security: fix CVE 2022 46145 (#4140)

* add flow authentication requirement Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add website for cve Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * flows: handle FlowNonApplicableException without policy result Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add release notes Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-02 16:14:25 +01:00
parent 860c85d012
commit db95dfe38d
30 changed files with 215 additions and 8 deletions
--- a/blueprints/default/20-flow-default-authenticator-static-setup.yaml
+++ b/blueprints/default/20-flow-default-authenticator-static-setup.yaml
@ -6,6 +6,7 @@ entries:
    designation: stage_configuration
    name: default-authenticator-static-setup
    title: Setup Static OTP Tokens
+    authentication: require_authenticated
  identifiers:
    slug: default-authenticator-static-setup
  model: authentik_flows.flow