersonation + Identitätswechsel Globally enable/disable impersonation. @@ -7620,6 +7635,7 @@ Bindings to groups/users are checked against the user of the event. Key + Schlüssel Previous value @@ -7716,6 +7732,7 @@ Bindings to groups/users are checked against the user of the event. Endpoint + Endpunkt Connections @@ -7740,9 +7757,11 @@ Bindings to groups/users are checked against the user of the event. Authenticating... + Authentifiziere… Customization + Anpassung Authentication failed. Please try again. @@ -7754,6 +7773,7 @@ Bindings to groups/users are checked against the user of the event. Registering... + Registriere… Failed to register @@ -7890,6 +7910,7 @@ Bindings to groups/users are checked against the user of the event. Verifying... + Überprüfe… Request failed. Please try again later. @@ -8573,7 +8594,7 @@ Bindings to groups/users are checked against the user of the event. This option configures the footer links on the flow executor pages. The URL is limited to web and mail addresses. If the name is left blank, the URL will be shown. - External applications that use as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. + External applications that use as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. Strict @@ -9085,9 +9106,6 @@ Bindings to groups/users are checked against the user of the event. Failed to preview prompt - - Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...'. When selecting 'Lookup using a user attribute', this should be a user attribute, otherwise a group attribute. - Lookup using user attribute @@ -9219,6 +9237,24 @@ Bindings to groups/users are checked against the user of the event. Configure the attribute of the user used to look for a user. + + + Delete Not Found Objects + + + Delete authentik users and groups which were previously supplied by this source, but are now missing from it. + + + Welcome. + + + Field which contains members of a group. The value of this field is matched against User membership attribute. + + + User membership attribute + + + Attribute which matches the value of Group membership field. diff --git a/web/xliff/en.xlf b/web/xliff/en.xlf index d6f5745fd1..bb7c7e7e84 100644 --- a/web/xliff/en.xlf +++ b/web/xliff/en.xlf @@ -7099,7 +7099,7 @@ Bindings to groups/users are checked against the user of the event. This option configures the footer links on the flow executor pages. The URL is limited to web and mail addresses. If the name is left blank, the URL will be shown. - External applications that use as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. + External applications that use as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. Strict @@ -7608,9 +7608,6 @@ Bindings to groups/users are checked against the user of the event. Failed to preview prompt - - Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...'. When selecting 'Lookup using a user attribute', this should be a user attribute, otherwise a group attribute. - Lookup using user attribute @@ -7742,6 +7739,24 @@ Bindings to groups/users are checked against the user of the event. Configure the attribute of the user used to look for a user. + + + Delete Not Found Objects + + + Delete authentik users and groups which were previously supplied by this source, but are now missing from it. + + + Welcome. + + + Field which contains members of a group. The value of this field is matched against User membership attribute. + + + User membership attribute + + + Attribute which matches the value of Group membership field. diff --git a/web/xliff/es.xlf b/web/xliff/es.xlf index 0b6e3ecff5..ec0d6e3be7 100644 --- a/web/xliff/es.xlf +++ b/web/xliff/es.xlf @@ -8652,7 +8652,7 @@ Las vinculaciones a grupos o usuarios se comparan con el usuario del evento.This option configures the footer links on the flow executor pages. The URL is limited to web and mail addresses. If the name is left blank, the URL will be shown. - External applications that use as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. + External applications that use as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. Aplicaciones externas que utilizan como proveedor de identidad a través de protocolos como OAuth2 y SAML. Aquí se muestran todas las aplicaciones, incluso aquellas a las que no puede acceder. @@ -9167,9 +9167,6 @@ Las vinculaciones a grupos o usuarios se comparan con el usuario del evento. Failed to preview prompt - - Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...'. When selecting 'Lookup using a user attribute', this should be a user attribute, otherwise a group attribute. - Lookup using user attribute @@ -9301,6 +9298,24 @@ Las vinculaciones a grupos o usuarios se comparan con el usuario del evento. Configure the attribute of the user used to look for a user. + + + Delete Not Found Objects + + + Delete authentik users and groups which were previously supplied by this source, but are now missing from it. + + + Welcome. + + + Field which contains members of a group. The value of this field is matched against User membership attribute. + + + User membership attribute + + + Attribute which matches the value of Group membership field. diff --git a/web/xliff/fi.xlf b/web/xliff/fi.xlf index 1c01f8f40b..95835f3e49 100644 --- a/web/xliff/fi.xlf +++ b/web/xliff/fi.xlf @@ -611,7 +611,7 @@ - Welcome, . + Welcome, . Tervetuloa, . @@ -9009,7 +9009,7 @@ Liitokset käyttäjiin/ryhmiin tarkistetaan tapahtuman käyttäjästä. Tämä valinta määrittää alalaidan linkit prosessin suoritussivuilla. URL voi sisältää web- tai sähköpostiosoitteen. Jos nimi jätetään tyhjäksi, näytetään syötetty URL-osoite. - External applications that use as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. + External applications that use as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. Strict @@ -9179,10 +9179,6 @@ Liitokset käyttäjiin/ryhmiin tarkistetaan tapahtuman käyttäjästä. Create a Policy/User/Group Binding Luo käytännön/käyttäjän/ryhmän liitos - - Choose A Provider - Valitse palveluntarjoaja - Please choose a provider type before proceeding. Valitse palveluntarjoajan tyyppi ennen jatkamista. @@ -9677,6 +9673,63 @@ Liitokset käyttäjiin/ryhmiin tarkistetaan tapahtuman käyttäjästä. Number of previous passwords to check + + + Toggle sidebar + + + Choose a Provider + + + When enabled, the SAML response will be signed. + + + Client Certificates + + + Available Certificates + + + Selected Certificates + + + Client-certificate/mTLS authentication/enrollment. + + + Certificate optional + + + If no certificate was provided, this stage will succeed and continue to the next stage. + + + Certificate required + + + If no certificate was provided, this stage will stop flow execution. + + + Certificate authorities + + + Configure the certificate authority client certificates are validated against. The certificate authority can also be configured on a brand, which allows for different certificate authorities for different domains. + + + Certificate attribute + + + Configure the attribute of the certificate used to look for a user. + + + User attribute + + + Configure the attribute of the user used to look for a user. + + + Delete Not Found Objects + + + Delete authentik users and groups which were previously supplied by this source, but are now missing from it. diff --git a/web/xliff/fr.xlf b/web/xliff/fr.xlf index a3b3da95f6..63292003a8 100644 --- a/web/xliff/fr.xlf +++ b/web/xliff/fr.xlf @@ -9009,8 +9009,8 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti Cette option configure les liens affichés en bas de page sur l’exécuteur de flux. L'URL est limitée à des addresses web et courriel. Si le nom est laissé vide, l'URL sera affichée. - External applications that use as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. - Applications externes qui utilisent comme fournisseur d'identité en utilisant des protocoles comme OAuth2 et SAML. Toutes les applications sont affichées ici, même celles auxquelles vous n'avez pas accès. + External applications that use as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. + Applications externes qui utilisent comme fournisseur d'identité en utilisant des protocoles comme OAuth2 et SAML. Toutes les applications sont affichées ici, même celles auxquelles vous n'avez pas accès. Strict @@ -9690,10 +9690,6 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti Failed to preview prompt Échec de la prévisualisation de l'invite - - Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...'. When selecting 'Lookup using a user attribute', this should be a user attribute, otherwise a group attribute. - Champ qui contient les membres d'un groupe. Si vous utilisez le champ "memberUid", la valeur est censée contenir un nom distinctif relatif, par exemple 'memberUid=un-utilisateur' au lieu de 'memberUid=cn=un-utilisateur,ou=groups,...'. Lorsque "Recherche avec un attribut utilisateur" est sélectionné, cet attribut doit être un attribut utilisateur, sinon un attribut de groupe. - Lookup using user attribute Recherche avec un attribut utilisateur @@ -9812,48 +9808,83 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti When enabled, the SAML response will be signed. + Si activé, la réponse SAML sera signée. Client Certificates + Certificats clients Available Certificates + Certificats disponibles Selected Certificates + Certificats sélectionnés Client-certificate/mTLS authentication/enrollment. + Authentification/inscription par certificat client/mTLS. Certificate optional + Certificat facultatif If no certificate was provided, this stage will succeed and continue to the next stage. + Si aucun certificat n'a été fourni, cette étape réussira et passera à l'étape suivante. Certificate required + Certificat requis If no certificate was provided, this stage will stop flow execution. + Si aucun certificat n'a été fourni, cette étape arrêtera l'exécution du flux. Certificate authorities + Autorités de certification Configure the certificate authority client certificates are validated against. The certificate authority can also be configured on a brand, which allows for different certificate authorities for different domains. + Configurez l'autorité de certification par rapport à laquelle les certificats clients sont validés. L'autorité de certification peut également être configurée sur une marque, ce qui permet d'utiliser différentes autorités de certification pour différents domaines. Certificate attribute + Attribut du certificat Configure the attribute of the certificate used to look for a user. + Configurez l'attribut du certificat utilisé pour rechercher un utilisateur. User attribute + Attribut utilisateur Configure the attribute of the user used to look for a user. + Configurez l'attribut utilisateur utilisé pour rechercher un utilisateur. + + + Delete Not Found Objects + Supprimer les objets introuvables + + + Delete authentik users and groups which were previously supplied by this source, but are now missing from it. + Supprimer les utilisateurs et les groupes authentik qui étaient auparavant fournis par cette source, mais qui en sont maintenant absents. + + + Welcome. + + + Field which contains members of a group. The value of this field is matched against User membership attribute. + + + User membership attribute + + + Attribute which matches the value of Group membership field. diff --git a/web/xliff/it.xlf b/web/xliff/it.xlf index fdd8bd9ef3..3e693d6219 100644 --- a/web/xliff/it.xlf +++ b/web/xliff/it.xlf @@ -3180,7 +3180,7 @@ doesn't pass when either or both of the selected options are equal or above the Sources of identities, which can either be synced into authentik's database, or can be used by users to authenticate and enroll themselves. - Fonti di identità, che possono essere sincronizzate nel database di Authentik o possono essere utilizzate dagli utenti per autenticarsi e iscriversi. + Fonti di identità, che possono essere sincronizzate nel database di authentik o possono essere utilizzate dagli utenti per autenticarsi e iscriversi. @@ -3447,7 +3447,7 @@ doesn't pass when either or both of the selected options are equal or above the Tokens are used throughout authentik for Email validation stages, Recovery keys and API access. - I token vengono utilizzati in Authentik per le fasi di convalida dell'e-mail, le chiavi di ripristino e l'accesso all'API. + I token vengono utilizzati in authentik per le fasi di convalida dell'e-mail, le chiavi di ripristino e l'accesso all'API. @@ -3472,7 +3472,7 @@ doesn't pass when either or both of the selected options are equal or above the Token is managed by authentik. - Token gestito da Authentik + Token gestito da authentik @@ -4329,7 +4329,7 @@ doesn't pass when either or both of the selected options are equal or above the authentik: Locale: Displays a list of locales authentik supports. - Authenk: Locale: visualizza un elenco di supporti di Autenik Locali. + authentik: Locale: visualizza un elenco di lingue che authentik supporta. @@ -5389,7 +5389,7 @@ doesn't pass when either or both of the selected options are equal or above the Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik. - Decide a cosa serve questo flusso. Ad esempio, il flusso di autenticazione viene reindirizzato a quando un utente non autenticato visita Authenk. + Decide a cosa serve questo flusso. Ad esempio, il flusso di autenticazione viene reindirizzato a quando un utente non autenticato visita authentik. @@ -5484,7 +5484,7 @@ doesn't pass when either or both of the selected options are equal or above the .yaml files, which can be found on goauthentik.io and can be exported by authentik. - .yaml Files, che possono essere trovati su goauthentik.io e possono essere esportati da Authenk. + .yaml Files, che possono essere trovati su goauthentik.io e possono essere esportati da authentik. @@ -5736,7 +5736,7 @@ doesn't pass when either or both of the selected options are equal or above the Select which transports should be used to notify the user. If none are selected, the notification will only be shown in the authentik UI. - Selezionare quali trasporti dovrebbero essere utilizzati per avvisare l'utente. Se nessuno è selezionato, la notifica verrà mostrata solo nell'interfaccia utente di Authenk. + Selezionare quali trasporti dovrebbero essere utilizzati per avvisare l'utente. Se nessuno è selezionato, la notifica verrà mostrata solo nell'interfaccia utente di authentik. @@ -5802,12 +5802,12 @@ Bindings to groups/users are checked against the user of the event. If your authentik Instance is using a self-signed certificate, set this value. - Se l'istanza Authenk sta utilizzando un certificato autofirmato, impostare questo valore. + Se l'istanza authentik sta utilizzando un certificato autofirmato, impostare questo valore. If your authentik_host setting does not match the URL you want to login with, add this setting. - Se l'impostazione AUTHENK_HOST non corrisponde all'URL con cui si desidera accedere, aggiungi questa impostazione. + Se l'impostazione AUTHENTIK_HOST non corrisponde all'URL con cui si desidera accedere, aggiungi questa impostazione. @@ -5832,7 +5832,7 @@ Bindings to groups/users are checked against the user of the event. Selecting an integration enables the management of the outpost by authentik. - La selezione di un'integrazione consente la gestione dell'autospost di Authenk. + La selezione di un'integrazione consente la gestione dell'autospost di authentik. @@ -7345,7 +7345,7 @@ Bindings to groups/users are checked against the user of the event. Manage roles which grant permissions to objects within authentik. - Gestisci ruoli che concedono le autorizzazioni agli oggetti all'interno di Authenk. + Gestisci ruoli che concedono le autorizzazioni agli oggetti all'interno di authentik. Role(s) @@ -7393,7 +7393,7 @@ Bindings to groups/users are checked against the user of the event. The token was displayed because authentik does not have permission to write to the clipboard - Il token è stato visualizzato perché Authenk non ha il permesso di scrivere negli appunti + Il token è stato visualizzato perché authentik non ha il permesso di scrivere negli appunti A copy of this recovery link has been placed in your clipboard @@ -7773,7 +7773,7 @@ Bindings to groups/users are checked against the user of the event. Configure how authentik should show avatars for users. The following values can be set: - Configurare come Authenk dovrebbe mostrare avatar per gli utenti. È possibile impostare i seguenti valori: + Configurare come authentik dovrebbe mostrare avatar per gli utenti. È possibile impostare i seguenti valori: Disables per-user avatars and just shows a 1x1 pixel transparent picture @@ -7815,7 +7815,7 @@ Bindings to groups/users are checked against the user of the event. Multiple values can be set, comma-separated, and authentik will fallback to the next mode when no avatar could be found. - È possibile impostare più valori, separati da virgole e Authenk scenderà alla modalità successiva quando non è stato possibile trovare un avatar. + È possibile impostare più valori, separati da virgole e authentik scenderà alla modalità successiva quando non è stato possibile trovare un avatar. For example, setting this to gravatar,initials will @@ -8083,7 +8083,7 @@ Bindings to groups/users are checked against the user of the event. When the user logs in to authentik using this source password backend, update their credentials in authentik. - Quando l'utente accede ad Authenk utilizzando questo backend di password di origine, aggiorna le loro credenziali in Autenik. + Quando l'utente accede ad authentik utilizzando questo backend di password di origine, aggiorna le loro credenziali in authentik. Source @@ -8215,7 +8215,7 @@ Bindings to groups/users are checked against the user of the event. Internal Service accounts are created and managed by authentik and cannot be created manually. - Gli account di servizio interni vengono creati e gestiti da Authenk e non possono essere creati manualmente. + Gli account di servizio interni vengono creati e gestiti da authentik e non possono essere creati manualmente. Private key Algorithm @@ -8291,7 +8291,7 @@ Bindings to groups/users are checked against the user of the event. Determines what authentik will do when a User is deleted. - Determina cosa farà Authenk quando viene eliminato un utente. + Determina cosa farà authentik quando viene eliminato un utente. Group deletion action @@ -8307,7 +8307,7 @@ Bindings to groups/users are checked against the user of the event. Determines what authentik will do when a Group is deleted. - Determina cosa farà Authenk quando viene eliminato un gruppo. + Determina cosa farà authentik quando viene eliminato un gruppo. Microsoft Entra Provider @@ -8319,7 +8319,7 @@ Bindings to groups/users are checked against the user of the event. Email address of the user the actions of authentik will be delegated to. - Indirizzo e -mail dell'utente Le azioni di Authenk saranno delegate. + Indirizzo e -mail dell'utente Le azioni di authentik saranno delegate. Client ID for the app registration. @@ -8463,7 +8463,7 @@ Bindings to groups/users are checked against the user of the event. Your authentik password - La tua password Authenk + La tua password di authentik Internal Service account @@ -8479,7 +8479,7 @@ Bindings to groups/users are checked against the user of the event. Outpost integrations define how authentik connects to external platforms to manage and deploy Outposts. - Le integrazioni di avamposto definiscono come Authenk si collega a piattaforme esterne per gestire e distribuire gli avamposti. + Le integrazioni di avamposto definiscono come authentik si collega a piattaforme esterne per gestire e distribuire gli avamposti. Operation failed to complete @@ -8615,15 +8615,15 @@ Bindings to groups/users are checked against the user of the event. Caution: This authentik instance has entered read-only mode due to expired/exceeded licenses. - ATTENZIONE: questa istanza Authenk ha inserito la modalità di sola lettura a causa delle licenze scadute/superate. + ATTENZIONE: questa istanza di authentik ha inserito la modalità di sola lettura a causa delle licenze scadute/superate. This authentik instance uses a Trial license. - Questa istanza Authenk utilizza una licenza di prova. + Questa istanza di authentik utilizza una licenza di prova. This authentik instance uses a Non-production license. - Questa istanza Authenk utilizza una patente di non produzione. + Questa istanza di authentik utilizza una licenza non adatta alla produzione. Access Tokens(s) @@ -9010,8 +9010,7 @@ Bindings to groups/users are checked against the user of the event. Questo opzione configura il link in basso nel flusso delle pagine di esecuzione. L'URL e' limitato a web e indirizzo mail-Se il nome viene lasciato vuoto, verra' visualizzato l'URL - External applications that use as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. - Applicazioni esterne che utilizzano come fornitore di identità tramite protocolli come OAuth2 e SAML. Qui sono mostrate tutte le applicazioni, anche quelle a cui non è possibile accedere. + External applications that use as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. Strict @@ -9691,10 +9690,6 @@ Bindings to groups/users are checked against the user of the event. Failed to preview prompt Impossibile visualizzare l'anteprima del prompt - - Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...'. When selecting 'Lookup using a user attribute', this should be a user attribute, otherwise a group attribute. - Campo che contiene i membri di un gruppo. Si noti che se si utilizza il campo "memberUid", si presume che il valore contenga un nome relativo distinto. Ad esempio, "memberUid=some-user" invece di "memberUid=cn=some-user,ou=groups,...". Quando si seleziona "Cerca utilizzando un attributo utente", questo dovrebbe essere un attributo utente, altrimenti un attributo di gruppo. - Lookup using user attribute Ricerca tramite attributo utente @@ -9855,6 +9850,24 @@ Bindings to groups/users are checked against the user of the event. Configure the attribute of the user used to look for a user. + + + Delete Not Found Objects + + + Delete authentik users and groups which were previously supplied by this source, but are now missing from it. + + + Welcome. + + + Field which contains members of a group. The value of this field is matched against User membership attribute. + + + User membership attribute + + + Attribute which matches the value of Group membership field. diff --git a/web/xliff/ko.xlf b/web/xliff/ko.xlf index 6b06e76091..d95170c2c7 100644 --- a/web/xliff/ko.xlf +++ b/web/xliff/ko.xlf @@ -8565,7 +8565,7 @@ Bindings to groups/users are checked against the user of the event. This option configures the footer links on the flow executor pages. The URL is limited to web and mail addresses. If the name is left blank, the URL will be shown. - External applications that use as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. + External applications that use as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. Strict @@ -9075,9 +9075,6 @@ Bindings to groups/users are checked against the user of the event. Failed to preview prompt - - Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...'. When selecting 'Lookup using a user attribute', this should be a user attribute, otherwise a group attribute. - Lookup using user attribute @@ -9209,6 +9206,24 @@ Bindings to groups/users are checked against the user of the event. Configure the attribute of the user used to look for a user. + + + Delete Not Found Objects + + + Delete authentik users and groups which were previously supplied by this source, but are now missing from it. + + + Welcome. + + + Field which contains members of a group. The value of this field is matched against User membership attribute. + + + User membership attribute + + + Attribute which matches the value of Group membership field. diff --git a/web/xliff/nl.xlf b/web/xliff/nl.xlf index 31ad65cc89..a11524af7d 100644 --- a/web/xliff/nl.xlf +++ b/web/xliff/nl.xlf @@ -8467,7 +8467,7 @@ Bindingen naar groepen/gebruikers worden gecontroleerd tegen de gebruiker van de This option configures the footer links on the flow executor pages. The URL is limited to web and mail addresses. If the name is left blank, the URL will be shown. - External applications that use as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. + External applications that use as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. Strict @@ -8977,9 +8977,6 @@ Bindingen naar groepen/gebruikers worden gecontroleerd tegen de gebruiker van de Failed to preview prompt - - Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...'