habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'main' into web/bug/fix-wdio-and-lint

Browse Source 
* main:
  website: update release notes for 2024.8.3 and 2024.6.5 (#11541)
  website/docs: added a Docs banner to announce new docs structure (#11525)
  security: fix CVE-2024-47070 (#11536)
  security: fix CVE-2024-47077 (#11535)
  sources/ldap: fix ms_ad userAccountControl not checking for lockout (#11532)
  web: Fix missing integrity fields in package-lock.json (#11509)
  core, web: update translations (#11527)
  core: bump ruff from 0.6.7 to 0.6.8 (#11528)
  web: bump the wdio group across 2 directories with 3 updates (#11529)
  web: bump @patternfly/elements from 4.0.1 to 4.0.2 in /web (#11530)
  web: bump @types/node from 22.7.2 to 22.7.3 in /web (#11531)
This commit is contained in:
Ken Sternberg
2024-09-27 07:50:30 -07:00
parent 705f096e3f 384ca87aad
commit e71e875056
22 changed files with 3448 additions and 212 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
authentik/lib/tests/test_http.py
View File

@ -30,6 +30,11 @@ class TestHTTP(TestCase):
request = self.factory.get("/", HTTP_X_FORWARDED_FOR="127.0.0.2")
self.assertEqual(ClientIPMiddleware.get_client_ip(request), "127.0.0.2")
def test_forward_for_invalid(self):
"""Test invalid forward for"""
request = self.factory.get("/", HTTP_X_FORWARDED_FOR="foobar")
self.assertEqual(ClientIPMiddleware.get_client_ip(request), ClientIPMiddleware.default_ip)
def test_fake_outpost(self):
"""Test faked IP which is overridden by an outpost"""
token = Token.objects.create(
@ -53,6 +58,17 @@ class TestHTTP(TestCase):
},
)
self.assertEqual(ClientIPMiddleware.get_client_ip(request), "127.0.0.1")
# Invalid, not a real IP
self.user.type = UserTypes.INTERNAL_SERVICE_ACCOUNT
self.user.save()
request = self.factory.get(
"/",
**{
ClientIPMiddleware.outpost_remote_ip_header: "foobar",
ClientIPMiddleware.outpost_token_header: token.key,
},
)
self.assertEqual(ClientIPMiddleware.get_client_ip(request), "127.0.0.1")
# Valid
self.user.type = UserTypes.INTERNAL_SERVICE_ACCOUNT
self.user.save()

36
authentik/providers/oauth2/tests/test_introspect.py
View File

@ -29,7 +29,6 @@ class TesOAuth2Introspection(OAuthTestCase):
self.app = Application.objects.create(
name=generate_id(), slug=generate_id(), provider=self.provider
)
self.app.save()
self.user = create_test_admin_user()
self.auth = b64encode(
f"{self.provider.client_id}:{self.provider.client_secret}".encode()
@ -114,6 +113,41 @@ class TesOAuth2Introspection(OAuthTestCase):
},
)
def test_introspect_invalid_provider(self):
"""Test introspection (mismatched provider and token)"""
provider: OAuth2Provider = OAuth2Provider.objects.create(
name=generate_id(),
authorization_flow=create_test_flow(),
redirect_uris="",
signing_key=create_test_cert(),
)
auth = b64encode(f"{provider.client_id}:{provider.client_secret}".encode()).decode()
token: AccessToken = AccessToken.objects.create(
provider=self.provider,
user=self.user,
token=generate_id(),
auth_time=timezone.now(),
_scope="openid user profile",
_id_token=json.dumps(
asdict(
IDToken("foo", "bar"),
)
),
)
res = self.client.post(
reverse("authentik_providers_oauth2:token-introspection"),
HTTP_AUTHORIZATION=f"Basic {auth}",
data={"token": token.token},
)
self.assertEqual(res.status_code, 200)
self.assertJSONEqual(
res.content.decode(),
{
"active": False,
},
)
def test_introspect_invalid_auth(self):
"""Test introspect (invalid auth)"""
res = self.client.post(