. When selecting 'Lookup using a user attribute', this should be a user attribute, otherwise a group attribute. - Lookup using user attribute @@ -9111,6 +9108,24 @@ Bindingen naar groepen/gebruikers worden gecontroleerd tegen de gebruiker van de Configure the attribute of the user used to look for a user. + + + Delete Not Found Objects + + + Delete authentik users and groups which were previously supplied by this source, but are now missing from it. + + + Welcome. + + + Field which contains members of a group. The value of this field is matched against User membership attribute. + + + User membership attribute + + + Attribute which matches the value of Group membership field. diff --git a/web/xliff/pl.xlf b/web/xliff/pl.xlf index 65bbe4b0fe..bf130a4105 100644 --- a/web/xliff/pl.xlf +++ b/web/xliff/pl.xlf @@ -8892,7 +8892,7 @@ Powiązania z grupami/użytkownikami są sprawdzane względem użytkownika zdarz This option configures the footer links on the flow executor pages. The URL is limited to web and mail addresses. If the name is left blank, the URL will be shown. - External applications that use as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. + External applications that use as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. Strict @@ -9402,9 +9402,6 @@ Powiązania z grupami/użytkownikami są sprawdzane względem użytkownika zdarz Failed to preview prompt - - Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...'. When selecting 'Lookup using a user attribute', this should be a user attribute, otherwise a group attribute. - Lookup using user attribute @@ -9536,6 +9533,24 @@ Powiązania z grupami/użytkownikami są sprawdzane względem użytkownika zdarz Configure the attribute of the user used to look for a user. + + + Delete Not Found Objects + + + Delete authentik users and groups which were previously supplied by this source, but are now missing from it. + + + Welcome. + + + Field which contains members of a group. The value of this field is matched against User membership attribute. + + + User membership attribute + + + Attribute which matches the value of Group membership field. diff --git a/web/xliff/pseudo-LOCALE.xlf b/web/xliff/pseudo-LOCALE.xlf index e9d8fb9472..6056570bf5 100644 --- a/web/xliff/pseudo-LOCALE.xlf +++ b/web/xliff/pseudo-LOCALE.xlf @@ -8900,7 +8900,7 @@ Bindings to groups/users are checked against the user of the event. This option configures the footer links on the flow executor pages. The URL is limited to web and mail addresses. If the name is left blank, the URL will be shown. - External applications that use as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. + External applications that use as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. Strict @@ -9409,9 +9409,6 @@ Bindings to groups/users are checked against the user of the event. Failed to preview prompt - - Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...'. When selecting 'Lookup using a user attribute', this should be a user attribute, otherwise a group attribute. - Lookup using user attribute @@ -9544,4 +9541,22 @@ Bindings to groups/users are checked against the user of the event. Configure the attribute of the user used to look for a user. + + Delete Not Found Objects + + + Delete authentik users and groups which were previously supplied by this source, but are now missing from it. + + + Welcome. + + + Field which contains members of a group. The value of this field is matched against User membership attribute. + + + User membership attribute + + + Attribute which matches the value of Group membership field. + diff --git a/web/xliff/ru.xlf b/web/xliff/ru.xlf index 538de4b214..24e2563b47 100644 --- a/web/xliff/ru.xlf +++ b/web/xliff/ru.xlf @@ -8942,7 +8942,7 @@ Bindings to groups/users are checked against the user of the event. This option configures the footer links on the flow executor pages. The URL is limited to web and mail addresses. If the name is left blank, the URL will be shown. - External applications that use as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. + External applications that use as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. Strict @@ -9494,9 +9494,6 @@ Bindings to groups/users are checked against the user of the event. Failed to preview prompt - - Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...'. When selecting 'Lookup using a user attribute', this should be a user attribute, otherwise a group attribute. - Lookup using user attribute @@ -9628,6 +9625,24 @@ Bindings to groups/users are checked against the user of the event. Configure the attribute of the user used to look for a user. + + + Delete Not Found Objects + + + Delete authentik users and groups which were previously supplied by this source, but are now missing from it. + + + Welcome. + + + Field which contains members of a group. The value of this field is matched against User membership attribute. + + + User membership attribute + + + Attribute which matches the value of Group membership field. diff --git a/web/xliff/tr.xlf b/web/xliff/tr.xlf index 159bfe514a..d2ffd3bd88 100644 --- a/web/xliff/tr.xlf +++ b/web/xliff/tr.xlf @@ -8955,7 +8955,7 @@ Gruplara/kullanıcılara yapılan bağlamalar, etkinliğin kullanıcısına kar This option configures the footer links on the flow executor pages. The URL is limited to web and mail addresses. If the name is left blank, the URL will be shown. - External applications that use as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. + External applications that use as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. Strict @@ -9465,9 +9465,6 @@ Gruplara/kullanıcılara yapılan bağlamalar, etkinliğin kullanıcısına kar Failed to preview prompt - - Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...'. When selecting 'Lookup using a user attribute', this should be a user attribute, otherwise a group attribute. - Lookup using user attribute @@ -9599,6 +9596,24 @@ Gruplara/kullanıcılara yapılan bağlamalar, etkinliğin kullanıcısına kar Configure the attribute of the user used to look for a user. + + + Delete Not Found Objects + + + Delete authentik users and groups which were previously supplied by this source, but are now missing from it. + + + Welcome. + + + Field which contains members of a group. The value of this field is matched against User membership attribute. + + + User membership attribute + + + Attribute which matches the value of Group membership field. diff --git a/web/xliff/zh-CN.xlf b/web/xliff/zh-CN.xlf index 6d049470d3..cf928c29fc 100644 --- a/web/xliff/zh-CN.xlf +++ b/web/xliff/zh-CN.xlf @@ -5706,7 +5706,7 @@ Bindings to groups/users are checked against the user of the event. This option configures the footer links on the flow executor pages. The URL is limited to web and mail addresses. If the name is left blank, the URL will be shown. - External applications that use as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. + External applications that use as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. Strict @@ -6215,9 +6215,6 @@ Bindings to groups/users are checked against the user of the event. Failed to preview prompt - - Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...'. When selecting 'Lookup using a user attribute', this should be a user attribute, otherwise a group attribute. - Lookup using user attribute @@ -6350,6 +6347,24 @@ Bindings to groups/users are checked against the user of the event. Configure the attribute of the user used to look for a user. + + Delete Not Found Objects + + + Delete authentik users and groups which were previously supplied by this source, but are now missing from it. + + + Welcome. + + + Field which contains members of a group. The value of this field is matched against User membership attribute. + + + User membership attribute + + + Attribute which matches the value of Group membership field. + diff --git a/web/xliff/zh-Hans.xlf b/web/xliff/zh-Hans.xlf index b0357958b9..7a4879ec07 100644 --- a/web/xliff/zh-Hans.xlf +++ b/web/xliff/zh-Hans.xlf @@ -9010,8 +9010,8 @@ Bindings to groups/users are checked against the user of the event. 此选项配置流程执行器页面上的页脚链接。URL 限为 Web 和电子邮件地址。如果名称留空,则显示 URL 自身。 - External applications that use as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. - 通过 OAuth2 和 SAML 等协议,使用 作为身份提供程序的外部应用程序。此处显示了所有应用程序,即使您无法访问的也包括在内。 + External applications that use as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. + 通过 OAuth2 和 SAML 等协议,使用 作为身份提供程序的外部应用程序。此处显示了所有应用程序,即使您无法访问的也包括在内。 Strict @@ -9691,10 +9691,6 @@ Bindings to groups/users are checked against the user of the event. Failed to preview prompt 预览输入失败 - - Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...'. When selecting 'Lookup using a user attribute', this should be a user attribute, otherwise a group attribute. - 包含组成员的字段。请注意,如果使用 "memberUid" 字段,则假定该值包含相对可分辨名称。例如,'memberUid=some-user' 而不是 'memberUid=cn=some-user,ou=groups,...'。当选中“使用用户属性查询”时,此配置应该为用户属性,否则为组属性。 - Lookup using user attribute 使用用户属性查询 @@ -9870,6 +9866,26 @@ Bindings to groups/users are checked against the user of the event. Configure the attribute of the user used to look for a user. 配置用于查询用户的用户属性。 + + + Delete Not Found Objects + 删除不存在对象 + + + Delete authentik users and groups which were previously supplied by this source, but are now missing from it. + 删除之前由此源提供,但现已缺失的用户和组。 + + + Welcome. + + + Field which contains members of a group. The value of this field is matched against User membership attribute. + + + User membership attribute + + + Attribute which matches the value of Group membership field. diff --git a/web/xliff/zh-Hant.xlf b/web/xliff/zh-Hant.xlf index 8ebca16b9a..90bd0d9a34 100644 --- a/web/xliff/zh-Hant.xlf +++ b/web/xliff/zh-Hant.xlf @@ -6799,7 +6799,7 @@ Bindings to groups/users are checked against the user of the event. This option configures the footer links on the flow executor pages. The URL is limited to web and mail addresses. If the name is left blank, the URL will be shown. - External applications that use as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. + External applications that use as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. Strict @@ -7308,9 +7308,6 @@ Bindings to groups/users are checked against the user of the event. Failed to preview prompt - - Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...'. When selecting 'Lookup using a user attribute', this should be a user attribute, otherwise a group attribute. - Lookup using user attribute @@ -7442,6 +7439,24 @@ Bindings to groups/users are checked against the user of the event. Configure the attribute of the user used to look for a user. + + + Delete Not Found Objects + + + Delete authentik users and groups which were previously supplied by this source, but are now missing from it. + + + Welcome. + + + Field which contains members of a group. The value of this field is matched against User membership attribute. + + + User membership attribute + + + Attribute which matches the value of Group membership field. diff --git a/web/xliff/zh_CN.xlf b/web/xliff/zh_CN.xlf index 9d981745ef..7b2d4eb410 100644 --- a/web/xliff/zh_CN.xlf +++ b/web/xliff/zh_CN.xlf @@ -9010,8 +9010,8 @@ Bindings to groups/users are checked against the user of the event. 此选项配置流程执行器页面上的页脚链接。URL 限为 Web 和电子邮件地址。如果名称留空,则显示 URL 自身。 - External applications that use as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. - 通过 OAuth2 和 SAML 等协议,使用 作为身份提供程序的外部应用程序。此处显示了所有应用程序,即使您无法访问的也包括在内。 + External applications that use as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. + 通过 OAuth2 和 SAML 等协议,使用 作为身份提供程序的外部应用程序。此处显示了所有应用程序,即使您无法访问的也包括在内。 Strict @@ -9870,6 +9870,14 @@ Bindings to groups/users are checked against the user of the event. Configure the attribute of the user used to look for a user. 配置用于查询用户的用户属性。 + + + Delete Not Found Objects + 删除不存在对象 + + + Delete authentik users and groups which were previously supplied by this source, but are now missing from it. + 删除之前由此源提供,但现已缺失的用户和组。 diff --git a/web/xliff/zh_TW.xlf b/web/xliff/zh_TW.xlf index 71c25790c6..37115f6cfd 100644 --- a/web/xliff/zh_TW.xlf +++ b/web/xliff/zh_TW.xlf @@ -8542,7 +8542,7 @@ Bindings to groups/users are checked against the user of the event. This option configures the footer links on the flow executor pages. The URL is limited to web and mail addresses. If the name is left blank, the URL will be shown. - External applications that use as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. + External applications that use as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. Strict @@ -9052,9 +9052,6 @@ Bindings to groups/users are checked against the user of the event. Failed to preview prompt - - Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...'. When selecting 'Lookup using a user attribute', this should be a user attribute, otherwise a group attribute. - Lookup using user attribute @@ -9186,6 +9183,24 @@ Bindings to groups/users are checked against the user of the event. Configure the attribute of the user used to look for a user. + + + Delete Not Found Objects + + + Delete authentik users and groups which were previously supplied by this source, but are now missing from it. + + + Welcome. + + + Field which contains members of a group. The value of this field is matched against User membership attribute. + + + User membership attribute + + + Attribute which matches the value of Group membership field. diff --git a/website/docs/add-secure-apps/applications/manage_apps.mdx b/website/docs/add-secure-apps/applications/manage_apps.mdx index 2c92fe2f9d..97328c45bc 100644 --- a/website/docs/add-secure-apps/applications/manage_apps.mdx +++ b/website/docs/add-secure-apps/applications/manage_apps.mdx @@ -8,7 +8,7 @@ Managing the applications that your team uses involves several tasks, from initi To add an application to authentik and have it display on users' **My applications** page, follow these steps: -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications -> Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can create only an application, without a provider, by clicking **Create.)** diff --git a/website/docs/add-secure-apps/flows-stages/flow/context/index.mdx b/website/docs/add-secure-apps/flows-stages/flow/context/index.mdx index af5856036d..a8cc8abc74 100644 --- a/website/docs/add-secure-apps/flows-stages/flow/context/index.mdx +++ b/website/docs/add-secure-apps/flows-stages/flow/context/index.mdx @@ -1,5 +1,6 @@ --- title: Flow Context +toc_max_heading_level: 5 --- Each flow execution has an independent _context_. This context holds all of the arbitrary data about that specific flow, data which can then be used and transformed by stages and policies. @@ -156,6 +157,7 @@ Possible options: - `auth_mfa` (Authentication via MFA device without password) - `auth_webauthn_pwl` (Passwordless authentication via WebAuthn with Passkeys) - `jwt` ([M2M](../../../providers/oauth2/client_credentials.mdx) authentication via an existing JWT) +- `mtls` (Authentication via Certificate, see [Mutual TLS Stage](../../stages/mtls/index.md)) ##### `auth_method_args` (dictionary) @@ -176,7 +178,10 @@ Example: // JWT information when `auth_method` `jwt` was used "jwt": {}, "source": null, - "provider": null + "provider": null, + // Certificate used for authentication + // applies for `auth_method` `mtls` + "certificate": {} } ``` @@ -203,3 +208,22 @@ If _Show matched user_ is disabled, this key will be set to the user identifier [Set this key](../../../../customize/policies/expression/managing_flow_context_keys.md) in an Expression Policy to override [Redirect stage](../../stages/redirect/index.md) to force it to redirect to a certain URL or flow. This is useful when a flow requires that the redirection target be decided dynamically. Use the format `ak-flow://{slug}` to use the Redirect stage in Flow mode. Any other format will result in the Redirect stage running in Static mode. + +#### Mutual TLS Stage + +##### `certificate` (dictionary):ak-version[2025.6] + +This key is set by the Mutual TLS Stage during enrollment and contains data about the certificate supplied by the browser. + +Example: + +```json +{ + "serial_number": "1234", + "subject": "CN=client", + "issuer": "CN=authentik Test CA, O=authentik, OU=Self-signed", + "fingerprint_sha256": "08:D4:A4:79:25:CA:C3:51:28:88:BB:30:C2:96:C3:44:5A:EB:18:07:84:CA:B4:75:27:74:61:19:8A:6A:AF:FC", + "fingerprint_sha1": "5D:14:0D:5F:A2:7E:14:B0:F1:1D:6F:CD:E3:4B:81:68:71:24:1A:70", + "raw": "-----BEGIN CERTIFICATE-----...." +} +``` diff --git a/website/docs/add-secure-apps/flows-stages/stages/mtls/index.md b/website/docs/add-secure-apps/flows-stages/stages/mtls/index.md new file mode 100644 index 0000000000..10b08ec80d --- /dev/null +++ b/website/docs/add-secure-apps/flows-stages/stages/mtls/index.md @@ -0,0 +1,124 @@ +--- +title: Mutual TLS stage +authentik_version: "2025.6" +authentik_preview: true +authentik_enterprise: true +toc_max_heading_level: 5 +--- + +The Mutual TLS stage enables authentik to use client certificates to enroll and authenticate users. These certificates can be local to the device or available via PIV Smart Cards, Yubikeys, etc. + +Management of client certificates is out of the scope of this document. + +## Reverse-proxy configuration + +Using the Mutual TLS stage requires special configuration of any reverse proxy that is used in front of authentik, because the reverse-proxy interacts directly with the browser. + +- nginx + - [Standalone nginx](#nginx-standalone) + - [nginx kubernetes ingress](#nginx-ingress) +- Traefik + - [Standalone Traefik](#traefik-standalone) + - [Traefik kubernetes ingress](#traefik-ingress) +- [envoy](#envoy) +- [No reverse proxy](#no-reverse-proxy) + +#### nginx Standalone + +Add this configuration snippet in your authentik virtual host: + +```nginx +# server { + ssl_client_certificate /etc/ssl/path-to-my-ca.pem; + ssl_verify_client on; + + # location / { + proxy_set_header ssl-client-cert $ssl_client_escaped_cert; + # } +# } +``` + +See [nginx documentation](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_client_certificate) for reference. + +#### nginx Ingress + +Add these annotations to your authentik ingress object: + +```yaml +nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "true" +# This secret needs to contain `ca.crt` which is the certificate authority to validate against. +nginx.ingress.kubernetes.io/auth-tls-secret: namespace/secretName +``` + +See [ingress-nginx documentation](https://kubernetes.github.io/ingress-nginx/examples/auth/client-certs/) for reference. + +#### Traefik Standalone + +Add this snippet to your traefik configuration: + +```yaml +tls: + options: + default: + clientAuth: + # in PEM format. each file can contain multiple CAs. + caFiles: + - tests/clientca1.crt + - tests/clientca2.crt + clientAuthType: RequireAndVerifyClientCert +``` + +See the [Traefik mTLS documentation](https://doc.traefik.io/traefik/https/tls/#client-authentication-mtls) for reference. + +#### Traefik Ingress + +Create a middleware object with these options: + +```yaml +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: test-passtlsclientcert +spec: + passTLSClientCert: + pem: true +``` + +See the [Traefik PassTLSClientCert documentation](https://doc.traefik.io/traefik/middlewares/http/passtlsclientcert/) for reference. + +#### Envoy + +See the [Envoy mTLS documentation](https://www.envoyproxy.io/docs/envoy/latest/start/quick-start/securing#use-mutual-tls-mtls-to-enforce-client-certificate-authentication) and [Envoy header documentation](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#x-forwarded-client-cert) for configuration. + +#### No reverse proxy + +When using authentik without a reverse proxy, select the certificate authorities in the corresponding [brand](../../../../sys-mgmt/brands.md#client-certificates) for the domain, under **Other global settings**. + +## Stage configuration + +1. Log in as an admin to authentik, and go to the Admin interface. + +2. In the Admin interface, navigate to **System -> Certificates** + +3. Create a new certificate for the Certificate Authority used to sign client certificates. + +4. In the Admin interface, navigate to **Flows -> Stages**. + +5. Click **Create**, and select **Mutual TLS Stage**, and in the **New stage** box, define the following fields: + + - **Name**: define a descriptive name, such as "chrome-device-trust". + + - **Stage-specific settings** + + - **Mode**: Configure the mode this stage operates in. + + - **Certificate optional**: When no certificate is provided by the user or the reverse proxy, the flow will continue to the next stage. + - **Certificate required**: When no certificate is provided, the flow ends with an error message. + + - **Certificate authorities**: Select the certificate authorities used to sign client certificates. + + - **Certificate attribute**: Select the attribute of the certificate to be used to find a user for authentication. + + - **User attribute**: Select the attribute of the user the certificate should be compared against. + +6. Click **Finish**. diff --git a/website/docs/add-secure-apps/providers/entra/setup-entra.md b/website/docs/add-secure-apps/providers/entra/setup-entra.md index ed2cef8126..311b74c056 100644 --- a/website/docs/add-secure-apps/providers/entra/setup-entra.md +++ b/website/docs/add-secure-apps/providers/entra/setup-entra.md @@ -9,7 +9,7 @@ For detailed instructions, refer to Microsoft Entra ID documentation. ## Configure Entra ID -1. Log into the Azure portal and on the Home page, under Azure services, click on or search for **App registrations**. +1. Log in to the Azure portal and on the Home page, under Azure services, click on or search for **App registrations**. 2. On the **App registrations** page, click **New registration**. 3. On the **Register an application** page, define the **Name** of the app, and under **Supported account types** select **Accounts in this organizational directory only**. Leave **Redirect URI** empty. 4. Click **Register**. diff --git a/website/docs/add-secure-apps/providers/oauth2/create-oauth2-provider.md b/website/docs/add-secure-apps/providers/oauth2/create-oauth2-provider.md index 7c0a921b2c..053cae0bb5 100644 --- a/website/docs/add-secure-apps/providers/oauth2/create-oauth2-provider.md +++ b/website/docs/add-secure-apps/providers/oauth2/create-oauth2-provider.md @@ -4,7 +4,7 @@ title: Create an OAuth2 provider To add a provider (and the application that uses the provider for authentication) use the ** Create with provider** option, which creates both the new application and the required provider at the same time. For typical scenarios, authentik recommends that you create both the application and the provider together. (Alternatively, use our legacy process: navigate to **Applications --> Providers**, and then click **Create**.) -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications -> Applications** and click **Create with provider** to create an application and provider pair. (Alternatively you can create only an application, without a provider, by clicking **Create**.) diff --git a/website/docs/add-secure-apps/providers/oauth2/device_code.md b/website/docs/add-secure-apps/providers/oauth2/device_code.md index e67c35169c..6ae456bf90 100644 --- a/website/docs/add-secure-apps/providers/oauth2/device_code.md +++ b/website/docs/add-secure-apps/providers/oauth2/device_code.md @@ -52,7 +52,7 @@ If the user _has_ finished the authentication and authorization, the response wi ### Create and apply a device code flow -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Flows and Stages** > **Flows** and click **Create**. 3. Set the following required configurations: - **Name**: provide a name (e.g. `default-device-code-flow`) diff --git a/website/docs/add-secure-apps/providers/rac/how-to-rac.md b/website/docs/add-secure-apps/providers/rac/how-to-rac.md index 12055736b0..3b574e25d9 100644 --- a/website/docs/add-secure-apps/providers/rac/how-to-rac.md +++ b/website/docs/add-secure-apps/providers/rac/how-to-rac.md @@ -26,7 +26,7 @@ Depending on whether you are connecting using RDP, SSH, or VNC, the exact config The first step is to create the RAC application and provider pair. -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with provider**. 3. Follow these [instructions](../../applications/manage_apps.mdx#instructions) to create your RAC application and provider. @@ -34,7 +34,7 @@ The first step is to create the RAC application and provider pair. Next, you need to add property mappings for each remote machine you want to access. Property mappings allow you to pass information to external applications, and with RAC they are used to pass the host name, IP address, and access credentials of the remote machine. -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Customization > Property Mappings** and click **Create**. - **Select Type**: RAC Property Mappings @@ -57,7 +57,7 @@ Next, you need to add property mappings for each remote machine you want to acce Finally, you need to create an endpoint for each remote machine. Endpoints are defined within providers; connections between the remote machine and authentik are enabled through communication between the provider's endpoint and the remote machine. -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications > Providers**. 3. Click the **Edit** button on the RAC provider that you previously created. 4. On the Provider page, under **Endpoints**, click **Create**, and provide the following settings: diff --git a/website/docs/add-secure-apps/providers/ssf/create-ssf-provider.md b/website/docs/add-secure-apps/providers/ssf/create-ssf-provider.md index 6e9343be00..91b2496a15 100644 --- a/website/docs/add-secure-apps/providers/ssf/create-ssf-provider.md +++ b/website/docs/add-secure-apps/providers/ssf/create-ssf-provider.md @@ -16,7 +16,7 @@ The workflow to implement an SSF provider as a [backchannel provider](../../appl ## Create the SSF provider -1. Log in to authentik as an admin, and in the Admin interface navigate to **Applications -> Providers**. +1. Log in to authentik as an administrator and in the Admin interface navigate to **Applications -> Providers**. 2. Click **Create**. @@ -28,7 +28,7 @@ The workflow to implement an SSF provider as a [backchannel provider](../../appl ## Create the OIDC provider -1. Log in to authentik as an admin, and in the Admin interface navigate to **Applications -> Providers**. +1. Log in to authentik as an administrator and in the Admin interface navigate to **Applications -> Providers**. 2. Click **Create**. @@ -38,7 +38,7 @@ The workflow to implement an SSF provider as a [backchannel provider](../../appl ## Create the application -1. Log in to authentik as an admin, and in the Admin interface navigate to **Applications -> Applications**. +1. Log in to authentik as an administrator and in the Admin interface navigate to **Applications -> Applications**. 2. Click **Create**. diff --git a/website/docs/developer-docs/docs/style-guide.mdx b/website/docs/developer-docs/docs/style-guide.mdx index 5e9f708086..f6f4722fe5 100644 --- a/website/docs/developer-docs/docs/style-guide.mdx +++ b/website/docs/developer-docs/docs/style-guide.mdx @@ -94,6 +94,8 @@ Avoid phrasing that blames the user. Be subjective and polite when providing ins For Ken's sake, and many others, try to not use too many commas (avoid commaitis). Use a comma when needed to separate clauses, or for "slowing the pace" or clarity. Please **do** use the Oxford comma. +In [lists](#lists), add a period at the end of a bulleted item if it is a complete sentence. Try not to mix incomplete and complete sentences in the same list. + ### Capitalization #### Titles and headers @@ -159,7 +161,7 @@ When writing out steps in a procedural topic, avoid starting with "Once...". Ins - Use _italic_ for: - - Emphasis, but sparingly, to avoid overuse. For example, you can use italics for important terms or concepts on first mention in a section. + - Emphasis, but sparingly, to avoid overuse. For example, you can use italics for important terms or concepts on first mention in a section. Do not use italics to indicate a variable or placeholder; instead use angle brackets as described under [Variables](#variables). - Use `code formatting` for: @@ -167,14 +169,28 @@ When writing out steps in a procedural topic, avoid starting with "Once...". Ins - File paths, file names, and directory names (e.g., `/usr/local/bin/`). - Inline code snippets (e.g., `.env`). -- When handling URLs: +### Lists - - For URLs entered as values or defined in fields, enclose any variables inside angle brackets (`< >`) to clearly indicate that these are placeholders that require user input. +Add a period at the end of a bulleted item if it is a complete sentence. Try not to mix incomplete and complete sentences in the same list. - For example: `https://authentik.company/application/o//.well-known/openid-configuration` +If there is a [colon](#following-a-colon) used in a bulleted list item, follow the capitalization rules. + +### URLs - When mentioning URLs in text or within procedural instructions, omit code formatting. For instance: "In your browser, go to https://example.com." + - For URLs entered as values or defined in fields, enclose any variables inside angle brackets (`< >`) and use underscores between words. See more about variables below (#variables). + +### Variables + +To clearly indicate terms or values that are placeholders and require user input, enclose any variables inside angle brackets (`< >`) and use underscores between words to clearly indicate that these are placeholders that require user input. + + Examples: + + `https://authentik.company/application/o//.well-known/openid-configuration` + + "Add the configuration setting: ``." + ### Titles and headers - Titles and headers (H1, H2, H3) should follow **sentence case capitalization**, meaning only the first word is capitalized, except for proper nouns or product names. @@ -189,7 +205,7 @@ When writing out steps in a procedural topic, avoid starting with "Once...". Ins ### Examples -When you want to show an example (say, a code snippet), start on a new line, use bold text for the word "Example", and a semi-colon, like this: +When you want to show an example (say, a code snippet), start on a new line, use bold text for the word "Example", and a colon, like this: **Example**: diff --git a/website/docs/install-config/configuration/configuration.mdx b/website/docs/install-config/configuration/configuration.mdx index 0d3fa56c52..ea5c2c3c33 100644 --- a/website/docs/install-config/configuration/configuration.mdx +++ b/website/docs/install-config/configuration/configuration.mdx @@ -357,7 +357,11 @@ Defaults to `86400`. ### `AUTHENTIK_SESSION_STORAGE`:ak-version[2024.4] -Configure if the sessions are stored in the cache or the database. Defaults to `db`. Allowed values are `cache` and `db`. Note that changing this value will invalidate all previous sessions. +:::info Deprecated +This setting is removed as of version 2025.4. Sessions are now exclusively stored in the database. See our [2025.4 release notes](../../releases/2025.4#sessions-are-now-stored-in-the-database) for more information. +::: + +If you are running a version earlier than 2025.4, you can configure if the sessions are stored in the cache or the database. Defaults to `cache`. Allowed values are `cache` and `db`. Note that changing this value will invalidate all previous sessions. ### `AUTHENTIK_SESSIONS__UNAUTHENTICATED_AGE`:ak-version[2025.4] diff --git a/website/docs/install-config/upgrade.mdx b/website/docs/install-config/upgrade.mdx index 4f4cb54f7b..b855b6116a 100644 --- a/website/docs/install-config/upgrade.mdx +++ b/website/docs/install-config/upgrade.mdx @@ -14,7 +14,7 @@ authentik does not support downgrading. Make sure to back up your database in ca - Make a backup of your PostgreSQL database before upgrading. You can dump your existing database to get a backup file. For more information about dumping and backing up your database, refer to [Upgrade PostgreSQL on Docker Compose](../troubleshooting/postgres/upgrade_docker.md) or [Upgrade PostgreSQL on Kubernetes](../troubleshooting/postgres/upgrade_kubernetes.md). -- You need to upgrade in sequence of the major releases; do not skip directly from an older major version to the most recent version. For example, if you are currently running 2023.10.3, you will need to first upgrade to 2024.2.x, then 2024.4.x, and then 2024.6.x, in sequence. +- You need to upgrade in sequence of the major releases; do not skip directly from an older major version to the most recent version. For example, if you are currently running 2023.10.3, you should first upgrade to the latest 2024.2.x release, then to the latest 2024.4.x release, and finally to the latest 2024.6.x release, in sequence. Always use the latest available patch version (_x_ in this case being the latest patch release) for each major.minor release. - The version of the authentik instance and any outposts must be the same. We recommended that you always upgrade any outposts at the same time you upgrade your authentik instance. diff --git a/website/docs/releases/2025/v2025.6.md b/website/docs/releases/2025/v2025.6.md new file mode 100644 index 0000000000..bddaae44d6 --- /dev/null +++ b/website/docs/releases/2025/v2025.6.md @@ -0,0 +1,593 @@ +--- +title: Release 2025.6 +slug: "/releases/2025.6" +--- + +:::note +2025.6 has not been released yet! We're publishing these release notes as a preview of what's to come, and for our awesome beta testers trying out release candidates. + +To try out the release candidate, replace your Docker image tag with the latest release candidate number, such as 2025.6.0-rc1. You can find the latest one in [the latest releases on GitHub](https://github.com/goauthentik/authentik/releases). If you don't find any, it means we haven't released one yet. +::: + +## Highlights + +- **mTLS Stage**: :ak-enterprise The Mutual TLS stage provides support for mTLS, a standard protocol that uses certificates for mutual authentication between a client and a server. + +- **Email verification compatibility with link scanners**: We have improved compatibility for environments that have automated scanning software that inadvertently invalidated one-time links sent by authentik. + +- **LDAP source sync forward deletions**: This option synchronizes the deletion of users (those created by LDAP sources) in authentik when they are removed in the LDAP source. + +## Breaking changes + +- **Helm chart dependencies upgrades**: + + - The PostgreSQL chart has been updated to version 16.7.4. The PostgreSQL image is no longer pinned in authentik's default values and has been upgraded from version 15 to 17. Follow our [PostgreSQL upgrade instructions](../../troubleshooting/postgres/upgrade_kubernetes.md) to update to the latest PostgreSQL version. + - The Redis chart has been updated to version 21.1.6. There are no breaking changes and Redis has been upgraded from version 7 to 8. + +- **Deprecated and frozen `:latest` container image tag after 2025.2** + + Using the `:latest` tag with container images is not recommended as it can lead to unintentional updates and potentially broken setups. The tag will not be removed, however it will also not be updated past 2025.2. We strongly recommended the use of a specific version tag for authentik instances' container images, such as `:2025.6`. + +- **CSS**: We’ve made some improvements to our theming system. If your authentik instance uses custom CSS, you might need to review flow and user interfaces for any visual changes. + +## New features and improvements + +- **mTLS stage**: :ak-enterprise The Mutual TLS stage enables authentik to use client certificates to enroll and authenticate users. These certificates can be local to the device or available via PIV Smart Cards, Yubikeys, etc. For environments where certificates are already rolled out, this can make authentication a lot more seamless. Refer to our [technical documentation](../add-secure-apps/flows-stages/stages/mtls/) for more information. +- **Email verification compatibility with link scanners**: We have improved compatibility for environments with automated scanning software that inadvertently invalidated one-time links sent by authentik. +- **LDAP source sync forward deletions**: With this option enabled, users who were created in authentik via LDAP sources will also be removed from authentik if they are deleted from the LDAP source. For more information, please refer to our [LDAP source documentation](../users-sources/sources/protocols/ldap/). +- **Provider sync performance**: We have implemented parallel scheduling for outgoing syncs to provide faster synchronization. +- **Branding**: Custom branding should now be more consistent on initial load, without flickering. +- **Remote Access Control (RAC) improved documentation**: Adds content about how to authenticate using a public key and improves the wording and formatting throughout the topic. + +## New integration guides + +An integration is how authentik connects to third-party applications, directories, and other identity providers. The following integration guides were recently added. + +- [Pangolin](../../../integrations/services/pangolin/) +- [Stripe](../../../integrations/services/stripe/) +- [FileRise](../../../integrations/services/filerise/) +- [Push Security](../../../integrations/services/push-security/) +- [Atlassian Cloud (Jira, Confluence, etc)](../../../integrations/services/atlassian/) +- [Coder](../../../integrations/services/coder/) +- [YouTrack](../../../integrations/services/youtrack/) +- [Komodo](../../../integrations/services/komodo/) + +## Upgrading + +This release does not introduce any new requirements. You can follow the upgrade instructions below; for more detailed information about upgrading authentik, refer to our [Upgrade documentation](../../install-config/upgrade.mdx). + +:::warning +When you upgrade, be aware that the version of the authentik instance and of any outposts must be the same. We recommended that you always upgrade any outposts at the same time you upgrade your authentik instance. +::: + +### Docker Compose + +To upgrade, download the new docker-compose file and update the Docker stack with the new version, using these commands: + +```shell +wget -O docker-compose.yml https://goauthentik.io/version/2025.6/docker-compose.yml +docker compose up -d +``` + +The `-O` flag retains the downloaded file's name, overwriting any existing local file with the same name. + +### Kubernetes + +Upgrade the Helm Chart to the new version, using the following commands: + +```shell +helm repo update +helm upgrade authentik authentik/authentik -f values.yaml --version ^2025.6 +``` + +## Minor changes/fixes + +- brands: fix CSS Migration not updating brands (#14306) +- ci: add dependencies label to generated PRs (#14569) +- ci: cleanup post uv migration (#13538) +- ci: test with postgres 17 (#13967) +- ci: Update packages-npm-publish.yml (#14701) +- ci: use dependabot for compose correctly? (#14340) +- ci: use dependabot for docker-compose files (#14336) +- core: fix session migration when old session can't be loaded (#14466) +- core: fix unable to create group if no enable_group_superuser permission is given (#14510) +- core: Migrate permissions before deleting OldAuthenticatedSession (#14788) +- core: Publish web packages. (#14648) +- core: remove `OldAuthenticatedSession` content type (#14507) +- enterprise: fix expired license's users being counted (#14451) +- enterprise/stages: Add MTLS stage (#14296) +- enterprise/stages/mtls: improve certificate validation (#14582) +- enterprise/stages/mtls: update go & web client, fix py client generation (#14576) +- ESBuild Plugin: Setup and usage docs. (#14720) +- esbuild-plugin-live-reload: Publish. (#14624) +- lib/sync/outgoing: reduce number of db queries made (#14177) +- lib/sync/outgoing: sync in parallel (#14697) +- lifecycle: fix ak dump_config (#14445) +- lifecycle: fix test-all in docker (#14244) +- outposts: fix tmpdir in containers not being set (#14444) +- providers/ldap: retain binder and update users instead of re-creating (#14735) +- providers/proxy: kubernetes outpost: fix reconcile when ingress class name changed (#14612) +- rbac: add `name` to Permissions search (#14269) +- rbac: fix RoleObjectPermissionTable not showing `add_user_to_group` (#14312) +- root: backport SFE Build fix (#14495) +- root: do not use /bin/bash directly (#14698) +- root: improve sentry distributed tracing (#14468) +- root: move forked dependencies to goauthentik org (#14590) +- root: pin package version in pyproject for dependabot (#14469) +- root: readme: use right contribution guide link (#14250) +- root: replace raw.githubusercontent.com by checking out repo (#14567) +- root: temporarily deactivate database pool option (#14443) +- sources/kerberos: resolve logger warnings (#14540) +- sources/ldap: add forward deletion option (#14718) +- stages/email: fix email scanner voiding token (#14325) +- tests/e2e: Add E2E tests for Flow SFE (#14484) +- tests/e2e: add test for authentication flow in compatibility mode (#14392) +- tests/e2e: fix flaky SAML Source test (#14708) +- web, website: update browserslist (#14386) +- web: (ESLint) Consistent use of triple-equals. (#14554) +- web: (ESLint) No else return (#14558) +- web: (ESLint) Use dot notation. (#14557) +- web: Add specific Storybook dependency. (#14719) +- web: Clean up browser-only module imports that crash WebDriverIO. (#14330) +- web: cleanup/loading attribute always true (#14288) +- web: Controller refinements, error handling (#14700) +- Web: Controllers cleanup (#14616) +- web: fix bug that was causing charts to be too tall (#14253) +- web: fix description for signing responses in SAML provider (#14573) +- web: Fix issue where dual select type is not specific. (#14783) +- web: Fix issue where Storybook cannot resolve styles. (#14553) +- web: Fix missing Enterprise sidebar entries. (#14615) +- web: fix regression in subpath support (#14646) +- web: NPM workspaces (#14274) +- web: Type Tidy (#14647) +- web: Use engine available on Github Actions. (#14699) +- web: Use monorepo package utilities to build packages (#14159) +- web/admin: Dual select state management, custom event dispatching. (#14490) +- web/admin: fix enterprise menu display (#14447) +- web/admin: fix permissions modal button missing for PolicyBindings and FlowStageBindings (#14619) +- web/admin: Fix sidebar toggle synchronization. (#14487) +- web/admin: prevent default logo flashing in admin interface (#13960) +- web/flows: update default flow background (#14769) +- web/flows/sfe: fix global background image not being loaded (#14442) +- web/NPM Workspaces: ESbuild version cleanup (#14541) +- web/NPM Workspaces: Prep ESBuild plugin for publish. (#14552) +- web/NPM Workspaces: TypeScript API Client TSConfig. (#14555) + +## API Changes + +#### What's New + +--- + +##### `GET` /stages/mtls/ + +##### `POST` /stages/mtls/ + +##### `GET` /stages/mtls/{stage_uuid}/ + +##### `PUT` /stages/mtls/{stage_uuid}/ + +##### `DELETE` /stages/mtls/{stage_uuid}/ + +##### `PATCH` /stages/mtls/{stage_uuid}/ + +##### `GET` /stages/mtls/{stage_uuid}/used_by/ + +#### What's Changed + +--- + +##### `GET` /core/brands/{brand_uuid}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `client_certificates` (array) + + > Certificates used for client authentication. + + Items (string): + +##### `PUT` /core/brands/{brand_uuid}/ + +###### Request: + +Changed content type : `application/json` + +- Added property `client_certificates` (array) + > Certificates used for client authentication. + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `client_certificates` (array) + > Certificates used for client authentication. + +##### `PATCH` /core/brands/{brand_uuid}/ + +###### Request: + +Changed content type : `application/json` + +- Added property `client_certificates` (array) + > Certificates used for client authentication. + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `client_certificates` (array) + > Certificates used for client authentication. + +##### `GET` /policies/event_matcher/{policy_uuid}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `app` (string) + + > Match events created by selected application. When left empty, all applications are matched. + + Added enum value: + + - `authentik.enterprise.stages.mtls` + + - Changed property `model` (string) + + > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched. + + Added enum value: + + - `authentik_stages_mtls.mutualtlsstage` + +##### `PUT` /policies/event_matcher/{policy_uuid}/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `app` (string) + + > Match events created by selected application. When left empty, all applications are matched. + + Added enum value: + + - `authentik.enterprise.stages.mtls` + +- Changed property `model` (string) + + > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched. + + Added enum value: + + - `authentik_stages_mtls.mutualtlsstage` + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `app` (string) + + > Match events created by selected application. When left empty, all applications are matched. + + Added enum value: + + - `authentik.enterprise.stages.mtls` + + - Changed property `model` (string) + + > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched. + + Added enum value: + + - `authentik_stages_mtls.mutualtlsstage` + +##### `PATCH` /policies/event_matcher/{policy_uuid}/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `app` (string) + + > Match events created by selected application. When left empty, all applications are matched. + + Added enum value: + + - `authentik.enterprise.stages.mtls` + +- Changed property `model` (string) + + > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched. + + Added enum value: + + - `authentik_stages_mtls.mutualtlsstage` + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `app` (string) + + > Match events created by selected application. When left empty, all applications are matched. + + Added enum value: + + - `authentik.enterprise.stages.mtls` + + - Changed property `model` (string) + + > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched. + + Added enum value: + + - `authentik_stages_mtls.mutualtlsstage` + +##### `POST` /core/brands/ + +###### Request: + +Changed content type : `application/json` + +- Added property `client_certificates` (array) + > Certificates used for client authentication. + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + - Added property `client_certificates` (array) + > Certificates used for client authentication. + +##### `GET` /core/brands/ + +###### Parameters: + +Added: `client_certificates` in `query` + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > Brand Serializer + + - Added property `client_certificates` (array) + > Certificates used for client authentication. + +##### `POST` /policies/event_matcher/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `app` (string) + + > Match events created by selected application. When left empty, all applications are matched. + + Added enum value: + + - `authentik.enterprise.stages.mtls` + +- Changed property `model` (string) + + > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched. + + Added enum value: + + - `authentik_stages_mtls.mutualtlsstage` + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + - Changed property `app` (string) + + > Match events created by selected application. When left empty, all applications are matched. + + Added enum value: + + - `authentik.enterprise.stages.mtls` + + - Changed property `model` (string) + + > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched. + + Added enum value: + + - `authentik_stages_mtls.mutualtlsstage` + +##### `GET` /policies/event_matcher/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > Event Matcher Policy Serializer + + - Changed property `app` (string) + + > Match events created by selected application. When left empty, all applications are matched. + + Added enum value: + + - `authentik.enterprise.stages.mtls` + + - Changed property `model` (string) + + > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched. + + Added enum value: + + - `authentik_stages_mtls.mutualtlsstage` + +##### `POST` /rbac/permissions/assigned_by_roles/{uuid}/assign/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `model` (string) + + Added enum value: + + - `authentik_stages_mtls.mutualtlsstage` + +##### `PATCH` /rbac/permissions/assigned_by_roles/{uuid}/unassign/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `model` (string) + + Added enum value: + + - `authentik_stages_mtls.mutualtlsstage` + +##### `POST` /rbac/permissions/assigned_by_users/{id}/assign/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `model` (string) + + Added enum value: + + - `authentik_stages_mtls.mutualtlsstage` + +##### `PATCH` /rbac/permissions/assigned_by_users/{id}/unassign/ + +###### Request: + +Changed content type : `application/json` + +- Changed property `model` (string) + + Added enum value: + + - `authentik_stages_mtls.mutualtlsstage` + +##### `GET` /sources/ldap/{slug}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `delete_not_found_objects` (boolean) + > Delete authentik users and groups which were previously supplied by this source, but are now missing from it. + +##### `PUT` /sources/ldap/{slug}/ + +###### Request: + +Changed content type : `application/json` + +- Added property `delete_not_found_objects` (boolean) + > Delete authentik users and groups which were previously supplied by this source, but are now missing from it. + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `delete_not_found_objects` (boolean) + > Delete authentik users and groups which were previously supplied by this source, but are now missing from it. + +##### `PATCH` /sources/ldap/{slug}/ + +###### Request: + +Changed content type : `application/json` + +- Added property `delete_not_found_objects` (boolean) + > Delete authentik users and groups which were previously supplied by this source, but are now missing from it. + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `delete_not_found_objects` (boolean) + > Delete authentik users and groups which were previously supplied by this source, but are now missing from it. + +##### `GET` /rbac/permissions/assigned_by_roles/ + +###### Parameters: + +Changed: `model` in `query` + +##### `GET` /rbac/permissions/assigned_by_users/ + +###### Parameters: + +Changed: `model` in `query` + +##### `POST` /sources/ldap/ + +###### Request: + +Changed content type : `application/json` + +- Added property `delete_not_found_objects` (boolean) + > Delete authentik users and groups which were previously supplied by this source, but are now missing from it. + +###### Return Type: + +Changed response : **201 Created** + +- Changed content type : `application/json` + + - Added property `delete_not_found_objects` (boolean) + > Delete authentik users and groups which were previously supplied by this source, but are now missing from it. + +##### `GET` /sources/ldap/ + +###### Parameters: + +Added: `delete_not_found_objects` in `query` + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > LDAP Source Serializer + + - Added property `delete_not_found_objects` (boolean) + > Delete authentik users and groups which were previously supplied by this source, but are now missing from it. diff --git a/website/docs/security/cves/CVE-2025-29928.md b/website/docs/security/cves/CVE-2025-29928.md index e91ca5c57a..f5f793b90a 100644 --- a/website/docs/security/cves/CVE-2025-29928.md +++ b/website/docs/security/cves/CVE-2025-29928.md @@ -2,13 +2,17 @@ ## Deletion of sessions did not revoke sessions when using database session storage +### ADDENDUM May 30, 2025 + +As of version 2025.4, the option to store sessions in cache has been removed; sessions are now exclusively stored in the database. See our [2025.4 release notes](../../releases/2025.4#sessions-are-now-stored-in-the-database) for more information. + ### Summary When authentik was configured to use the database for session storage (which is a non-default setting), deleting sessions via the Web Interface or the API would not revoke the session and the session holder would continue to have access to authentik. This also affects automatic session deletion when a user is set to inactive or a user is deleted. -The session backend is configured via [this](../../install-config/configuration/configuration.mdx#authentik_session_storage) setting; if this settings isn't set the sessions are stored in the cache (Redis), which is not affected by this. +The session backend was configured via the `AUTHENTIK_SESSION_STORAGE` setting, which was removed in version 2025.4. ### Patches diff --git a/website/docs/sys-mgmt/brands.md b/website/docs/sys-mgmt/brands.md index ac20dd3078..d58f0052e5 100644 --- a/website/docs/sys-mgmt/brands.md +++ b/website/docs/sys-mgmt/brands.md @@ -3,7 +3,7 @@ title: Brands slug: /brands --- -As an authentik admin, you can customize your instance's appearance and behavior using brands. While a single authentik instance supports only one brand per domain, you can apply a separate brand to each domain. +As an authentik admin, you can customize your instance's appearance and behavior using brands. Brands apply to a single domain, a domain wildcard or can be set as default, in which case the brand will be used when no other brand matches the domain. For an overview of branding and other customization options in authentik refer to [Customize your instance](../customize/index.md). @@ -61,4 +61,14 @@ This means that if you want to select a default flow based on policy, you can le ## Other global settings -Under **Other global settings** you can specify an exact web certificate. +#### Web Certificate + +The **Web Certificate** option can be used to configure which certificate authentik uses when its accessed directly via HTTPS (via port 9443). + +#### Client Certificates:ak-version[2025.4] + +When using the [Mutual TLS Stage](../add-secure-apps/flows-stages/stages/mtls/index.md) and accessing authentik directly, this option configures which certificate authorities clients' certificates can be issued by. + +#### Attributes + +Attributes such as locale, theme settings and custom attributes can be set to a per-brand default value here. Any custom attributes can be retrieved via [`group_attributes()`](../users-sources/user/user_ref.mdx#object-properties). diff --git a/website/docs/troubleshooting/postgres/upgrade_kubernetes.md b/website/docs/troubleshooting/postgres/upgrade_kubernetes.md index bffe4de649..1137d4eee5 100644 --- a/website/docs/troubleshooting/postgres/upgrade_kubernetes.md +++ b/website/docs/troubleshooting/postgres/upgrade_kubernetes.md @@ -1,98 +1,161 @@ --- -title: Upgrade PostgreSQL on Kubernetes +title: Upgrading PostgreSQL on Kubernetes --- -## Preparation +This guide walks you through upgrading PostgreSQL in your authentik Kubernetes deployment. The process requires a brief downtime period while the database is migrated. -- `authentik-postgresql-0` is the Kubernetes Pod running PostgreSQL. +:::note +For this guide, we assume the PostgreSQL pod is named `authentik-postgresql-0`, which is the default name in the authentik Helm chart. +::: -### Prerequisites +## Prerequisites -This migration requires some downtime, during which authentik must be stopped. To do this, run the following command: +- `kubectl` access with permissions to `scale` deployments and `exec` into pods +- Your existing `values.yaml` file used for authentik deployment +- Basic understanding of Kubernetes and Helm commands + +## Overview of workflow + +The basic steps to upgrades PostgreSQL on Kubernetes are: + +1. Stop authentik services +2. Back up the database +3. Prepare the data directory +4. Upgrade PostgreSQL +5. Restore database content +6. Restart authentik services + +## Stop authentik services + +Begin by scaling down authentik services to prevent database access during the migration: ```shell kubectl scale deploy --replicas 0 authentik-server kubectl scale deploy --replicas 0 authentik-worker ``` -### Dump the current database +## Back up the database -Run `kubectl exec -it authentik-postgresql-0 -- bash` to get a shell in the PostgreSQL pod. - -Run the following commands to dump the current data into a `.sql` file: +Connect to your PostgreSQL pod: ```shell -# This is the path where the PVC is mounted, so we'll place the dump here too +kubectl exec -it authentik-postgresql-0 -- bash +``` + +After you are connected, execute these commands to create a database backup: + +```shell +# Navigate to the PostgreSQL data directory cd /bitnami/postgresql/ -# Set the postgres password based on the `POSTGRES_POSTGRES_PASSWORD` environment variable + +# Set the PostgreSQL password from environment variable export PGPASSWORD=$POSTGRES_POSTGRES_PASSWORD -# Dump the authentik database into an sql file -pg_dump -U $POSTGRES_USER $POSTGRES_DB > dump-11.sql + +# Create a full database dump +pg_dump -U $POSTGRES_USER $POSTGRES_DB > /bitnami/postgresql/dump.sql ``` -### Stop PostgreSQL and start the upgrade - -To upgrade, change the following entries in your `values.yaml` used to deploy authentik: - -```yaml -postgresql: - diagnosticMode: - enabled: true - image: - tag: 15.2.0-debian-11-r26 -``` - -Now run `helm upgrade --install authentik authentik/authentik -f values.yaml` to apply these changes. Depending on your configuration, you might have to repeat the steps from [Prerequisites](#prerequisites). - -After the upgrade is finished, you should have a new PostgreSQL pod running with the updated image. - -### Remove the old data - -Because the PVC mounted by the PostgreSQL pod still contains the old data, we need to remove/rename that data, so that PostgreSQL can initialize it with the new version. - -Run `kubectl exec -it authentik-postgresql-0 -- bash` to get a shell in the PostgreSQL pod. - -Run the following commands to move the old data: +:::tip +Consider copying the dump file to a safe location outside the pod: ```shell -# This is the path where the PVC is mounted -cd /bitnami/postgresql/ -# Move Postgres' data folder to data-11, which is the version we're upgrading to. -# The data folder can also be deleted; however it is recommended to rename it first -# in case the upgrade fails. -mv data data-11 +# From a separate terminal +kubectl cp authentik-postgresql-0:/bitnami/postgresql/dump.sql ./authentik-db-backup.sql ``` -### Restart PostgreSQL +This ensures you have a backup even if something goes wrong with the pod or storage. +::: -In the step [Stop PostgreSQL and start the upgrade](#stop-postgresql-and-start-the-upgrade), we enabled the _diagnostic mode_, which means the PostgreSQL pod is running, but the actual Postgres process isn't running. Now that we've removed the old data directory, we can disable the diagnostic mode. +## Prepare the data directory -Once again, change the following entries in your `values.yaml` used to deploy authentik: +While still connected to the PostgreSQL pod, prepare the data directory for the upgrade: + +```shell +# Ensure you're in the PostgreSQL data directory +cd /bitnami/postgresql/ + +# Verify the SQL dump exists and has content +ls -lh dump.sql + +# Preserve the existing data by renaming the directory +mv data data-old +``` + +:::caution +Do not delete the old data directory immediately. Keeping it as `data-old` allows for recovery if the upgrade encounters issues. +::: + +## Upgrade PostgreSQL + +Now update your `values.yaml` to specify the new PostgreSQL version: ```yaml postgresql: image: - tag: 15.2.0-debian-11-r26 + tag: ``` -And once again run `helm upgrade --install authentik authentik/authentik -f values.yaml` to apply these changes. Depending on your configuration, you might have to repeat the steps from [Prerequisites](#prerequisites). +Apply these changes using Helm to deploy the updated configuration. -After the PostgreSQL pod is running again, we need to restore the data from the dump we created above. +This will restart the PostgreSQL pod with the new image. When the pod starts, PostgreSQL will initialize a new, empty data directory since the previous directory was renamed. -Run `kubectl exec -it authentik-postgresql-0 -- bash` to get a shell in the PostgreSQL pod. +## Restore database content -Run the following commands to restore the data: +Connect to the PostgreSQL pod again: ```shell -# This is the path where the PVC is mounted -cd /bitnami/postgresql/ -# Set the Postgres password based on the `POSTGRES_POSTGRES_PASSWORD` environment variable. -export PGPASSWORD=$POSTGRES_POSTGRES_PASSWORD -psql -U $POSTGRES_USER $POSTGRES_DB < dump-11.sql +kubectl exec -it authentik-postgresql-0 -- bash ``` -After the last command finishes, all of the data is restored, and you can restart authentik. +Restore your database from the backup: -### Restarting authentik +```shell +# Navigate to the PostgreSQL directory +cd /bitnami/postgresql/ -Run `helm upgrade --install authentik authentik/authentik -f values.yaml` once again, which will restart your authentik server and worker containers. +# Verify your dump file is still there +ls -lh dump.sql + +# Set the PostgreSQL password +export PGPASSWORD=$POSTGRES_POSTGRES_PASSWORD + +# Import the database dump +psql -U $POSTGRES_USER $POSTGRES_DB < dump.sql +``` + +## Restart authentik services + +After the database restoration completes successfully, restart authentik using Helm with your updated configuration. + +This will scale your authentik server and worker deployments back to their original replica counts. + +## Troubleshooting + +If you encounter issues during the upgrade process: + +- Check PostgreSQL logs: + ```shell + kubectl logs authentik-postgresql-0 + ``` +- Verify the values in your `values.yaml` file match the recommended settings +- Ensure you have sufficient storage available for both the database dump and the database itself + +### Dump file not found + +If your dump file is missing after upgrading: + +- You may need to restore from the external backup if you copied it out of the pod +- The volume might have been recreated if you're using ephemeral storage + +### Restoring the original database + +For persistent problems, you can restore from the `data-old` directory if needed: + +```shell +kubectl exec -it authentik-postgresql-0 -- bash +cd /bitnami/postgresql/ +mv data data-new-failed +mv data-old data +``` + +Then restart PostgreSQL with the original version in your `values.yaml`. diff --git a/website/docs/users-sources/sources/directory-sync/active-directory/index.md b/website/docs/users-sources/sources/directory-sync/active-directory/index.md index 73dd0c0d7e..1877690b5d 100644 --- a/website/docs/users-sources/sources/directory-sync/active-directory/index.md +++ b/website/docs/users-sources/sources/directory-sync/active-directory/index.md @@ -42,7 +42,7 @@ To support the integration of Active Directory with authentik, you need to creat To support the integration of authentik with Active Directory, you will need to create a new LDAP Source in authentik. -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Directory** > **Federation & Social login**. 3. Click **Create** and select **LDAP Source** as the type. 4. Provide a name, slug, and the following required configurations: diff --git a/website/docs/users-sources/sources/directory-sync/freeipa/index.md b/website/docs/users-sources/sources/directory-sync/freeipa/index.md index b0e939b22b..3c5b92ac66 100644 --- a/website/docs/users-sources/sources/directory-sync/freeipa/index.md +++ b/website/docs/users-sources/sources/directory-sync/freeipa/index.md @@ -13,7 +13,7 @@ The following placeholders are used in this guide: ## FreeIPA Setup -1. Log into FreeIPA. +1. Log in to FreeIPA. 2. Create a user in FreeIPA, matching your naming scheme. Provide a strong password, example generation methods: `pwgen 64 1` or `openssl rand 36 | base64 -w 0`. After you are done click **Add and Edit**. diff --git a/website/docs/users-sources/sources/index.md b/website/docs/users-sources/sources/index.md index 0ca0848205..8976a302fe 100644 --- a/website/docs/users-sources/sources/index.md +++ b/website/docs/users-sources/sources/index.md @@ -15,12 +15,13 @@ Sources are in the following general categories: For instructions to add a specific source, refer to the documentation links in the left navigation pane. -### Add Sources to Default Login Page +### Add sources to default login page To have sources show on the default login screen you will need to add them to the flow. The process below assumes that you have not created or renamed the default stages and flows. -1. In the Admin interface, navigate to the **Flows** section. -2. Click on **default-authentication-flow**. -3. Click the **Stage Bindings** tab. -4. Chose **Edit Stage** for the _default-authentication-identification_ stage. -5. Under **Sources** you should see the additional sources that you have configured. Click all applicable sources to have them displayed on the Login page. +1. Log in to authentik as an administrator and open the authentik Admin interface. +2. Navigate to **Flows and Stages** > **Flows**. +3. Click the **default-authentication-flow**. +4. Click the **Stage Bindings** tab. +5. Click **Edit Stage** on the **default-authentication-identification** stage. +6. Under **Source settings**, add sources to **Selected sources** to have them displayed on the authentik login page. diff --git a/website/docs/users-sources/sources/protocols/kerberos/browser.md b/website/docs/users-sources/sources/protocols/kerberos/browser.md index 6d7897b352..700ade63d8 100644 --- a/website/docs/users-sources/sources/protocols/kerberos/browser.md +++ b/website/docs/users-sources/sources/protocols/kerberos/browser.md @@ -26,7 +26,7 @@ To automate the deployment of this configuration use a [Group policy](https://su ## Windows / Internet Explorer -Log into the Windows machine using an account of your Kerberos realm (or administrative domain). +Log in to the Windows machine using an account of your Kerberos realm (or administrative domain). Open Internet Explorer, click **Tools** and then click **Internet Options**. You can also find **Internet Options** using the system search. diff --git a/website/docs/users-sources/sources/social-logins/apple/index.md b/website/docs/users-sources/sources/social-logins/apple/index.md index 59bd2116f1..e0aa33d2b4 100644 --- a/website/docs/users-sources/sources/social-logins/apple/index.md +++ b/website/docs/users-sources/sources/social-logins/apple/index.md @@ -21,7 +21,7 @@ The following placeholders are used in this guide: ## Apple -1. Log into your Apple developer account, and navigate to **Certificates, IDs & Profiles**, then click **Identifiers** in the sidebar. +1. Log in to your Apple developer account, and navigate to **Certificates, IDs & Profiles**, then click **Identifiers** in the sidebar. 2. Register a new Identifier with the type of **App IDs**, and the subtype **App**. 3. Choose a name that users will recognise for the **Description** field. 4. For your bundle ID, use the reverse domain of authentik, in this case `company.authentik`. @@ -68,5 +68,5 @@ The following placeholders are used in this guide: Save, and you now have Apple as a source. :::note -For more details on how-to have the new source display on the Login Page see [here](../../index.md#add-sources-to-default-login-page). +For instructions on how to display the new source on the authentik login page, refer to the [Add sources to default login page documentation](../../index.md#add-sources-to-default-login-page). ::: diff --git a/website/docs/users-sources/sources/social-logins/azure-ad/index.mdx b/website/docs/users-sources/sources/social-logins/azure-ad/index.mdx index 161dbc21c9..3856705a1f 100644 --- a/website/docs/users-sources/sources/social-logins/azure-ad/index.mdx +++ b/website/docs/users-sources/sources/social-logins/azure-ad/index.mdx @@ -129,3 +129,7 @@ client_secret= ``` The JWT returned from the request above can be used with authentik to exchange it for an authentik JWT. + +:::note +For instructions on how to display the new source on the authentik login page, refer to the [Add sources to default login page documentation](../../index.md#add-sources-to-default-login-page). +::: diff --git a/website/docs/users-sources/sources/social-logins/discord/index.md b/website/docs/users-sources/sources/social-logins/discord/index.md index 3cf5727495..2c50fa9143 100644 --- a/website/docs/users-sources/sources/social-logins/discord/index.md +++ b/website/docs/users-sources/sources/social-logins/discord/index.md @@ -380,3 +380,7 @@ return True ``` Now bind this policy to the chosen enrollment and authentication flows for the Discord OAuth source. + +:::note +For instructions on how to display the new source on the authentik login page, refer to the [Add sources to default login page documentation](../../index.md#add-sources-to-default-login-page). +::: diff --git a/website/docs/users-sources/sources/social-logins/facebook/index.md b/website/docs/users-sources/sources/social-logins/facebook/index.md index 88d1c3cc7b..7b44bd48f9 100644 --- a/website/docs/users-sources/sources/social-logins/facebook/index.md +++ b/website/docs/users-sources/sources/social-logins/facebook/index.md @@ -48,7 +48,7 @@ Finally, you need to publish the Facebook app. ## authentik configuration -1. Log into authentik as admin, and then navigate to **Directory -> Federation & Social login** +1. Log in to authentik as admin, and then navigate to **Directory -> Federation & Social login** 2. Click **Create**. 3. In the **New Source** box, for **Select type** select **Facebook OAuth Source** and then click **Next**. 4. Define the following fields: @@ -69,5 +69,5 @@ Finally, you need to publish the Facebook app. You now have Facebook as a source. Verify by checking that appears on the **Directory -> Federation & Social login** page in authentik. :::note -For more details on how to display the new source on the authentik Login page refer to [Add Sources to default Login form](../../index.md#add-sources-to-default-login-page). +For instructions on how to display the new source on the authentik login page, refer to the [Add sources to default login page documentation](../../index.md#add-sources-to-default-login-page). ::: diff --git a/website/docs/users-sources/sources/social-logins/github/index.mdx b/website/docs/users-sources/sources/social-logins/github/index.mdx index bdcc4950ef..fa4535b1ed 100644 --- a/website/docs/users-sources/sources/social-logins/github/index.mdx +++ b/website/docs/users-sources/sources/social-logins/github/index.mdx @@ -99,3 +99,7 @@ return user_matched If a user is not member of the chosen organisation, they will see this message ![](./github_org_membership.png) + +:::note +For instructions on how to display the new source on the authentik login page, refer to the [Add sources to default login page documentation](../../index.md#add-sources-to-default-login-page). +::: diff --git a/website/docs/users-sources/sources/social-logins/google/cloud/index.md b/website/docs/users-sources/sources/social-logins/google/cloud/index.md index d0b00d5ced..f4b2da1587 100644 --- a/website/docs/users-sources/sources/social-logins/google/cloud/index.md +++ b/website/docs/users-sources/sources/social-logins/google/cloud/index.md @@ -101,3 +101,7 @@ return False Afterwards, edit the source's enrollment flow (by default _default-source-enrollment_), expand the policies bound to the first stage (_default-source-enrollment-prompt_), and bind the policy created above. Make sure the newly created policy comes before _default-source-enrollment-if-username_. Afterwards, any new logins will automatically have their google email address used as their username. This can be combined with disallowing users from changing their usernames, see [Configuration](../../../../../sys-mgmt/settings.md#allow-users-to-change-username). + +:::note +For instructions on how to display the new source on the authentik login page, refer to the [Add sources to default login page documentation](../../../index.md#add-sources-to-default-login-page). +::: diff --git a/website/docs/users-sources/sources/social-logins/google/workspace/index.md b/website/docs/users-sources/sources/social-logins/google/workspace/index.md index 0c817f736e..8a6315ef2b 100644 --- a/website/docs/users-sources/sources/social-logins/google/workspace/index.md +++ b/website/docs/users-sources/sources/social-logins/google/workspace/index.md @@ -202,3 +202,7 @@ This may take a few minutes to propagate, so try logging in again after a short - [Setting up SAML with Google Workspace](https://support.google.com/a/answer/6087519) - [SAML app error messages](https://support.google.com/a/answer/6301076) - [SAML authentication flow](https://infosec.mozilla.org/guidelines/iam/saml.html) + +:::note +For instructions on how to display the new source on the authentik login page, refer to the [Add sources to default login page documentation](../../../index.md#add-sources-to-default-login-page). +::: diff --git a/website/docs/users-sources/sources/social-logins/mailcow/index.md b/website/docs/users-sources/sources/social-logins/mailcow/index.md index 02ad2f8f5f..c4c69323eb 100644 --- a/website/docs/users-sources/sources/social-logins/mailcow/index.md +++ b/website/docs/users-sources/sources/social-logins/mailcow/index.md @@ -14,7 +14,7 @@ The following placeholders are used in this guide: ## Mailcow -1. Log into mailcow as an admin and navigate to the OAuth2 Apps settings +1. Log in to mailcow as an admin and navigate to the OAuth2 Apps settings ![OAuth2 Apps menu](./mailcow1.png) @@ -49,5 +49,5 @@ Here is an example of a complete authentik Mailcow OAuth Source Save, and you now have Mailcow as a source. :::note -For more details on how-to have the new source display on the Login Page see [here](../../index.md#add-sources-to-default-login-page). +For instructions on how to display the new source on the authentik login page, refer to the [Add sources to default login page documentation](../../index.md#add-sources-to-default-login-page). ::: diff --git a/website/docs/users-sources/sources/social-logins/plex/index.md b/website/docs/users-sources/sources/social-logins/plex/index.md index 2f3fc53a4b..cb31b53e20 100644 --- a/website/docs/users-sources/sources/social-logins/plex/index.md +++ b/website/docs/users-sources/sources/social-logins/plex/index.md @@ -22,7 +22,7 @@ Add _Plex_ as a _source_ Save, and you now have Plex as a source. :::note -For more details on how-to have the new source display on the Login Page see [here](../../index.md#add-sources-to-default-login-page). +For instructions on how to display the new source on the authentik login page, refer to the [Add sources to default login page documentation](../../index.md#add-sources-to-default-login-page). ::: ## Plex source property mappings diff --git a/website/docs/users-sources/sources/social-logins/twitch/index.md b/website/docs/users-sources/sources/social-logins/twitch/index.md index a801f8d18c..8171bd8142 100644 --- a/website/docs/users-sources/sources/social-logins/twitch/index.md +++ b/website/docs/users-sources/sources/social-logins/twitch/index.md @@ -55,5 +55,5 @@ Here is an example of a complete authentik Twitch OAuth Source Save, and you now have Twitch as a source. :::note -For more details on how-to