4
authentik/providers/oauth2/views/introspection.py
View File

@ -46,10 +46,10 @@ class TokenIntrospectionParams:
if not provider:
raise TokenIntrospectionError
access_token = AccessToken.objects.filter(token=raw_token).first()
access_token = AccessToken.objects.filter(token=raw_token, provider=provider).first()
if access_token:
return TokenIntrospectionParams(access_token, provider)
refresh_token = RefreshToken.objects.filter(token=raw_token).first()
refresh_token = RefreshToken.objects.filter(token=raw_token, provider=provider).first()
if refresh_token:
return TokenIntrospectionParams(refresh_token, provider)
LOGGER.debug("Token does not exist", token=raw_token)

23
authentik/root/middleware.py
View File

@ -2,6 +2,7 @@
from collections.abc import Callable
from hashlib import sha512
from ipaddress import ip_address
from time import perf_counter, time
from typing import Any
@ -174,6 +175,7 @@ class ClientIPMiddleware:
def __init__(self, get_response: Callable[[HttpRequest], HttpResponse]):
self.get_response = get_response
self.logger = get_logger().bind()
def _get_client_ip_from_meta(self, meta: dict[str, Any]) -> str:
"""Attempt to get the client's IP by checking common HTTP Headers.
@ -185,11 +187,16 @@ class ClientIPMiddleware:
"HTTP_X_FORWARDED_FOR",
"REMOTE_ADDR",
)
for _header in headers:
if _header in meta:
ips: list[str] = meta.get(_header).split(",")
return ips[0].strip()
return self.default_ip
try:
for _header in headers:
if _header in meta:
ips: list[str] = meta.get(_header).split(",")
# Ensure the IP parses as a valid IP
return str(ip_address(ips[0].strip()))
return self.default_ip
except ValueError as exc:
self.logger.debug("Invalid remote IP", exc=exc)
return self.default_ip
# FIXME: this should probably not be in `root` but rather in a middleware in `outposts`
# but for now it's fine
@ -226,7 +233,11 @@ class ClientIPMiddleware:
Scope.get_isolation_scope().set_user(sentry_user)
# Set the outpost service account on the request
setattr(request, self.request_attr_outpost_user, user)
return delegated_ip
try:
return str(ip_address(delegated_ip))
except ValueError as exc:
self.logger.debug("Invalid remote IP from Outpost", exc=exc)
return None
def _get_client_ip(self, request: HttpRequest | None) -> str:
"""Attempt to get the client's IP by checking common HTTP Headers.

4
authentik/sources/ldap/sync/vendor/ms_ad.py vendored
View File

@ -78,7 +78,9 @@ class MicrosoftActiveDirectory(BaseLDAPSynchronizer):
# /useraccountcontrol-manipulate-account-properties
uac_bit = attributes.get("userAccountControl", 512)
uac = UserAccountControl(uac_bit)
is_active = UserAccountControl.ACCOUNTDISABLE not in uac
is_active = (
UserAccountControl.ACCOUNTDISABLE not in uac and UserAccountControl.LOCKOUT not in uac
)
if is_active != user.is_active:
user.is_active = is_active
user.save()

2
blueprints/default/flow-default-authentication-flow.yaml
View File

@ -82,3 +82,5 @@ entries:
order: 10
target: !KeyOf default-authentication-flow-password-binding
policy: !KeyOf default-authentication-flow-password-optional
attrs:
failure_result: true