have the new source display on the Login Page see [here](../../index.md#add-sources-to-default-login-page). +For instructions on how to display the new source on the authentik login page, refer to the [Add sources to default login page documentation](../../index.md#add-sources-to-default-login-page). ::: diff --git a/website/docs/users-sources/sources/social-logins/twitter/index.md b/website/docs/users-sources/sources/social-logins/twitter/index.md index afb6392d15..32d4729baa 100644 --- a/website/docs/users-sources/sources/social-logins/twitter/index.md +++ b/website/docs/users-sources/sources/social-logins/twitter/index.md @@ -43,5 +43,5 @@ You will need to create a new project, and OAuth credentials in the Twitter Deve 5. **Consumer Secret:** Your Client Secret from step 25 :::note -For more details on how-to have the new source display on the Login Page see [here](../../index.md#add-sources-to-default-login-page). +For instructions on how to display the new source on the authentik login page, refer to the [Add sources to default login page documentation](../../index.md#add-sources-to-default-login-page). ::: diff --git a/website/docs/users-sources/user/user_ref.mdx b/website/docs/users-sources/user/user_ref.mdx index 134139a7b2..c16348b8a0 100644 --- a/website/docs/users-sources/user/user_ref.mdx +++ b/website/docs/users-sources/user/user_ref.mdx @@ -25,7 +25,7 @@ These are examples of how User objects can be used within Policies and Property ### List a user's group memberships -Use the following example to list all groups that a User object is a member of: +Use the following example to list all groups that a user object is a member of: ```python for group in user.ak_groups.all(): @@ -34,12 +34,20 @@ for group in user.ak_groups.all(): ### List a user's group memberships and filter based on group name -Use the following example to list groups that a User object is a member of, but filter based on group name: +Use the following example to list groups that a user object is a member of, but filter based on group name: ```python user.ak_groups.filter(name__startswith='test') ``` +### List a user's group memberships including parent groups + +Use the following example to list all groups that a user object is a member of, including parent groups: + +```python +groups = [group.name for group in request.user.all_groups()] +``` + :::info For Django field lookups, see the [Django documentation](https://docs.djangoproject.com/en/stable/ref/models/querysets/#id4). ::: diff --git a/website/integrations/services/actual-budget/index.mdx b/website/integrations/services/actual-budget/index.mdx index 8d9c47d4c7..00005346fc 100644 --- a/website/integrations/services/actual-budget/index.mdx +++ b/website/integrations/services/actual-budget/index.mdx @@ -30,7 +30,7 @@ To support the integration of Actual Budget with authentik, you need to create a ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. @@ -102,10 +102,10 @@ The first user to log into Actual Budget via OpenID will become the owner and ad To do so, navigate to **Server online** > **User Directory**, and create users matching exiting authentik usernames. Then, grant access to the budget via the **User Access** tab. ::: -## Resources - -- [Official Actual Budget documentation on OpenID Connect integration](https://actualbudget.org/docs/experimental/oauth-auth/) - ## Configuration verification To confirm that authentik is properly configured with Actual Budget, visit your Actual Budget installation, select the OpenID login method from the dropdown menu, and click **Sign in with OpenID**. + +## Resources + +- [Official Actual Budget documentation on OpenID Connect integration](https://actualbudget.org/docs/experimental/oauth-auth/) diff --git a/website/integrations/services/adventurelog/index.mdx b/website/integrations/services/adventurelog/index.mdx index abcbdea169..7284c19a99 100644 --- a/website/integrations/services/adventurelog/index.mdx +++ b/website/integrations/services/adventurelog/index.mdx @@ -27,7 +27,7 @@ To support the integration of AdventureLog with authentik, you need to create an ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. @@ -73,10 +73,10 @@ Ensure the `https://adventurelog.company/accounts` path is routed to the backend Launch your authentik dashboard as an admin and find the AdventureLog app. Click **More details** then **Edit**. In the admin interface, click **Test** under **Check Access**. If you get a 403 error, you need to grant the user the correct permissions. This can be done by going to the user's profile and adding the correct permissions. -## Resources - -- [AdventureLog's official documentation](https://adventurelog.app/docs/configuration/social_auth/authentik.html) - ## Configuration verification To confirm authentik is correctly integrated with AdventureLog, log out and attempt to log back in using OpenID Connect by clicking the **authentik** button on the AdventureLog login page. + +## Resources + +- [AdventureLog's official documentation](https://adventurelog.app/docs/configuration/social_auth/authentik.html) diff --git a/website/integrations/services/apache-guacamole/index.mdx b/website/integrations/services/apache-guacamole/index.mdx index a1f3761792..63f3428a5f 100644 --- a/website/integrations/services/apache-guacamole/index.mdx +++ b/website/integrations/services/apache-guacamole/index.mdx @@ -30,7 +30,7 @@ To support the integration of Apache Guacamole with authentik, you need to creat ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. @@ -188,10 +188,10 @@ This section depends on the operating system hosting Apache Guacamole. More information on the keytool command can be found in the [Oracle documentation.](https://docs.oracle.com/en/java/javase/21/docs/specs/man/keytool.html) ::: -## Resources - -- [Apache Guacamole official documentation on OpenID Connect integrations](https://guacamole.apache.org/doc/gug/openid-auth.html#configuring-guacamole-for-single-sign-on-with-openid-connect) - ## Configuration verification To verify that authentik is correctly configured with Apache Guacamole, log out and log back in through authentik. You should notice a new button appearing at the bottom left of the login page. + +## Resources + +- [Apache Guacamole official documentation on OpenID Connect integrations](https://guacamole.apache.org/doc/gug/openid-auth.html#configuring-guacamole-for-single-sign-on-with-openid-connect) diff --git a/website/integrations/services/argocd/index.md b/website/integrations/services/argocd/index.md index 7913d36da2..530c540ef9 100644 --- a/website/integrations/services/argocd/index.md +++ b/website/integrations/services/argocd/index.md @@ -27,7 +27,7 @@ To support the integration of ArgoCD with authentik, you need to create an appli ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. diff --git a/website/integrations/services/aruba-orchestrator/index.md b/website/integrations/services/aruba-orchestrator/index.md index 224e093b65..3e5ee383f8 100644 --- a/website/integrations/services/aruba-orchestrator/index.md +++ b/website/integrations/services/aruba-orchestrator/index.md @@ -27,7 +27,7 @@ To support the integration of Aruba Orchestrator with authentik, you need to cre ### Create property mappings -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Customization** > **Property Mappings** and click **Create**. Create a **SAML Provider Property Mapping** with the following settings: - **Name**: Set an appropriate name - **SAML Attribute Name**: sp-roles @@ -41,7 +41,7 @@ To support the integration of Aruba Orchestrator with authentik, you need to cre ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. Take note of the **slug** as it will be required later. diff --git a/website/integrations/services/atlassian/index.mdx b/website/integrations/services/atlassian/index.mdx index 31a8723ab7..f17e853422 100644 --- a/website/integrations/services/atlassian/index.mdx +++ b/website/integrations/services/atlassian/index.mdx @@ -38,7 +38,7 @@ To support the integration of Atlassian Cloud with authentik, you need to create ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. @@ -54,7 +54,7 @@ To support the integration of Atlassian Cloud with authentik, you need to create ### Download the signing certificate -1. Log into authentik as an admin, and open the authentik Admin interface. +1. Log into authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Providers** and click on the name of the newly created Atlassian Cloud provider. 3. Under **Download signing certificate** click the **Download** button. The contents of this certificate will be required in the next section. @@ -77,7 +77,7 @@ To support the integration of Atlassian Cloud with authentik, you need to create ## Reconfigure authentik provider -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Providers** and click the **Edit** icon of the newly created Atlassian Cloud provider. 3. Under **Protocol settgins**, set the following required configurations: - **ACS URL**: set the acs url to the copied **Service provider assertion consumer service URL** (e.g. https://auth.atlassian.com/login/callback?connection=saml-example). @@ -88,7 +88,7 @@ To support the integration of Atlassian Cloud with authentik, you need to create ### Internal users -1. Log into the [Atlassian administrator portal](https://admin.atlassian.com) as an Atlassian Cloud organization admin. +1. Log in to the [Atlassian administrator portal](https://admin.atlassian.com) as an Atlassian Cloud organization admin. 2. Navigate to **Security** > **Authentication policies**. 3. Click **Add policy** at the top right. 4. Select the `authentik` directory and provide a name for the policy. diff --git a/website/integrations/services/aws/index.mdx b/website/integrations/services/aws/index.mdx index 652767bdf8..66ad1abd4a 100644 --- a/website/integrations/services/aws/index.mdx +++ b/website/integrations/services/aws/index.mdx @@ -38,7 +38,7 @@ To support the integration of AWS with authentik using the classic IAM method, y #### Create property mappings -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Customization** > **Property Mappings** and click **Create**. Create two **SAML Provider Property Mapping**s with the following settings: - **Role Mapping:** @@ -79,7 +79,7 @@ To support the integration of AWS with authentik using the classic IAM method, y #### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name (e.g. "AWS"), an optional group for the type of application, the policy engine mode, and optional UI settings. The **slug** will be used in URLs and should match the `aws-slug` placeholder defined earlier. @@ -120,7 +120,7 @@ To support the integration of AWS with authentik using IAM Identity Center, you #### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name (e.g. "AWS Identity Center"), an optional group for the type of application, the policy engine mode, and optional UI settings. The **slug** will be used in URLs and should match the `aws-slug` placeholder defined earlier. @@ -161,7 +161,7 @@ To support the integration of AWS with authentik using SCIM, you need to create #### Create property mappings -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Customization** > **Property Mappings** and click **Create**. Create a **SCIM Mapping** with the following settings: - **Name**: Choose a name lexically lower than `authentik default` (e.g. `AWS SCIM User mapping`) - **Expression**: @@ -175,7 +175,7 @@ To support the integration of AWS with authentik using SCIM, you need to create #### Create a SCIM provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Providers** > **Providers** and click **Create**. 3. Select **SCIM Provider** as the provider type. 4. Configure the provider with the following settings: diff --git a/website/integrations/services/awx-tower/index.md b/website/integrations/services/awx-tower/index.md index f254a8c00e..4952e78d80 100644 --- a/website/integrations/services/awx-tower/index.md +++ b/website/integrations/services/awx-tower/index.md @@ -31,7 +31,7 @@ To support the integration of AWX Tower with authentik, you need to create an ap ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. Take note of the **slug** as it will be required later. diff --git a/website/integrations/services/beszel/index.mdx b/website/integrations/services/beszel/index.mdx index f825170ff8..c107fb4953 100644 --- a/website/integrations/services/beszel/index.mdx +++ b/website/integrations/services/beszel/index.mdx @@ -29,7 +29,7 @@ This documentation lists only the settings that you need to change from their de The steps to configure authentik include creating an application and provider pair in authentik, obtaining the Client ID, Client Secret, and slug values, setting the redirect URI, and selecting a signing key. -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name (`Beszel`), a slug (`beszel`), an optional group for the type of application, the policy engine mode, and optional UI settings. diff --git a/website/integrations/services/bookstack/index.mdx b/website/integrations/services/bookstack/index.mdx index 8cda0b880d..49b1f4adc4 100644 --- a/website/integrations/services/bookstack/index.mdx +++ b/website/integrations/services/bookstack/index.mdx @@ -42,7 +42,7 @@ To support the integration of BookStack with authentik, you need to create an ap ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. @@ -81,7 +81,7 @@ To support the integration of BookStack with authentik, you need to create an ap ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. Take note of the **slug** as it will be required later. @@ -122,12 +122,12 @@ Once that's done, the next step is to update your `.env` file to include the fol +## Configuration verification + +To confirm that authentik is properly configured with BookStack, visit your BookStack installation, and click **Login with authentik**. + ## Resources - [BookStack Administrator Documentation for OpenID Connect](https://www.bookstackapp.com/docs/admin/oidc-auth/) - [Bookstack Administrator Documentation for SAML2](https://www.bookstackapp.com/docs/admin/saml2-auth/) - [PeerTube video detailing a setup with authentik (OpenID Connect)](https://foss.video/w/a744K8GxFF1LqBFSadAsuV) - -## Configuration verification - -To confirm that authentik is properly configured with BookStack, visit your BookStack installation, and click **Login with authentik**. diff --git a/website/integrations/services/budibase/index.md b/website/integrations/services/budibase/index.md index 5ce167f920..ecd733a74c 100644 --- a/website/integrations/services/budibase/index.md +++ b/website/integrations/services/budibase/index.md @@ -27,14 +27,14 @@ To support the integration of Budibase with authentik, you need to create an app ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. - **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type. - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - Note the **Client ID**,**Client Secret**, and **slug** values because they will be required later. - - Set a `Strict` redirect URI to https://budibase.company/api/global/auth/oidc/callback/. + - Set a `Strict` redirect URI to https://budibase.company/api/global/auth/oidc/callback. - Select any available signing key. - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page. @@ -50,10 +50,10 @@ From the main page of your Budibase installation, add the following values under - **Callback URL**: https://budibase.company/api/global/auth/oidc/callback/ - **Name**: authentik -## Resources - -- [Budibase official documentation on OpenID Connect](https://docs.budibase.com/docs/openid-connect) - ## Configuration verification To confirm that authentik is properly configured with Budibase, visit your Budibase installation, and click **Sign in with authentik**. + +## Resources + +- [Budibase official documentation on OpenID Connect](https://docs.budibase.com/docs/openid-connect) diff --git a/website/integrations/services/calibre-web/index.md b/website/integrations/services/calibre-web/index.md index 218cbe87ae..ac2224c0be 100644 --- a/website/integrations/services/calibre-web/index.md +++ b/website/integrations/services/calibre-web/index.md @@ -27,7 +27,7 @@ To support the integration of Calibre-Web with authentik, you need to create an ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. diff --git a/website/integrations/services/chronograf/index.mdx b/website/integrations/services/chronograf/index.mdx index 34adc13ab1..7ca172ee6d 100644 --- a/website/integrations/services/chronograf/index.mdx +++ b/website/integrations/services/chronograf/index.mdx @@ -26,9 +26,9 @@ To support the integration of Chronograf with authentik, you need to create an a ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) -3. Log in to authentik as an admin, and open the authentik Admin interface. +3. Log in to authentik as an administrator and open the authentik Admin interface. 4. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can create only an application, without a provider, by clicking **Create**.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. @@ -65,10 +65,10 @@ Refer to the [Chronograf configuration options documentation](https://docs.influ USE_ID_TOKEN=true ``` -## Resources - -- [Chronograf official documentation on OpenID Connect integration](https://docs.influxdata.com/chronograf/v1/administration/managing-security/#configure-chronograf-to-use-any-oauth-20-provider) - ## Configuration verification To confirm that authentik is properly configured with Chronograf, visit your Chronograf installation, and click **Log in with authentik**. + +## Resources + +- [Chronograf official documentation on OpenID Connect integration](https://docs.influxdata.com/chronograf/v1/administration/managing-security/#configure-chronograf-to-use-any-oauth-20-provider) diff --git a/website/integrations/services/cloudflare-access/index.md b/website/integrations/services/cloudflare-access/index.md index 7d5fa6086e..57a9f2e6c0 100644 --- a/website/integrations/services/cloudflare-access/index.md +++ b/website/integrations/services/cloudflare-access/index.md @@ -29,14 +29,14 @@ To support the integration of Cloudflare Access with authentik, you need to crea ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. - **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type. - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - Note the **Client ID**,**Client Secret**, and **slug** values because they will be required later. - - Set a `Strict` redirect URI to https://company.cloudflareaccess.com/cdn-cgi/access/callback/. + - Set a `Strict` redirect URI to https://company.cloudflareaccess.com/cdn-cgi/access/callback. - Select any available signing key. - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page. @@ -55,10 +55,10 @@ To support the integration of Cloudflare Access with authentik, you need to crea 4. Click **Save**. 5. Click **Test** to verify the login provider. -## Resources - -- [Cloudflare Access Generic OIDC documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/generic-oidc/) - ## Configuration verification To confirm that authentik is properly configured with Cloudflare Access, click the **Test** button found right next-to the **Save** button from the previous step. + +## Resources + +- [Cloudflare Access Generic OIDC documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/generic-oidc/) diff --git a/website/integrations/services/coder/index.md b/website/integrations/services/coder/index.md index dc0f8ac4b6..ab1e37c5d5 100644 --- a/website/integrations/services/coder/index.md +++ b/website/integrations/services/coder/index.md @@ -27,7 +27,7 @@ To support the integration of Coder with authentik, you need to create an applic ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. @@ -53,10 +53,10 @@ CODER_OIDC_SIGN_IN_TEXT=Log in with authentik CODER_OIDC_ICON_URL=https://authentik.company/static/dist/assets/icons/icon.png ``` -## Resources - -- [Coder OIDC authentication documentation](https://coder.com/docs/admin/users/oidc-auth/) - ## Configuration verification To confirm that authentik is properly configured with Coder, log out and attempt to log back in by clicking **Log in with authentik**. + +## Resources + +- [Coder OIDC authentication documentatiom](https://coder.com/docs/admin/users/oidc-auth/) diff --git a/website/integrations/services/dokuwiki/index.md b/website/integrations/services/dokuwiki/index.md index 4c37c493dd..85ded1fc56 100644 --- a/website/integrations/services/dokuwiki/index.md +++ b/website/integrations/services/dokuwiki/index.md @@ -27,7 +27,7 @@ To support the integration of DocuWiki with authentik, you need to create an app ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. @@ -75,11 +75,11 @@ For **oauthgeneric**: Once that is done, navigate to the **Authentication** sub-section of the **Administration** interface's **Configuration Settings** section and enable **oauth** under **Authentication backend**. +## Configuration verification + +To verify that authentik is correctly configured with DocuWiki, log out and log back in through authentik. You should notice a new button on the login page. + ## Resources - [DocuWiki OAuth plugin](https://www.dokuwiki.org/plugin:oauth) - [DocuWiki plugin for generic OAuth](https://www.dokuwiki.org/plugin:oauthgeneric) - -## Configuration verification - -To verify that authentik is correctly configured with DocuWiki, log out and log back in through authentik. You should notice a new button on the login page. diff --git a/website/integrations/services/drupal/index.md b/website/integrations/services/drupal/index.md index 4cb135db65..48cd57c3b5 100644 --- a/website/integrations/services/drupal/index.md +++ b/website/integrations/services/drupal/index.md @@ -32,7 +32,7 @@ To support the integration of Drupal with authentik, you need to create an appli ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. The **slug** will be used in URLs and should match the `drupal-slug` placeholder defined earlier. diff --git a/website/integrations/services/engomo/index.mdx b/website/integrations/services/engomo/index.mdx index 670f02754e..82524895ae 100644 --- a/website/integrations/services/engomo/index.mdx +++ b/website/integrations/services/engomo/index.mdx @@ -29,7 +29,7 @@ To support the integration of Engomo with authentik, you need to create an appli ### Create property mappings -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Customization** > **Property Mappings** and click **Create**. Create a **Scope Mapping** with the following settings: - **Name**: Set an appropriate name. - **Scope Name**: `profile` @@ -38,7 +38,7 @@ To support the integration of Engomo with authentik, you need to create an appli ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. diff --git a/website/integrations/services/espocrm/index.md b/website/integrations/services/espocrm/index.md index 9e7b74f614..0c8dc31ff7 100644 --- a/website/integrations/services/espocrm/index.md +++ b/website/integrations/services/espocrm/index.md @@ -31,7 +31,7 @@ To support the integration of EspoCRM with authentik, you need to create an appl ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. @@ -61,10 +61,10 @@ Configure the following fields: - **JSON Web Key Set Endpoint**: https://authentik.company/application/o/your-application-slug/jwks - **Logout URL**: https://authentik.company/application/o/your-application-slug/end_session -## Resources - -- [EspoCRM administrator documentation on OpenID Connect authentication](https://docs.espocrm.com/administration/oidc/) - ## Configuration verification To confirm that authentik is properly configured with EspoCRM, log out and log back in via authentik. Clicking the "Login" button on the homepage should redirect you to authentik. + +## Resources + +- [EspoCRM administrator documentation on OpenID Connect authentication](https://docs.espocrm.com/administration/oidc/) diff --git a/website/integrations/services/filerise/index.mdx b/website/integrations/services/filerise/index.mdx new file mode 100644 index 0000000000..192d6ab2eb --- /dev/null +++ b/website/integrations/services/filerise/index.mdx @@ -0,0 +1,56 @@ +--- +title: Integrate with FileRise +sidebar_label: FileRise +support_level: community +--- + +## What is FileRise + +> Lightweight, self-hosted web-based file manager with multi-file upload, editing, and batch operations. +> +> -- https://github.com/error311/FileRise + +## Preparation + +The following placeholders are used in this guide: + +- `filerise.company` is the FQDN of the FileRise installation. +- `authentik.company` is the FQDN of the authentik installation. + +:::note +This documentation lists only the settings that you need to change from their default values. Be aware that any changes other than those explicitly mentioned in this guide could cause issues accessing your application. +::: + +## authentik configuration + +To support the integration of FileRise with authentik, you need to create an application/provider pair in authentik. + +### Create an application and provider in authentik + +1. Log in to authentik as an administrator and open the authentik Admin interface. +2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) + + - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. + - **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type. + - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. + - Note the **Client ID**,**Client Secret**, and **slug** values because they will be required later. + - Set **Redirect URI** to `https://filerise.company/api/auth/auth.php?oidc=callback`. + - Select any available signing key. + - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page. + +3. Click **Submit** to save the new application and provider. + +## FileRise configuration + +1. Log in to FileRise as an administrator. +2. Click on your profile icon in the upper right corner, then select **Admin Panel**. +3. Open the **OIDC Configuration & TOTP** section and configure the following settings: + - **OIDC Provider URL**: `https://authentik.company/application/o//` + - **OIDC Client OpenID**: Client ID from authentik. + - **OIDC Client Secret**: Client Secret from authentik. + - **OIDC Redirect URI**: `https://filerise.company/api/auth/auth.php?oidc=callback` +4. Click **Save Settings**. + +## Configuration verification + +To confirm that authentik is properly configured with FileRise, log out and log back in using the **Login with OIDC** button. diff --git a/website/integrations/services/firezone/index.md b/website/integrations/services/firezone/index.md index aa3af1a707..e48fa62cbc 100644 --- a/website/integrations/services/firezone/index.md +++ b/website/integrations/services/firezone/index.md @@ -27,7 +27,7 @@ To support the integration of Firezone with authentik, you need to create an app ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. @@ -60,11 +60,11 @@ Set the following values in the Firezone UI: - **Redirect URI**: https://firezone.company/auth/oidc/authentik/callback/ - **Auth-create Users**: Turn this on +## Configuration verification + +To verify that authentik is correctly set up with Firezone, navigate to your Firezone installation and click **authentik**. A successful login should redirect you to the main page of your installation. + ## Resources - [Firezone administration documentation on OpenID Connect authentication](https://www.firezone.dev/docs/authenticate/oidc/) - [Firezone OIDC troubleshooting documentation](https://www.firezone.dev/docs/administer/troubleshoot/#re-enable-local-authentication-via-cli) - -## Configuration verification - -To verify that authentik is correctly set up with Firezone, navigate to your Firezone installation and click **authentik**. A successful login should redirect you to the main page of your installation. diff --git a/website/integrations/services/fortigate-admin/index.md b/website/integrations/services/fortigate-admin/index.md index 8c29b12503..3733ac32a7 100644 --- a/website/integrations/services/fortigate-admin/index.md +++ b/website/integrations/services/fortigate-admin/index.md @@ -27,7 +27,7 @@ To support the integration of FortiGate with authentik, you need to create an ap ### Create property mapping -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Customization** > **Property Mappings** and click **Create**. Create a **SAML Provider Property Mapping** with the following settings: - **Name**: Choose a descriptive name @@ -37,7 +37,7 @@ To support the integration of FortiGate with authentik, you need to create an ap ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. Take note of the **slug** as it will be required later. @@ -117,8 +117,8 @@ config system saml end ``` +## Configuration verification + ## Resources - [Offocial Fortigate documentation on SAML authentication](https://community.fortinet.com/t5/FortiGate/Technical-Tip-Configuring-SAML-SSO-login-for-FortiGate/ta-p/194656) - -## Configuration verification diff --git a/website/integrations/services/fortimanager/index.md b/website/integrations/services/fortimanager/index.md index 9d71eb6b2a..5985df33d8 100644 --- a/website/integrations/services/fortimanager/index.md +++ b/website/integrations/services/fortimanager/index.md @@ -27,7 +27,7 @@ To support the integration of FortiManager with authentik, you need to create an ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. @@ -53,10 +53,10 @@ To support the integration of FortiManager with authentik, you need to create an 9. Set the **IdP Logout URL** to: https://authentik.company/ 10. In the **IdP Certificate** field, import your authentik certificate (either self-signed or valid). -## Resources - -- [Community post on the Fortinet forum](https://community.fortinet.com/t5/FortiAnalyzer/Technical-Tip-Configure-SAML-SSO-login-with-Azure-AD/ta-p/198324) - ## Configuration verification To confirm that authentik is properly configured with FortiManager, log out and log back in via authentik. + +## Resources + +- [Community post on the Fortinet forum](https://community.fortinet.com/t5/FortiAnalyzer/Technical-Tip-Configure-SAML-SSO-login-with-Azure-AD/ta-p/198324) diff --git a/website/integrations/services/frappe/index.md b/website/integrations/services/frappe/index.md index 4bf64f7347..3cd046da1d 100644 --- a/website/integrations/services/frappe/index.md +++ b/website/integrations/services/frappe/index.md @@ -32,7 +32,7 @@ To support the integration of Frappe with authentik, you need to create an appli ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. @@ -90,10 +90,10 @@ To support the integration of Frappe with authentik, you need to create an appli 4. **Save the Configuration** - Click the black **Save** button in the top-right corner to complete the setup. -## Resources - -- [Frappe's official OpenID Connect guide](https://docs.frappe.io/framework/user/en/guides/integration/openid_connect_and_frappe_social_login) - ## Configuration verification To verify that authentik is correctly set up with Frappe, navigate to your Frappe installation and click **Login with Provider**. A successful login should redirect you to the main page of your installation. + +## Resources + +- [Frappe's official OpenID Connect guide](https://docs.frappe.io/framework/user/en/guides/integration/openid_connect_and_frappe_social_login) diff --git a/website/integrations/services/freshrss/index.mdx b/website/integrations/services/freshrss/index.mdx index 8745d8599f..8f99af3590 100644 --- a/website/integrations/services/freshrss/index.mdx +++ b/website/integrations/services/freshrss/index.mdx @@ -27,7 +27,7 @@ To support the integration of FreshRss with authentik, you need to create an app ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. @@ -63,11 +63,11 @@ To enable OIDC login with FreshRSS, update your `.env` file to include the follo Once your container or pod is restarted, attempt to login as a user that exists in both FreshRSS and authentik. Go to **Settings** -> **Authentication** and set the authentication method to **HTTP**. +## Configuration verification + +To verify that authentik is correctly set up with FreshRSS, log out of FreshRSS and try logging back in using authentik. You should see a new button on the login page for OIDC authentication. + ## Resources - [FreshRSS documentation for OpenID Connect](https://freshrss.github.io/FreshRSS/en/admins/16_OpenID-Connect.html). - [FreshRSS documentation for OIDC with authentik](https://freshrss.github.io/FreshRSS/en/admins/16_OpenID-Connect-Authentik.html) - -## Configuration verification - -To verify that authentik is correctly set up with FreshRSS, log out of FreshRSS and try logging back in using authentik. You should see a new button on the login page for OIDC authentication. diff --git a/website/integrations/services/gatus/index.mdx b/website/integrations/services/gatus/index.mdx index ea5ce2b0e1..3873f32b70 100644 --- a/website/integrations/services/gatus/index.mdx +++ b/website/integrations/services/gatus/index.mdx @@ -27,7 +27,7 @@ To support the integration of Gatus with authentik, you need to create an applic ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. @@ -63,10 +63,10 @@ Gatus automatically updates its configuration approximately every 30 seconds. If scopes: [openid] ``` -## Resources - -- [Gatus Security documentation for OpenID Connect](https://github.com/TwiN/gatus?tab=readme-ov-file#oidc) - ## Configuration verification To confirm that authentik is properly configured with Gatus, click the **Login with SSO** button found on the main page of your Gatus installation. A successful login should redirect you to your status page. + +## Resources + +- [Gatus Security documentation for OpenID Connect](https://github.com/TwiN/gatus?tab=readme-ov-file#oidc) diff --git a/website/integrations/services/gitea/index.md b/website/integrations/services/gitea/index.md index 1f793a3360..e26533eeaa 100644 --- a/website/integrations/services/gitea/index.md +++ b/website/integrations/services/gitea/index.md @@ -27,7 +27,7 @@ To support the integration of Gitea with authentik, you need to create an applic ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. @@ -42,7 +42,7 @@ To support the integration of Gitea with authentik, you need to create an applic ## Gitea configuration -1. Log in to Gitea as an admin, then click on your profile icon at the top right and select **Site Administration**. +1. Log in to Gitea as an administrator, then click on your profile icon at the top right and select **Site Administration**. 2. Select the **Authentication Sources** tab and then click on **Add Authentication Source**. 3. Set the following required configurations: - **Authentication Name**: `authentik` (This must match the name used in the **Redirect URI** in the previous section) @@ -89,7 +89,7 @@ You can add users to the groups at any point. #### Create custom property mapping -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Customization** > **Property Mappings** and click **Create**. Create a **Scope Mapping** with the following configurations: - **Name**: Choose a descriptive name (.e.g `authentik gitea OAuth Mapping: OpenID 'gitea'`) @@ -113,7 +113,7 @@ You can add users to the groups at any point. #### Add the custom property mapping to the Gitea provider -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Providers** and click on the **Edit** icon of the Gitea provider. 3. Under **Advanced protocol settings** > **Scopes** add the following scopes to **Selected Scopes**: @@ -193,10 +193,10 @@ gitea: scopes: "email profile" ``` -## Resources - -- [Official Gitea Documentation](https://docs.gitea.com/) - ## Configuration verification To verify that authentik is correctly set up with Gitea, log out and then log back in using the **Sign in with authentik** button. + +## Resources + +- [Official Gitea Documentation](https://docs.gitea.com/) diff --git a/website/integrations/services/github-enterprise-cloud/index.md b/website/integrations/services/github-enterprise-cloud/index.md index 1c5af7f1a5..5216343b1d 100644 --- a/website/integrations/services/github-enterprise-cloud/index.md +++ b/website/integrations/services/github-enterprise-cloud/index.md @@ -31,7 +31,7 @@ To support the integration of GitHub Enterprise Cloud with authentik, you need t ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. diff --git a/website/integrations/services/github-enterprise-emu/index.md b/website/integrations/services/github-enterprise-emu/index.md index 51685904d0..1ab3114051 100644 --- a/website/integrations/services/github-enterprise-emu/index.md +++ b/website/integrations/services/github-enterprise-emu/index.md @@ -43,7 +43,7 @@ GitHub will create usenames for your EMU users based on the SAML `NameID` proper ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. diff --git a/website/integrations/services/github-enterprise-server/index.md b/website/integrations/services/github-enterprise-server/index.md index d89300c8c2..df6997e038 100644 --- a/website/integrations/services/github-enterprise-server/index.md +++ b/website/integrations/services/github-enterprise-server/index.md @@ -33,7 +33,7 @@ In order to use GitHub Enterprise Server, SCIM must also be set up. ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. diff --git a/website/integrations/services/github-organization/index.md b/website/integrations/services/github-organization/index.md index bcbe6efb97..05127f0ec5 100644 --- a/website/integrations/services/github-organization/index.md +++ b/website/integrations/services/github-organization/index.md @@ -27,7 +27,7 @@ To support the integration of AWX Tower with authentik, you need to create an ap ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. Take note of the **slug** as it will be required later. diff --git a/website/integrations/services/gitlab/index.mdx b/website/integrations/services/gitlab/index.mdx index 222ee372fc..61bff8689f 100644 --- a/website/integrations/services/gitlab/index.mdx +++ b/website/integrations/services/gitlab/index.mdx @@ -104,7 +104,7 @@ To support the integration of GitLab with authentik, you need to create an appli ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. diff --git a/website/integrations/services/glitchtip/index.md b/website/integrations/services/glitchtip/index.md index f6c6ab8182..4316346eb2 100644 --- a/website/integrations/services/glitchtip/index.md +++ b/website/integrations/services/glitchtip/index.md @@ -27,7 +27,7 @@ To support the integration of Glitchtip with authentik, you need to create an ap ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. diff --git a/website/integrations/services/grafana/index.mdx b/website/integrations/services/grafana/index.mdx index 95cc53691c..5478055592 100644 --- a/website/integrations/services/grafana/index.mdx +++ b/website/integrations/services/grafana/index.mdx @@ -27,7 +27,7 @@ To support the integration of Grafana with authentik, you need to create an appl ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. diff --git a/website/integrations/services/gravitee/index.md b/website/integrations/services/gravitee/index.md index 39cbe2273a..124c7e7ced 100644 --- a/website/integrations/services/gravitee/index.md +++ b/website/integrations/services/gravitee/index.md @@ -29,7 +29,7 @@ To support the integration of Gravitee with authentik, you need to create an app ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. diff --git a/website/integrations/services/gravity/index.md b/website/integrations/services/gravity/index.md index 952632bf51..ae6a00a09b 100644 --- a/website/integrations/services/gravity/index.md +++ b/website/integrations/services/gravity/index.md @@ -31,7 +31,7 @@ To support the integration of Gravity with authentik, you need to create an appl ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: Provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. diff --git a/website/integrations/services/harbor/index.md b/website/integrations/services/harbor/index.md index 9765da4ad5..d90f47f807 100644 --- a/website/integrations/services/harbor/index.md +++ b/website/integrations/services/harbor/index.md @@ -27,7 +27,7 @@ To support the integration of Harbor with authentik, you need to create an appli ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. @@ -49,7 +49,7 @@ To support the integration of Harbor with authentik, you need to create an appli To support the integration of authentik with Harbor, you need to configure OIDC authentication. -1. Login to the Harbor dashboard as an admin. +1. Log in to the Harbor dashboard as an admin. 2. Navigate to **Configuration** and select the **Authentication** tab. 3. In the **Auth Mode** dropdown, select **OIDC** and provide the following required configurations. diff --git a/website/integrations/services/hashicorp-vault/index.md b/website/integrations/services/hashicorp-vault/index.md index dbae49bee2..e40c85545c 100644 --- a/website/integrations/services/hashicorp-vault/index.md +++ b/website/integrations/services/hashicorp-vault/index.md @@ -31,7 +31,7 @@ To support the integration of Hashicorp Vault with authentik, you need to create ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. diff --git a/website/integrations/services/hedgedoc/index.md b/website/integrations/services/hedgedoc/index.md index 05cff0b014..639c3a85a7 100644 --- a/website/integrations/services/hedgedoc/index.md +++ b/website/integrations/services/hedgedoc/index.md @@ -27,7 +27,7 @@ To support the integration of HedgeDoc with authentik, you need to create an app ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. diff --git a/website/integrations/services/homarr/index.md b/website/integrations/services/homarr/index.md index f907718d13..20dfdf67d0 100644 --- a/website/integrations/services/homarr/index.md +++ b/website/integrations/services/homarr/index.md @@ -27,7 +27,7 @@ To support the integration of Homarr with authentik, you need to create an appli ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. diff --git a/website/integrations/services/immich/index.md b/website/integrations/services/immich/index.md index 6a4227a545..33c75206ed 100644 --- a/website/integrations/services/immich/index.md +++ b/website/integrations/services/immich/index.md @@ -27,7 +27,7 @@ To support the integration of Immich with authentik, you need to create an appli ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. diff --git a/website/integrations/services/jenkins/index.md b/website/integrations/services/jenkins/index.md index bea4d21761..7164004c76 100644 --- a/website/integrations/services/jenkins/index.md +++ b/website/integrations/services/jenkins/index.md @@ -27,7 +27,7 @@ To support the integration of Jenkins with authentik, you need to create an appl ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. diff --git a/website/integrations/services/karakeep/index.md b/website/integrations/services/karakeep/index.md index 63f164120b..dfec6b3122 100644 --- a/website/integrations/services/karakeep/index.md +++ b/website/integrations/services/karakeep/index.md @@ -27,7 +27,7 @@ To support the integration of Karakeep with authentik, you need to create an app ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. diff --git a/website/integrations/services/kimai/index.md b/website/integrations/services/kimai/index.md index b48d850ea3..8ec58037b2 100644 --- a/website/integrations/services/kimai/index.md +++ b/website/integrations/services/kimai/index.md @@ -28,7 +28,7 @@ To support the integration of Kimai with authentik, you need to create an applic ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. Take note of the **slug** as it will be required later. diff --git a/website/integrations/services/knocknoc/index.md b/website/integrations/services/knocknoc/index.md index ceb63fc9ae..23fcf1f9d7 100644 --- a/website/integrations/services/knocknoc/index.md +++ b/website/integrations/services/knocknoc/index.md @@ -27,7 +27,7 @@ To support the integration of Knocknoc with authentik, you need to create an app ### Create property mappings in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Customization** > **Property Mappings** and click **Create** to create a property mapping. - **Select type**: Select **SAML Provider Property Mapping** as the type and click **Next**. @@ -72,7 +72,7 @@ This example will set session duration at 540 minutes. Change the value to match ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. diff --git a/website/integrations/services/komga/index.md b/website/integrations/services/komga/index.md index 65ded935f7..a5cb4b9e70 100644 --- a/website/integrations/services/komga/index.md +++ b/website/integrations/services/komga/index.md @@ -27,7 +27,7 @@ To support the integration of Komga with authentik, you need to create an applic ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. diff --git a/website/integrations/services/komodo/index.mdx b/website/integrations/services/komodo/index.mdx new file mode 100644 index 0000000000..3cb62d27bb --- /dev/null +++ b/website/integrations/services/komodo/index.mdx @@ -0,0 +1,75 @@ +--- +title: Integrate with Komodo +sidebar_label: Komodo +support_level: community +--- + +## What is Komodo + +> Komodo is a web-based application designed to organize and streamline the management of servers, builds, deployments, and automated tasks. +> +> -- https://komo.do/ + +## Preparation + +The following placeholders are used in this guide: + +- `komodo.company` is the FQDN of your Komodo installation. +- `authentik.company` is the FQDN of the authentik installation. + +:::note +This documentation lists only the settings that you need to change from their default values. Be aware that any changes other than those explicitly mentioned in this guide could cause issues accessing your application. +::: + +## authentik configuration + +To support the integration of Komodo with authentik, you need to create an application/provider pair in authentik. + +### Create an application and provider in authentik + +1. Log in to authentik as an administrator and open the authentik Admin interface. +2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) + + - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. + - **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type. + - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. + - Note the **Client ID** and **Client Secret** values because they will be required later. + - Set a `Strict` redirect URI to `https://komodo.company/auth/oidc/callback`. + - Select any available signing key. + - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page. + +3. Click **Submit** to save the new application and provider. + +## Komodo configuration + +### Setup OIDC connection + +1. Edit the following environment variables in your Komodo `compose.env` file, or if using a mounted config file, edit your `./komodo/core.config.toml` file: + +```yaml +KOMODO_OIDC_ENABLED=true +KOMODO_OIDC_PROVIDER=https://authentik.company/application/o/authorize +KOMODO_OIDC_CLIENT_ID= +KOMODO_OIDC_CLIENT_SECRET= +``` + +2. Redeploy Komodo for the changes to take effect. + +### User configuration + +Komodo doesn't currently have a method to provision OIDC users, therefore OIDC accounts need to be manually enabled after first login. Follow these steps to create and enable OIDC users in Komodo: + +1. Log in to Komodo via the OIDC button on the login page. +2. You will be redirected to authentik to login (if you are already logged in, you will be redirected to step 3). +3. You will be redirected back to Komodo, and receive an error message saying "User Not Enabled". +4. Log in to Komodo using a local administrator account. +5. In the sidebar click **Settings**, and under the **Users** section, click the name of your authentik user. The **User type** should be **OIDC**. +6. Click **Enable User**, and assign the desired pemissions. + +## Configuration verification + +To confirm that authentik is properly configured with Komodo, log out and attempt to log back in by clicking the OIDC button. You should be redirected to authentik to login, if successful you will be redirected to the Komodo dashboard. + +## Resources + +- [Komodo Docs - Advanced Configuration](https://komo.do/docs/setup/advanced) diff --git a/website/integrations/services/linkwarden/index.md b/website/integrations/services/linkwarden/index.md index cb5fea4fbe..10ecc8a628 100644 --- a/website/integrations/services/linkwarden/index.md +++ b/website/integrations/services/linkwarden/index.md @@ -27,7 +27,7 @@ To support the integration of Linkwarden with authentik, you need to create an a ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. diff --git a/website/integrations/services/mailcow/index.md b/website/integrations/services/mailcow/index.md index 4107a03ee6..1831feebc6 100644 --- a/website/integrations/services/mailcow/index.md +++ b/website/integrations/services/mailcow/index.md @@ -31,7 +31,7 @@ To support the integration of mailcow with authentik, you need to create an appl ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. diff --git a/website/integrations/services/mastodon/index.md b/website/integrations/services/mastodon/index.md index 4c97348e40..c7d1acf433 100644 --- a/website/integrations/services/mastodon/index.md +++ b/website/integrations/services/mastodon/index.md @@ -27,7 +27,7 @@ To support the integration of Mastodon with authentik, you need to create an app ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. diff --git a/website/integrations/services/matrix-synapse/index.md b/website/integrations/services/matrix-synapse/index.md index f8660a3347..a0d4c50e7b 100644 --- a/website/integrations/services/matrix-synapse/index.md +++ b/website/integrations/services/matrix-synapse/index.md @@ -27,7 +27,7 @@ To support the integration of Matrix Synapse with authentik, you need to create ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. diff --git a/website/integrations/services/mautic/index.md b/website/integrations/services/mautic/index.md index 2c2959455f..daebcc075e 100644 --- a/website/integrations/services/mautic/index.md +++ b/website/integrations/services/mautic/index.md @@ -41,7 +41,7 @@ To support the integration of Mautic with authentik, you need to create property Because Mautic requires a first name and last name attribute, create two [SAML provider property mappings](../../../docs/users-sources/sources/property-mappings): -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Customization** > **Property Mappings** and click **Create**: - **Name**: `SAML-FirstName-from-Name` - **SAML Attribute Name**: `FirstName` @@ -64,7 +64,7 @@ Because Mautic requires a first name and last name attribute, create two [SAML p ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. - **Choose a Provider**: select **SAML Provider** as the provider type. diff --git a/website/integrations/services/mealie/index.md b/website/integrations/services/mealie/index.md index 90d7037537..f0b0878948 100644 --- a/website/integrations/services/mealie/index.md +++ b/website/integrations/services/mealie/index.md @@ -27,7 +27,7 @@ To support the integration of Mealie with authentik, you need to create an appli ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. diff --git a/website/integrations/services/meshcentral/index.md b/website/integrations/services/meshcentral/index.md index f3c171eabc..2c66252975 100644 --- a/website/integrations/services/meshcentral/index.md +++ b/website/integrations/services/meshcentral/index.md @@ -27,7 +27,7 @@ To support the integration of MeshCentral with authentik, you need to create an ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. diff --git a/website/integrations/services/miniflux/index.md b/website/integrations/services/miniflux/index.md index 646c9a0d8d..9fd29b7ce7 100644 --- a/website/integrations/services/miniflux/index.md +++ b/website/integrations/services/miniflux/index.md @@ -27,7 +27,7 @@ To support the integration of Miniflux with authentik, you need to create an app ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name (e.g., `Miniflux`), an optional group for the type of application, the policy engine mode, and optional UI settings. diff --git a/website/integrations/services/minio/index.md b/website/integrations/services/minio/index.md index 4cdfd7fd70..35cb768ffc 100644 --- a/website/integrations/services/minio/index.md +++ b/website/integrations/services/minio/index.md @@ -31,7 +31,7 @@ To support the integration of MinIO with authentik, you need to create an applic ### Create property mappings -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Customization** > **Property Mappings** and click **Create**. Create a **Scope Mapping** with the following settings: - **Name**: Set an appropriate name @@ -64,7 +64,7 @@ You can assign multiple policies to a user by returning a list, and returning `N ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. diff --git a/website/integrations/services/mobilizon/index.md b/website/integrations/services/mobilizon/index.md index d2f941b178..c86e403e22 100644 --- a/website/integrations/services/mobilizon/index.md +++ b/website/integrations/services/mobilizon/index.md @@ -27,7 +27,7 @@ To support the integration of Mobilizon with authentik, you need to create an ap ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. diff --git a/website/integrations/services/netbird/index.md b/website/integrations/services/netbird/index.md index f2437aaee3..90436cb6e2 100644 --- a/website/integrations/services/netbird/index.md +++ b/website/integrations/services/netbird/index.md @@ -27,7 +27,7 @@ To support the integration of NetBird with authentik, you need to create an appl ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. @@ -57,7 +57,7 @@ If an access group is created for the Netbird application, the Netbird service a ### Set up a service account -1. Log into authentik as an admin, and open the authentik Admin interface. +1. Log into authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Directory** > **Users**, and click **Create a service account**. 3. Set the **Username** to `NetBird` and disable the **Create group** option. Click **Create** and take note of the **password**. @@ -65,13 +65,13 @@ If an access group is created for the Netbird application, the Netbird service a NetBird requires the service account to have full administrative access to the authentik instance. Follow these steps to make it an administrator. -1. Log into authentik as an admin, and open the authentik Admin interface. +1. Log into authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Directory** > **Groups**, and click **`authentik Admins`**. 3. On the top of the group configuration page, switch to the **Users** tab near the top of the page, then click **Add existing user**, and select the service account you just created. ### Create and apply a device token authentication flow -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Flows and Stages** > **Flows** and click **Create**. 3. Set the following required configurations: - **Name**: provide a name (e.g. `default-device-code-flow`) diff --git a/website/integrations/services/netbox/index.md b/website/integrations/services/netbox/index.md index b6ba279f20..af8a051977 100644 --- a/website/integrations/services/netbox/index.md +++ b/website/integrations/services/netbox/index.md @@ -27,7 +27,7 @@ To support the integration of NetBox with authentik, you need to create an appli ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. diff --git a/website/integrations/services/node-red/index.md b/website/integrations/services/node-red/index.md index 8dca448565..5d3e944175 100644 --- a/website/integrations/services/node-red/index.md +++ b/website/integrations/services/node-red/index.md @@ -33,7 +33,7 @@ To support the integration of Node-RED with authentik, you need to create an app ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. diff --git a/website/integrations/services/observium/index.md b/website/integrations/services/observium/index.md index f462e6fb8e..1cc2efef51 100644 --- a/website/integrations/services/observium/index.md +++ b/website/integrations/services/observium/index.md @@ -44,7 +44,7 @@ To support the integration of Observium with authentik, you need to create an ap ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. diff --git a/website/integrations/services/omni/index.md b/website/integrations/services/omni/index.md index 7a94ddb63c..a3df14a3f9 100644 --- a/website/integrations/services/omni/index.md +++ b/website/integrations/services/omni/index.md @@ -27,7 +27,7 @@ To support the integration of Omni with authentik, you need to create a property ### Create a Property Mapping, Application, and Provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Customization** > **Property Mappings** and click **Create** to create a property mapping. - **Choose a Property Mapping type**: Select SAML Provider Property Mapping as the property mapping type. diff --git a/website/integrations/services/open-webui/index.md b/website/integrations/services/open-webui/index.md index 1590d7fc62..5efd555a43 100644 --- a/website/integrations/services/open-webui/index.md +++ b/website/integrations/services/open-webui/index.md @@ -27,7 +27,7 @@ To support the integration of Open WebUI with authentik, you need to create an a ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. diff --git a/website/integrations/services/openproject/index.md b/website/integrations/services/openproject/index.md index ae2a3c3057..7b44ca1f54 100644 --- a/website/integrations/services/openproject/index.md +++ b/website/integrations/services/openproject/index.md @@ -29,7 +29,7 @@ To support the integration of OpenProject with authentik, you need to create a p OpenProject requires a first and last name for each user. By default authentik only provides a full name, as a single string value. Therefore you need to create a property mapping to provide first and last names to OpenProject. -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Customization** > **Property Mappings** and click **Create**. - **Select type**: select **Scope Mapping** as the property mapping type. @@ -53,7 +53,7 @@ OpenProject requires a first and last name for each user. By default authentik o ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. @@ -76,7 +76,7 @@ OpenProject requires a first and last name for each user. By default authentik o To support the integration of authentik with OpenProject, you need to configure authentication in the OpenProject administration interface. -1. Login to OpenProject as an admin, click on your profile icon at the top right and then **Administration**. +1. Login to OpenProject as an administrator, click on your profile icon at the top right and then **Administration**. 2. Navigate to **Authentication** > **OpenID providers**. 3. Provide a display name (e.g. `Authentik`) and click **Save**. 4. Click on **I have a discover endpoint URL** and enter: diff --git a/website/integrations/services/oracle-cloud/index.md b/website/integrations/services/oracle-cloud/index.md index 65cc7ff210..46fd8d1549 100644 --- a/website/integrations/services/oracle-cloud/index.md +++ b/website/integrations/services/oracle-cloud/index.md @@ -27,7 +27,7 @@ To support the integration of Oracle Cloud with authentik, you need to create an ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. diff --git a/website/integrations/services/outline/index.md b/website/integrations/services/outline/index.md index 6c36ab8cbf..6f48a6be03 100644 --- a/website/integrations/services/outline/index.md +++ b/website/integrations/services/outline/index.md @@ -28,7 +28,7 @@ To support the integration of Outline with authentik, you need to create an appl ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. diff --git a/website/integrations/services/owncloud/index.md b/website/integrations/services/owncloud/index.md index 631c4ec2fe..ef5bfd1f72 100644 --- a/website/integrations/services/owncloud/index.md +++ b/website/integrations/services/owncloud/index.md @@ -29,7 +29,7 @@ The configuration for each application is nearly identical, except for the **Cli ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) You will need to repeat the process four times: once each for the Desktop application, Web UI, Android application, and iOS application. - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. diff --git a/website/integrations/services/pangolin/index.mdx b/website/integrations/services/pangolin/index.mdx new file mode 100644 index 0000000000..80481c6e2c --- /dev/null +++ b/website/integrations/services/pangolin/index.mdx @@ -0,0 +1,73 @@ +--- +title: Integrate with Pangolin +sidebar_label: Pangolin +support_level: community +--- + +## What is Pangolin + +> Pangolin is a self-hosted tunneled reverse proxy server with identity and access control, designed to securely expose private resources on distributed networks. +> +> -- https://docs.fossorial.io/Pangolin/overview + +## Preparation + +The following placeholders are used in this guide: + +- `pangolin.company` is the FQDN of the Pangolin installation. +- `authentik.company` is the FQDN of the authentik installation. + +:::note +This documentation lists only the settings that you need to change from their default values. Be aware that any changes other than those explicitly mentioned in this guide could cause issues accessing your application. +::: + +## authentik configuration + +To support the integration of Pangolin with authentik, you need to create an application/provider pair in authentik. + +### Create an application and provider in authentik + +1. Log in to authentik as an administrator and open the authentik Admin interface. +2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) + + - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. + - **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type. + - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. + - Note the **Client ID**, and **Client Secret** values because they will be required later. + - Temporarily set **Redirect URI** to `https://temp.temp`. + - Select any available signing key. + - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page. + +3. Click **Submit** to save the new application and provider. + +## Pangolin configuration + +1. Log in to Pangolin as an administrator. +2. Navigate to **Server Admin** > **Identity Providers**, and click **Add Identity Provider**. + + - Under **General Information**: + - **Name**: `authentik` + - **Auto Provision Users** _(optional)_: enable this option for authentik users to be automatically provisioned in Pangolin on first login. + - Under **OAuth2/OIDC Configuration**: + - **Client ID**: Client ID from authentik. + - **Client Secret**: Client Secret from authentik. + - **Authorization URL**: `https://authentik.company/application/o/authorize/` + - **Token URL**: `https://authentik.company/application/o/token/` + +3. Click **Create Identity Provider**. +4. Under **General Information**, take note of the **Redirect URI** value because it will be required in the next section. + +## Reconfigure authentik provider + +1. Log in to authentik as an administrator, and open the authentik Admin interface. +2. Navigate to **Applications** > **Providers** and click the **Edit** icon of the newly created Pangolin provider. +3. Set the **Redirect URI** to the value taken from Pangolin (e.g. `https://pangolin.company/auth/idp//oidc/callback`). +4. Click **Update**. + +## Configuration verification + +To confirm that authentik is properly configured with Pangolin, log out and log back in via the **authentik** login button. + +## Resources + +- [Official Pangolin SSO Documentation](https://docs.fossorial.io/Pangolin/Identity%20Providers/configuring-identity-providers) diff --git a/website/integrations/services/paperless-ngx/index.mdx b/website/integrations/services/paperless-ngx/index.mdx index 941633c7c5..b05577e1a1 100644 --- a/website/integrations/services/paperless-ngx/index.mdx +++ b/website/integrations/services/paperless-ngx/index.mdx @@ -27,7 +27,7 @@ To support the integration of Paperless-ngx with authentik, you need to create a ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. diff --git a/website/integrations/services/pgadmin/index.md b/website/integrations/services/pgadmin/index.md index e0473f5d24..2637142dea 100644 --- a/website/integrations/services/pgadmin/index.md +++ b/website/integrations/services/pgadmin/index.md @@ -31,7 +31,7 @@ To support the integration of pgAdmin with authentik, you need to create an appl ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. diff --git a/website/integrations/services/plesk/index.md b/website/integrations/services/plesk/index.md index 11eeb5ef65..70d85de4d8 100644 --- a/website/integrations/services/plesk/index.md +++ b/website/integrations/services/plesk/index.md @@ -31,7 +31,7 @@ To support the integration of Plesk with authentik, you need to create an applic ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. diff --git a/website/integrations/services/pocketbase/index.md b/website/integrations/services/pocketbase/index.md index 9c5fec8143..3220335659 100644 --- a/website/integrations/services/pocketbase/index.md +++ b/website/integrations/services/pocketbase/index.md @@ -34,7 +34,7 @@ To support the integration of Pocketbase with authentik, you need to create an a ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. diff --git a/website/integrations/services/portainer/index.md b/website/integrations/services/portainer/index.md index 6b280b707c..e309f94fe9 100644 --- a/website/integrations/services/portainer/index.md +++ b/website/integrations/services/portainer/index.md @@ -31,7 +31,7 @@ To support the integration of Portainer with authentik, you need to create an ap ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. diff --git a/website/integrations/services/proxmox-ve/index.md b/website/integrations/services/proxmox-ve/index.md index 659190a278..024f8fba6d 100644 --- a/website/integrations/services/proxmox-ve/index.md +++ b/website/integrations/services/proxmox-ve/index.md @@ -31,7 +31,7 @@ To support the integration of Proxmox with authentik, you need to create an appl ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. diff --git a/website/integrations/services/push-security/index.mdx b/website/integrations/services/push-security/index.mdx index 20b006d18a..a7719de95f 100644 --- a/website/integrations/services/push-security/index.mdx +++ b/website/integrations/services/push-security/index.mdx @@ -60,7 +60,7 @@ Push Security requires separate first and last names for each user, but authenti ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. @@ -80,7 +80,7 @@ Push Security requires separate first and last names for each user, but authenti ### Download the signing certificate -1. Log into authentik as an administrator, and open the authentik Admin interface. +1. Log in to authentik as an administrator, and open the authentik Admin interface. 2. Navigate to **Applications** > **Providers** and click on the name of the newly created Push Security provider. 3. Click **Download** under **Download signing certificate**. The contents of this certificate will be required in the next section. diff --git a/website/integrations/services/rocketchat/index.md b/website/integrations/services/rocketchat/index.md index 7fc82976af..e9385e261e 100644 --- a/website/integrations/services/rocketchat/index.md +++ b/website/integrations/services/rocketchat/index.md @@ -31,7 +31,7 @@ To support the integration of Rocket.chat with authentik, you need to create an ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. diff --git a/website/integrations/services/roundcube/index.md b/website/integrations/services/roundcube/index.md index be7f22bf26..797c0bdd52 100644 --- a/website/integrations/services/roundcube/index.md +++ b/website/integrations/services/roundcube/index.md @@ -31,7 +31,7 @@ To support the integration of Roundcube with authentik, you need to create an ap ### Create property mappings -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Customization** > **Property Mappings** and click **Create**. Create a **Scope Mapping** with the following settings: - **Name**: Set an appropriate name. - **Scope Name**: `dovecotprofile` @@ -49,7 +49,7 @@ To support the integration of Roundcube with authentik, you need to create an ap ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. diff --git a/website/integrations/services/rustdesk-pro/index.mdx b/website/integrations/services/rustdesk-pro/index.mdx index 7cae0e0595..9b96454e07 100644 --- a/website/integrations/services/rustdesk-pro/index.mdx +++ b/website/integrations/services/rustdesk-pro/index.mdx @@ -31,7 +31,7 @@ To support the integration of Rustdesk Server Pro with authentik, you need to cr ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. diff --git a/website/integrations/services/semaphore/index.mdx b/website/integrations/services/semaphore/index.mdx index c5346a8289..aee1d9f989 100644 --- a/website/integrations/services/semaphore/index.mdx +++ b/website/integrations/services/semaphore/index.mdx @@ -29,7 +29,7 @@ To support the integration of Semaphore with authentik, you need to create an ap ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. diff --git a/website/integrations/services/slack/index.md b/website/integrations/services/slack/index.md index 25573dc899..5eeb8944e8 100644 --- a/website/integrations/services/slack/index.md +++ b/website/integrations/services/slack/index.md @@ -27,7 +27,7 @@ To support the integration of Slack with authentik, you need to create an applic ### Create property mappings -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Customization** > **Property Mappings** and click **Create**. Create two **SAML Provider Property Mapping**s with the following settings: - **Name Mapping:** - **Name**: Choose a descriptive name @@ -42,7 +42,7 @@ To support the integration of Slack with authentik, you need to create an applic ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. Take note of the **slug** as it will be required later. diff --git a/website/integrations/services/stripe/index.mdx b/website/integrations/services/stripe/index.mdx new file mode 100644 index 0000000000..f78c2739ea --- /dev/null +++ b/website/integrations/services/stripe/index.mdx @@ -0,0 +1,106 @@ +--- +title: Integrate with Stripe +sidebar_label: Stripe +support_level: community +--- + +## What is Stripe + +> Stripe is a financial infrastructure platform that enables businesses to accept online and in-person payments, embed financial services, and build custom revenue models. +> +> -- https://stripe.com + +## Preparation + +The following placeholders are used in this guide: + +- `authentik.company` is the FQDN of the authentik installation. + +:::note +This documentation lists only the settings that you need to change from their default values. Be aware that any changes other than those explicitly mentioned in this guide could cause issues accessing your application. +::: + +## authentik configuration + +To support the integration of Stripe with authentik, you need to create a group, a property mapping, and an application/provider pair in authentik. + +### Create a user group in authentik + +1. Log in to authentik as an administrator and open the authentik Admin interface. +2. Navigate to **Directory** > **Groups** and click **Create**. +3. Set a name for the group (e.g. `Stripe Admins`). +4. In the **Attributes** field enter: `stripe_role: admin`. Other account types are also supported, see the [Stripe SSO Documentation](https://docs.stripe.com/get-started/account/sso/other#configuring-your-identity-provider) +5. Click **Create**. +6. Then, click the name of the newly created group and navigate to the **Users** tab. +7. Click **Add existing user**, select the user that needs Wazuh admin access and click **Add**. + +### Create a property mapping in authentik + +1. Log in to authentik as an administrator and open the authentik Admin interface. +2. Navigate to **Customization** > **Property Mappings** and click **Create**. Then, create a **SAML Provider Property Mapping** using the following settings: + + - **Name**: `Stripe Role` + - **SAML Attribute Name**: `Stripe-Role-acct-` + - **Friendly Name**: Leave blank + - **Expression**: + + ```python + return request.user.group_attributes().get("stripe_role", "") + ``` + + :::note + To find your Stripe account ID, log in to your Stripe dashboard and navigate to **Settings** > **Account** > **Account details**. You'll find your account ID, which starts with `acct_`, displayed on the right-hand side. + ::: + +### Create an application and provider in authentik + +1. Log in to authentik as an administrator and open the authentik Admin interface. +2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) + + - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. + - **Choose a Provider type**: select **SAML Provider** as the provider type. + - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. + + - Set the **ACS URL** to `https://dashboard.stripe.com/login/saml/consume`. + - Set the **Audience** to `https://dashboard.stripe.com/saml/metadata`. + - Set the **Service Provider Binding** to `Post`. + - Under **Advanced protocol settings**: + - Set an available signing certificate. + - Add the previously created `Stripe Role` property mapping to **Selected User Property Mappings**. + - Set **NameID Property Mapping** to `authentik default SAML Mapping: Email`. + + - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page. + +3. Click **Submit** to save the new application and provider. + +### Download certificate file + +1. Log in to authentik as an administrator and open the authentik Admin interface. +2. Navigate to **Applications** > **Providers** and click on the name of the provider that you created in the previous section (e.g. `Provider for Stripe`). +3. Under **Related objects** > **Download signing certificate**, click on **Download**. This downloaded file is your `Certificate` file and it will be required in the next section. + +## Stripe configuration + +1. Log in to the [Stripe administrator user authentication page](https://dashboard.stripe.com/account/user_authentication) as an administrator. +2. Click on the **Settings** cogwheel, and navigate to **Team and security** > **Single sign-on (SSO)**. +3. Click **Add domain**, then input the domain that SSO users will use. For more information, see the [Stripe Proving Domain Owenership documentation](https://docs.stripe.com/get-started/account/sso/other#proving-domain-verification). +4. Once your domain is verified, click on the 3 dots next to the domain name, and click **Manage SSO Settings**. +5. Enter the following settings: + + - **Identity Provider URL**: `https://auth.domain.com/application/saml/stripe/sso/binding/redirect/` + - **Issuer ID**: `authentik` + - **Identity Provider Certificate**: Paste in the contents of your authentik signing certificate. + +6. Click **Continue**. +7. Enter the email address of an authentik user designated for testing the SSO