38
poetry.lock generated
View File

@ -4210,29 +4210,29 @@ pyasn1 = ">=0.1.3"
[[package]]
name = "ruff"
version = "0.6.7"
version = "0.6.8"
description = "An extremely fast Python linter and code formatter, written in Rust."
optional = false
python-versions = ">=3.7"
files = [
{file = "ruff-0.6.7-py3-none-linux_armv6l.whl", hash = "sha256:08277b217534bfdcc2e1377f7f933e1c7957453e8a79764d004e44c40db923f2"},
{file = "ruff-0.6.7-py3-none-macosx_10_12_x86_64.whl", hash = "sha256:c6707a32e03b791f4448dc0dce24b636cbcdee4dd5607adc24e5ee73fd86c00a"},
{file = "ruff-0.6.7-py3-none-macosx_11_0_arm64.whl", hash = "sha256:533d66b7774ef224e7cf91506a7dafcc9e8ec7c059263ec46629e54e7b1f90ab"},
{file = "ruff-0.6.7-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:17a86aac6f915932d259f7bec79173e356165518859f94649d8c50b81ff087e9"},
{file = "ruff-0.6.7-py3-none-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:b3f8822defd260ae2460ea3832b24d37d203c3577f48b055590a426a722d50ef"},
{file = "ruff-0.6.7-py3-none-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:9ba4efe5c6dbbb58be58dd83feedb83b5e95c00091bf09987b4baf510fee5c99"},
{file = "ruff-0.6.7-py3-none-manylinux_2_17_ppc64.manylinux2014_ppc64.whl", hash = "sha256:525201b77f94d2b54868f0cbe5edc018e64c22563da6c5c2e5c107a4e85c1c0d"},
{file = "ruff-0.6.7-py3-none-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:8854450839f339e1049fdbe15d875384242b8e85d5c6947bb2faad33c651020b"},
{file = "ruff-0.6.7-py3-none-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:2f0b62056246234d59cbf2ea66e84812dc9ec4540518e37553513392c171cb18"},
{file = "ruff-0.6.7-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:6b1462fa56c832dc0cea5b4041cfc9c97813505d11cce74ebc6d1aae068de36b"},
{file = "ruff-0.6.7-py3-none-musllinux_1_2_aarch64.whl", hash = "sha256:02b083770e4cdb1495ed313f5694c62808e71764ec6ee5db84eedd82fd32d8f5"},
{file = "ruff-0.6.7-py3-none-musllinux_1_2_armv7l.whl", hash = "sha256:0c05fd37013de36dfa883a3854fae57b3113aaa8abf5dea79202675991d48624"},
{file = "ruff-0.6.7-py3-none-musllinux_1_2_i686.whl", hash = "sha256:f49c9caa28d9bbfac4a637ae10327b3db00f47d038f3fbb2195c4d682e925b14"},
{file = "ruff-0.6.7-py3-none-musllinux_1_2_x86_64.whl", hash = "sha256:a0e1655868164e114ba43a908fd2d64a271a23660195017c17691fb6355d59bb"},
{file = "ruff-0.6.7-py3-none-win32.whl", hash = "sha256:a939ca435b49f6966a7dd64b765c9df16f1faed0ca3b6f16acdf7731969deb35"},
{file = "ruff-0.6.7-py3-none-win_amd64.whl", hash = "sha256:590445eec5653f36248584579c06252ad2e110a5d1f32db5420de35fb0e1c977"},
{file = "ruff-0.6.7-py3-none-win_arm64.whl", hash = "sha256:b28f0d5e2f771c1fe3c7a45d3f53916fc74a480698c4b5731f0bea61e52137c8"},