configuration and click **Continue**. Ensure that the user belongs to the appropriate authentik group. After logging in on authentik, you will be redirected back to Stripe. +8. If the test is successful, click **Continue**. Otherwise, verify your configuration and try again. +9. Choose the **SSO Enforcement** setting. Selecting `Required` mandates that users use authentik to log in, whereas `Optional` allows users to choose between authentik and the standard Stripe login. +10. Click **Save**. + +## Configuration verification + +To verify that authentik is properly integrated with Stripe, first sign out of your account. Then, navigate to the [Stripe dashboard login page](https://dashboard.stripe.com/login) and then click **Sign in with SSO**. Enter an email address that’s provisioned for SSO, and click **Continue with SSO**. You will then be redirected to authentik for authentication before being sent back to the Stripe dashboard. + +## Resources + +- [Stripe documentation - Single sign-on with a SAML provider](https://docs.stripe.com/get-started/account/sso/other) diff --git a/website/integrations/services/synology-dsm/index.md b/website/integrations/services/synology-dsm/index.md index 0eedec9bc9..b3bbe29090 100644 --- a/website/integrations/services/synology-dsm/index.md +++ b/website/integrations/services/synology-dsm/index.md @@ -31,7 +31,7 @@ To support the integration of Synology DSM with authentik, you need to create an ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. diff --git a/website/integrations/services/tandoor/index.md b/website/integrations/services/tandoor/index.md index a3986979bf..0ae54bc863 100644 --- a/website/integrations/services/tandoor/index.md +++ b/website/integrations/services/tandoor/index.md @@ -27,7 +27,7 @@ To support the integration of Tandoor with authentik, you need to create an appl ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. diff --git a/website/integrations/services/terrakube/index.md b/website/integrations/services/terrakube/index.md index 81d5d775d2..54fbea8621 100644 --- a/website/integrations/services/terrakube/index.md +++ b/website/integrations/services/terrakube/index.md @@ -27,7 +27,7 @@ To support the integration of Terrakube with authentik, you need to create an ap ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. diff --git a/website/integrations/services/truecommand/index.md b/website/integrations/services/truecommand/index.md index 7b51ae5bbd..b0f24dcedc 100644 --- a/website/integrations/services/truecommand/index.md +++ b/website/integrations/services/truecommand/index.md @@ -31,7 +31,7 @@ To support the integration of TrueCommand with authentik, you need to create an ### Create property mappings -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Customization** > **Property Mappings** and click **Create**. Create create three or five **SAML Provider Property Mapping**s, depending on your setup, with the following settings: - **Username Mapping:** - **Name**: Choose a descriptive name @@ -61,7 +61,7 @@ To support the integration of TrueCommand with authentik, you need to create an ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. Take note of the **slug** as it will be required later. diff --git a/website/integrations/services/ubuntu-landscape/index.md b/website/integrations/services/ubuntu-landscape/index.md index 916f2e9ed1..a81f6c9bb6 100644 --- a/website/integrations/services/ubuntu-landscape/index.md +++ b/website/integrations/services/ubuntu-landscape/index.md @@ -33,7 +33,7 @@ To support the integration of Landscape with authentik, you need to create an ap ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. diff --git a/website/integrations/services/uptime-kuma/index.md b/website/integrations/services/uptime-kuma/index.md index 30f38a1b6c..86f73a6edb 100644 --- a/website/integrations/services/uptime-kuma/index.md +++ b/website/integrations/services/uptime-kuma/index.md @@ -29,7 +29,7 @@ To support the integration of Uptime Kuma with authentik, you need to create an ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. diff --git a/website/integrations/services/veeam-enterprise-manager/index.md b/website/integrations/services/veeam-enterprise-manager/index.md index f17f0a468a..1ad82df9e5 100644 --- a/website/integrations/services/veeam-enterprise-manager/index.md +++ b/website/integrations/services/veeam-enterprise-manager/index.md @@ -25,7 +25,7 @@ You will need an existing group or multiple in authentik to assign roles in Veea ## Veeam Enterprise Manager pre-configuration -Login to your Veeam Enterprise Manager. Navigate to the Configuration in the top-right. On the left sidebar, select Settings. Select the SAML Authentication tab. +Log in to your Veeam Enterprise Manager. Navigate to the Configuration in the top-right. On the left sidebar, select Settings. Select the SAML Authentication tab. Check the checkbox called "Enable SAML 2.0". Further down the site, click the "Download" button, to download the metadata. @@ -35,7 +35,7 @@ To support the integration of Veeam Enterprise Manage with authentik, you need t ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Providers** and click **Create** to create a provider. - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. Take note of the **slug** as it will be required later. diff --git a/website/integrations/services/vikunja/index.md b/website/integrations/services/vikunja/index.md index a36d3c7789..dbff2b68b0 100644 --- a/website/integrations/services/vikunja/index.md +++ b/website/integrations/services/vikunja/index.md @@ -32,7 +32,7 @@ To support the integration of Vikunja with authentik, you need to create an appl ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. diff --git a/website/integrations/services/vmware-vcenter/index.md b/website/integrations/services/vmware-vcenter/index.md index 53cfc73479..76132aea3d 100644 --- a/website/integrations/services/vmware-vcenter/index.md +++ b/website/integrations/services/vmware-vcenter/index.md @@ -29,7 +29,7 @@ To support the integration of vCenter with authentik, you need to create an appl ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. diff --git a/website/integrations/services/wazuh/index.mdx b/website/integrations/services/wazuh/index.mdx index 974ef6e957..4d32940d67 100644 --- a/website/integrations/services/wazuh/index.mdx +++ b/website/integrations/services/wazuh/index.mdx @@ -28,7 +28,7 @@ To support the integration of Wazuh with authentik, you need to create a group, ### Create a user group in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Directory** > **Groups** and click **Create**. 3. Set a name for the group (e.g. `wazuh-administrators`) and click **Create**. 4. Click the name of the newly created group and navigate to the **Users** tab. @@ -36,7 +36,7 @@ To support the integration of Wazuh with authentik, you need to create a group, ### Create a property mapping in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Customization** > **Property Mappings** and click **Create**. Create a **SAML Provider Property Mapping** with the following settings: - **Name**: Choose a descriptive name @@ -53,7 +53,7 @@ To support the integration of Wazuh with authentik, you need to create a group, ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name (e.g., `Wazuh`), an optional group for the type of application, the policy engine mode, and optional UI settings. @@ -71,7 +71,7 @@ To support the integration of Wazuh with authentik, you need to create a group, ### Download metadata file -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Providers** and click on the name of the provider that you created in the previous section (e.g. `Provider for wazuh`). 3. Under **Related objects** > **Metadata**, click on **Download**. This downloaded file is your `SAML Metadata` file and it will be required in the next section. diff --git a/website/integrations/services/weblate/index.md b/website/integrations/services/weblate/index.md index a8d80d629d..4baa39b2b2 100644 --- a/website/integrations/services/weblate/index.md +++ b/website/integrations/services/weblate/index.md @@ -28,7 +28,7 @@ To support the integration of Weblate with authentik, you need to create an appl ### Create property mappings -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Customization** > **Property Mappings** and click **Create**. Create four **SAML Provider Property Mapping**s with the following settings: - **Full Name Mapping:** - **Name**: Choose a descriptive name @@ -65,7 +65,7 @@ To support the integration of Weblate with authentik, you need to create an appl ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. Take note of the **slug** as it will be required later. diff --git a/website/integrations/services/wekan/index.mdx b/website/integrations/services/wekan/index.mdx index 4057046527..217f56b7b5 100644 --- a/website/integrations/services/wekan/index.mdx +++ b/website/integrations/services/wekan/index.mdx @@ -27,7 +27,7 @@ To support the integration of Wekan with authentik, you need to create an applic ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. diff --git a/website/integrations/services/whats-up-docker/index.md b/website/integrations/services/whats-up-docker/index.md index 34e82ded48..cd988863ef 100644 --- a/website/integrations/services/whats-up-docker/index.md +++ b/website/integrations/services/whats-up-docker/index.md @@ -27,7 +27,7 @@ To support the integration of What's Up Docker with authentik, you need to creat ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. diff --git a/website/integrations/services/wiki-js/index.md b/website/integrations/services/wiki-js/index.md index 86dca4d8d4..2aac3bada1 100644 --- a/website/integrations/services/wiki-js/index.md +++ b/website/integrations/services/wiki-js/index.md @@ -37,7 +37,7 @@ To support the integration of Wiki.js with authentik, you need to create an appl ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. diff --git a/website/integrations/services/wordpress/index.md b/website/integrations/services/wordpress/index.md index dd1a60b241..0b46114d1b 100644 --- a/website/integrations/services/wordpress/index.md +++ b/website/integrations/services/wordpress/index.md @@ -31,7 +31,7 @@ To support the integration of WordPress with authentik, you need to create an ap ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. diff --git a/website/integrations/services/writefreely/index.md b/website/integrations/services/writefreely/index.md index 51b633bc1e..54725dfbbb 100644 --- a/website/integrations/services/writefreely/index.md +++ b/website/integrations/services/writefreely/index.md @@ -31,7 +31,7 @@ To support the integration of Writefreely with authentik, you need to create an ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. diff --git a/website/integrations/services/xcreds/index.mdx b/website/integrations/services/xcreds/index.mdx index 6dbe93a8ee..d8388301fa 100644 --- a/website/integrations/services/xcreds/index.mdx +++ b/website/integrations/services/xcreds/index.mdx @@ -20,7 +20,7 @@ To support the integration of XCreds with authentik, you need to create an appli ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. @@ -34,7 +34,7 @@ To support the integration of XCreds with authentik, you need to create an appli ### Copy OpenID configuration URL -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Providers** and click on the name of the newly created XCreds provider. 3. Copy the **OpenID Configuration URL**. This will be required to configure XCreds in the next section. diff --git a/website/integrations/services/xen-orchestra/index.md b/website/integrations/services/xen-orchestra/index.md index 3d8892232f..3548061b55 100644 --- a/website/integrations/services/xen-orchestra/index.md +++ b/website/integrations/services/xen-orchestra/index.md @@ -32,7 +32,7 @@ To support the integration of Xen Orchestra with authentik, you need to create a ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. diff --git a/website/integrations/services/youtrack/index.md b/website/integrations/services/youtrack/index.md index a43efc6dd0..8d98e26887 100644 --- a/website/integrations/services/youtrack/index.md +++ b/website/integrations/services/youtrack/index.md @@ -27,7 +27,7 @@ To support the integration of YouTrack with authentik, you need to create an app ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. @@ -45,7 +45,7 @@ To support the integration of YouTrack with authentik, you need to create an app ### Get the certificate's SHA-256 fingerprint -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **System** > **Certificates**, expand the certificate chosen in the previous section, and take note of the **Certificate Fingerprint (SHA256)**. ## YouTrack configuration @@ -61,14 +61,14 @@ To support the integration of YouTrack with authentik, you need to create an app ### Update the authentik provider -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Providers** > **_application name_**, then click **Edit**. 3. Replace the placeholder value for the **ACS URL** with the value copied from the previous section. -## Resources - -- [YouTrack SAML 2.0 Auth Module Documentation](https://www.jetbrains.com/help/youtrack/server/saml-authentication-module.html) - ## Configuration verification To confirm that authentik is properly configured with YouTrack, log out and attempt to log back in. You should be redirected to authentik to complete authentication. + +## Resources + +- [YouTrack SAML 2.0 Auth Module Documentation](https://www.jetbrains.com/help/youtrack/server/saml-authentication-module.html) diff --git a/website/integrations/services/zabbix/index.md b/website/integrations/services/zabbix/index.md index 8ac882e343..4e2053c3fc 100644 --- a/website/integrations/services/zabbix/index.md +++ b/website/integrations/services/zabbix/index.md @@ -29,7 +29,7 @@ To support the integration of Zabbix with authentik, you need to create an appli ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. Take note of the **slug** as it will be required later. diff --git a/website/integrations/services/zammad/index.md b/website/integrations/services/zammad/index.md index dd6b1e9a3a..26d6edc0f2 100644 --- a/website/integrations/services/zammad/index.md +++ b/website/integrations/services/zammad/index.md @@ -26,24 +26,9 @@ This documentation lists only the settings that you need to change from their de To support the integration of Zammad with authentik, you need to create an application/provider pair in authentik. -### Create property mappings - -1. Log in to authentik as an admin, and open the authentik Admin interface. -2. Navigate to **Customization** > **Property Mappings** and click **Create**. Create two **SAML Provider Property Mapping**s with the following settings: - - **Name Mapping:** - - **Name**: Choose a descriptive name - - **SAML Attribute Name**: name - - **Friendly Name**: Leave blank - - **Expression**: return request.user.name - - **Email Mapping:** - - **Name**: Choose a descriptive name - - **SAML Attribute Name**: email - - **Friendly Name**: Leave blank - - **Expression**: return request.user.email - ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. Take note of the **slug** as it will be required later. @@ -53,21 +38,29 @@ To support the integration of Zammad with authentik, you need to create an appli - Set the **Issuer** to https://zammad.company/auth/saml/metadata. - Set the **Audience** to https://zammad.company/auth/saml/metadata. - Set the **Service Provider Binding** to `Post`. - - Under **Advanced protocol settings**, add the two **Property Mappings** you created in the previous section, then set the **NameID Property Mapping** to the name property mapping created in the previous section. + - Under **Advanced protocol settings**, select an available signing certificate. - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page. 3. Click **Submit** to save the new application and provider. -## zammad Setup +### Download certificate file -Configure Zammad SAML settings by going to settings (the gear icon), and selecting `Security -> Third-party Applications` and activate `Authentication via SAML` and change the following fields: +1. Log in to authentik as an administrator, and open the authentik Admin interface. +2. Navigate to **Applications** > **Providers** and click on the name of the provider that you created in the previous section (e.g. `Provider for zammad`). +3. Under **Related objects** > **Download signing certificate **, click on **Download**. This downloaded file is your certificate file and it will be required in the next section. -- Display name: authentik -- IDP SSO target URL: https://authentik.company/application/saml/zammad/sso/binding/init/ -- IDP single logout target URL: https://zammad.company/auth/saml/slo -- IDP certificate: ----BEGIN CERTIFICATE---- … -- IDP certificate fingerprint: empty -- Name Identifier Format: empty +## Zammad configuration + +To configure the Zammad SAML options go to **Settings** (the gear icon) and select **Security** > **Third-party Applications**. Next, activate the **Authentication via SAML** toggle and change the following fields: + + - **Display name**: authentik + - **IDP SSO target URL**: `https://authentik.company/application/saml//sso/binding/post/` + - **IDP single logout target URL**: `https://authentik.company/application/saml//slo/binding/redirect/` + +- **IDP Certificate**: paste the contents of your certificate file. +- **IDP certificate fingerprint**: Leave this empty. +- **Name Identifier Format**: `urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress` +- **Automatic account link on initial logon**: Enable this to automatically create Zammad users when they sign in using authentik for the first time. ## Additional Resources diff --git a/website/integrations/services/zipline/index.md b/website/integrations/services/zipline/index.md index dc3cac2dd7..8835bdacec 100644 --- a/website/integrations/services/zipline/index.md +++ b/website/integrations/services/zipline/index.md @@ -31,7 +31,7 @@ To support the integration of Zipline with authentik, you need to create an appl ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: Provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. diff --git a/website/integrations/services/zulip/index.md b/website/integrations/services/zulip/index.md index b5dcac5ba0..7b7a9c3b79 100644 --- a/website/integrations/services/zulip/index.md +++ b/website/integrations/services/zulip/index.md @@ -27,7 +27,7 @@ To support the integration of Zulip with authentik, you need to create an applic ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. Take note of the **slug** as it will be required later. diff --git a/website/integrations/template/service.md b/website/integrations/template/service.md index 7ccbe3e36b..3a7d14eb9a 100644 --- a/website/integrations/template/service.md +++ b/website/integrations/template/service.md @@ -29,7 +29,7 @@ _Any specific info about this integration can go here._ ### Create an application and provider in authentik -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log in to authentik as an administrator and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. @@ -43,7 +43,7 @@ _Any specific info about this integration can go here._ ## Service configuration -Insert Service configuration +Insert service configuration 1. Write first step here... diff --git a/website/package-lock.json b/website/package-lock.json index 8dea17533d..01cb83fbc9 100644 --- a/website/package-lock.json +++ b/website/package-lock.json @@ -22,7 +22,7 @@ "clsx": "^2.1.1", "docusaurus-plugin-openapi-docs": "^4.4.0", "docusaurus-theme-openapi-docs": "^4.4.0", - "postcss": "^8.5.3", + "postcss": "^8.5.4", "prism-react-renderer": "^2.4.1", "react": "^18.3.1", "react-before-after-slider-component": "^1.1.8", @@ -41,7 +41,7 @@ "@goauthentik/tsconfig": "^1.0.4", "@trivago/prettier-plugin-sort-imports": "^5.2.2", "@types/lodash": "^4.17.17", - "@types/node": "^22.15.21", + "@types/node": "^22.15.29", "@types/postman-collection": "^3.5.11", "@types/react": "^18.3.22", "@types/semver": "^7.7.0", @@ -6614,9 +6614,9 @@ "license": "MIT" }, "node_modules/@types/node": { - "version": "22.15.21", - "resolved": "https://registry.npmjs.org/@types/node/-/node-22.15.21.tgz", - "integrity": "sha512-EV/37Td6c+MgKAbkcLG6vqZ2zEYHD7bvSrzqqs2RIhbA6w3x+Dqz8MZM3sP6kGTeLrdoOgKZe+Xja7tUB2DNkQ==", + "version": "22.15.29", + "resolved": "https://registry.npmjs.org/@types/node/-/node-22.15.29.tgz", + "integrity": "sha512-LNdjOkUDlU1RZb8e1kOIUpN1qQUlzGkEtbVNo53vbrwDg5om6oduhm4SiUaPW5ASTXhAiP0jInWG8Qx9fVlOeQ==", "license": "MIT", "dependencies": { "undici-types": "~6.21.0" @@ -19155,15 +19155,16 @@ } }, "node_modules/nanoid": { - "version": "3.3.8", - "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.8.tgz", - "integrity": "sha512-WNLf5Sd8oZxOm+TzppcYk8gVOgP+l58xNy58D0nbUnOxOWRWvlcCV4kUF7ltmI6PsrLl/BgKEyS4mqsGChFN0w==", + "version": "3.3.11", + "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.11.tgz", + "integrity": "sha512-N8SpfPUnUp1bK+PMYW8qSWdl9U+wwNWI4QKxOYDy9JAro3WMX7p2OeVRF9v+347pnakNevPmiHhNmZ2HbFA76w==", "funding": [ { "type": "github", "url": "https://github.com/sponsors/ai" } ], + "license": "MIT", "bin": { "nanoid": "bin/nanoid.cjs" }, @@ -20629,9 +20630,9 @@ } }, "node_modules/postcss": { - "version": "8.5.3", - "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.3.tgz", - "integrity": "sha512-dle9A3yYxlBSrt8Fu+IpjGT8SY8hN0mlaA6GY8t0P5PjIOZemULz/E2Bnm/2dcUOena75OTNkHI76uZBNUUq3A==", + "version": "8.5.4", + "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.4.tgz", + "integrity": "sha512-QSa9EBe+uwlGTFmHsPKokv3B/oEMQZxfqW0QqNCyhpa6mB1afzulwn8hihglqAb2pOw+BJgNlmXQ8la2VeHB7w==", "funding": [ { "type": "opencollective", @@ -20648,7 +20649,7 @@ ], "license": "MIT", "dependencies": { - "nanoid": "^3.3.8", + "nanoid": "^3.3.11", "picocolors": "^1.1.1", "source-map-js": "^1.2.1" }, diff --git a/website/package.json b/website/package.json index 8fc85479fa..a925224ad4 100644 --- a/website/package.json +++ b/website/package.json @@ -37,7 +37,7 @@ "clsx": "^2.1.1", "docusaurus-plugin-openapi-docs": "^4.4.0", "docusaurus-theme-openapi-docs": "^4.4.0", - "postcss": "^8.5.3", + "postcss": "^8.5.4", "prism-react-renderer": "^2.4.1", "react": "^18.3.1", "react-before-after-slider-component": "^1.1.8", @@ -56,7 +56,7 @@ "@goauthentik/tsconfig": "^1.0.4", "@trivago/prettier-plugin-sort-imports": "^5.2.2", "@types/lodash": "^4.17.17", - "@types/node": "^22.15.21", + "@types/node": "^22.15.29", "@types/postman-collection": "^3.5.11", "@types/react": "^18.3.22", "@types/semver": "^7.7.0", diff --git a/website/sidebars/docs.mjs b/website/sidebars/docs.mjs index 433d0ba749..0b5253bd37 100644 --- a/website/sidebars/docs.mjs +++ b/website/sidebars/docs.mjs @@ -301,18 +301,19 @@ const items = [ }, items: [ "add-secure-apps/flows-stages/stages/authenticator_duo/index", - "add-secure-apps/flows-stages/stages/authenticator_endpoint_gdtc/index", "add-secure-apps/flows-stages/stages/authenticator_email/index", + "add-secure-apps/flows-stages/stages/authenticator_endpoint_gdtc/index", "add-secure-apps/flows-stages/stages/authenticator_sms/index", "add-secure-apps/flows-stages/stages/authenticator_static/index", "add-secure-apps/flows-stages/stages/authenticator_totp/index", - "add-secure-apps/flows-stages/stages/authenticator_webauthn/index", "add-secure-apps/flows-stages/stages/authenticator_validate/index", + "add-secure-apps/flows-stages/stages/authenticator_webauthn/index", "add-secure-apps/flows-stages/stages/captcha/index", "add-secure-apps/flows-stages/stages/deny", "add-secure-apps/flows-stages/stages/email/index", "add-secure-apps/flows-stages/stages/identification/index", "add-secure-apps/flows-stages/stages/invitation/index", + "add-secure-apps/flows-stages/stages/mtls/index", "add-secure-apps/flows-stages/stages/password/index", "add-secure-apps/flows-stages/stages/prompt/index", "add-secure-apps/flows-stages/stages/redirect/index", diff --git a/website/sidebars/integrations.mjs b/website/sidebars/integrations.mjs index 7bbb75e6d1..d60e5832f9 100644 --- a/website/sidebars/integrations.mjs +++ b/website/sidebars/integrations.mjs @@ -86,6 +86,7 @@ const items = [ "services/hashicorp-vault/index", "services/jenkins/index", "services/knocknoc/index", + "services/komodo/index", "services/meshcentral/index", "services/minio/index", "services/netbox/index", @@ -122,6 +123,7 @@ const items = [ "services/gravity/index", "services/netbird/index", "services/opnsense/index", + "services/pangolin/index", "services/pfsense/index", ], }, @@ -133,6 +135,7 @@ const items = [ "services/adventurelog/index", "services/calibre-web/index", "services/engomo/index", + "services/filerise/index", "services/frappe/index", "services/freshrss/index", "services/gravitee/index", @@ -181,6 +184,7 @@ const items = [ "services/budibase/index", "services/drupal/index", "services/pocketbase/index", + "services/stripe/index", "services/wordpress/index", ], },