{file = "ruff-0.6.7.tar.gz", hash = "sha256:44e52129d82266fa59b587e2cd74def5637b730a69c4542525dfdecfaae38bd5"},
{file = "ruff-0.6.8-py3-none-linux_armv6l.whl", hash = "sha256:77944bca110ff0a43b768f05a529fecd0706aac7bcce36d7f1eeb4cbfca5f0f2"},
{file = "ruff-0.6.8-py3-none-macosx_10_12_x86_64.whl", hash = "sha256:27b87e1801e786cd6ede4ada3faa5e254ce774de835e6723fd94551464c56b8c"},
{file = "ruff-0.6.8-py3-none-macosx_11_0_arm64.whl", hash = "sha256:cd48f945da2a6334f1793d7f701725a76ba93bf3d73c36f6b21fb04d5338dcf5"},
{file = "ruff-0.6.8-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:677e03c00f37c66cea033274295a983c7c546edea5043d0c798833adf4cf4c6f"},
{file = "ruff-0.6.8-py3-none-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:9f1476236b3eacfacfc0f66aa9e6cd39f2a624cb73ea99189556015f27c0bdeb"},
{file = "ruff-0.6.8-py3-none-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:6f5a2f17c7d32991169195d52a04c95b256378bbf0de8cb98478351eb70d526f"},
{file = "ruff-0.6.8-py3-none-manylinux_2_17_ppc64.manylinux2014_ppc64.whl", hash = "sha256:5fd0d4b7b1457c49e435ee1e437900ced9b35cb8dc5178921dfb7d98d65a08d0"},
{file = "ruff-0.6.8-py3-none-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:f8034b19b993e9601f2ddf2c517451e17a6ab5cdb1c13fdff50c1442a7171d87"},
{file = "ruff-0.6.8-py3-none-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:6cfb227b932ba8ef6e56c9f875d987973cd5e35bc5d05f5abf045af78ad8e098"},
{file = "ruff-0.6.8-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:6ef0411eccfc3909269fed47c61ffebdcb84a04504bafa6b6df9b85c27e813b0"},
{file = "ruff-0.6.8-py3-none-musllinux_1_2_aarch64.whl", hash = "sha256:007dee844738c3d2e6c24ab5bc7d43c99ba3e1943bd2d95d598582e9c1b27750"},
{file = "ruff-0.6.8-py3-none-musllinux_1_2_armv7l.whl", hash = "sha256:ce60058d3cdd8490e5e5471ef086b3f1e90ab872b548814e35930e21d848c9ce"},
{file = "ruff-0.6.8-py3-none-musllinux_1_2_i686.whl", hash = "sha256:1085c455d1b3fdb8021ad534379c60353b81ba079712bce7a900e834859182fa"},
{file = "ruff-0.6.8-py3-none-musllinux_1_2_x86_64.whl", hash = "sha256:70edf6a93b19481affd287d696d9e311388d808671bc209fb8907b46a8c3af44"},
{file = "ruff-0.6.8-py3-none-win32.whl", hash = "sha256:792213f7be25316f9b46b854df80a77e0da87ec66691e8f012f887b4a671ab5a"},
{file = "ruff-0.6.8-py3-none-win_amd64.whl", hash = "sha256:ec0517dc0f37cad14a5319ba7bba6e7e339d03fbf967a6d69b0907d61be7a263"},
{file = "ruff-0.6.8-py3-none-win_arm64.whl", hash = "sha256:8d3bb2e3fbb9875172119021a13eed38849e762499e3cfde9588e4b4d70968dc"},
{file = "ruff-0.6.8.tar.gz", hash = "sha256:a5bf44b1aa0adaf6d9d20f86162b34f7c593bfedabc51239953e446aefc8ce18"},
]
[[package]]

68
tests/wdio/package-lock.json generated
View File

@ -16,8 +16,8 @@
"@types/mocha": "^10.0.8",
"@typescript-eslint/eslint-plugin": "^8.7.0",
"@typescript-eslint/parser": "^8.7.0",
"@wdio/cli": "^9.1.0",
"@wdio/local-runner": "^9.1.0",
"@wdio/cli": "^9.1.1",
"@wdio/local-runner": "^9.1.1",
"@wdio/mocha-framework": "^9.1.0",
"@wdio/spec-reporter": "^9.1.0",
"eslint": "^9.11.1",
@ -4655,15 +4655,15 @@
}
},
"node_modules/@wdio/cli": {
"version": "9.1.0",
"resolved": "https://registry.npmjs.org/@wdio/cli/-/cli-9.1.0.tgz",
"integrity": "sha512-He0vvMXaCJ5t9UePOu6fyGhSRM7YqB8O2C7Wzgm2n1E2OidFjxImbyp9yq4Lh6sAbch5H9Rf8V5tK/bnizZyYg==",
"version": "9.1.1",
"resolved": "https://registry.npmjs.org/@wdio/cli/-/cli-9.1.1.tgz",
"integrity": "sha512-RECj2AwAL8yDpLvX962OXnYk6KnqioLSlTckBRXfNIDGAHEB4oP5+FxwGbFsxQgu9+BN1GIujZYXdnRt71+I6A==",
"dev": true,
"dependencies": {
"@types/node": "^20.1.1",
"@vitest/snapshot": "^1.2.1",
"@wdio/config": "9.1.0",
"@wdio/globals": "9.1.0",
"@wdio/globals": "9.1.1",
"@wdio/logger": "9.1.0",
"@wdio/protocols": "9.0.8",
"@wdio/types": "9.1.0",
@ -4683,7 +4683,7 @@
"read-pkg-up": "^10.0.0",
"recursive-readdir": "^2.2.3",
"tsx": "^4.7.2",
"webdriverio": "9.1.0",
"webdriverio": "9.1.1",
"yargs": "^17.7.2"
},
"bin": {
@ -4763,28 +4763,28 @@
}
},
"node_modules/@wdio/globals": {
"version": "9.1.0",
"resolved": "https://registry.npmjs.org/@wdio/globals/-/globals-9.1.0.tgz",
"integrity": "sha512-p+SrBKHVMEho+QC+PmTdkuvSzJel+RWlMMTab7y7AlLJvS6NOzQFAp32IJP+PN2RqZ88DXm/ugUybe/6iYZnwA==",
"version": "9.1.1",
"resolved": "https://registry.npmjs.org/@wdio/globals/-/globals-9.1.1.tgz",
"integrity": "sha512-Zk67/yOLm5e3Xl1wEBq77HVmXz0ijh17ipFM0eFL1jf2ErDg+k/OLW++JDxSnrpibnCUZD2f2dsuO60lEJ/6Xg==",
"dev": true,
"engines": {
"node": ">=18.20.0"
},
"optionalDependencies": {
"expect-webdriverio": "^5.0.1",
"webdriverio": "9.1.0"
"webdriverio": "9.1.1"
}
},
"node_modules/@wdio/local-runner": {
"version": "9.1.0",
"resolved": "https://registry.npmjs.org/@wdio/local-runner/-/local-runner-9.1.0.tgz",
"integrity": "sha512-RUVZZAonZZsu7qDF9QVR6wShK3rO0QlFkb6C3LFTaCv5vkb3/bbDbGXZhsCmiGSBxtkW/qVlhBiNH79oVfGZWw==",
"version": "9.1.1",
"resolved": "https://registry.npmjs.org/@wdio/local-runner/-/local-runner-9.1.1.tgz",
"integrity": "sha512-PsGb3BDC6Z0m6BZoOCdoJRAP7dEkJ1xxyNMHznazbVwRCeCJAERoWlseZdxwbm9biR82bpt0YoDhbqyeIhSxUg==",
"dev": true,
"dependencies": {
"@types/node": "^20.1.0",
"@wdio/logger": "9.1.0",
"@wdio/repl": "9.0.8",
"@wdio/runner": "9.1.0",
"@wdio/runner": "9.1.1",
"@wdio/types": "9.1.0",
"async-exit-hook": "^2.0.1",
"split2": "^4.1.0",
@ -4923,31 +4923,31 @@
}
},
"node_modules/@wdio/runner": {
"version": "9.1.0",
"resolved": "https://registry.npmjs.org/@wdio/runner/-/runner-9.1.0.tgz",
"integrity": "sha512-+WCfIfH+OOLbfaqYhwC+gE37Y0MtJSvBPHEoq6wLrIS8FMhysI5cGWXz+9fpdC29n0wZiMWVoXGvRFBLOHvtYA==",
"version": "9.1.1",
"resolved": "https://registry.npmjs.org/@wdio/runner/-/runner-9.1.1.tgz",
"integrity": "sha512-/kgcbP6lrVQVQB5JlqszE/LW1dYlyCpt0WC0B6ZO+rPxTof546iA4//YhEg0p74E2C/GI5PrLlU7lMVNcJv40Q==",
"dev": true,
"dependencies": {
"@types/node": "^20.11.28",
"@wdio/config": "9.1.0",
"@wdio/globals": "9.1.0",
"@wdio/globals": "9.1.1",
"@wdio/logger": "9.1.0",
"@wdio/types": "9.1.0",
"@wdio/utils": "9.1.0",
"deepmerge-ts": "^7.0.3",
"expect-webdriverio": "^5.0.1",
"gaze": "^1.1.3",
"webdriver": "9.1.0",
"webdriverio": "9.1.0"
"webdriver": "9.1.1",
"webdriverio": "9.1.1"
},
"engines": {
"node": ">=18.20.0"
}
},
"node_modules/@wdio/runner/node_modules/@types/node": {
"version": "20.16.6",
"resolved": "https://registry.npmjs.org/@types/node/-/node-20.16.6.tgz",
"integrity": "sha512-T7PpxM/6yeDE+AdlVysT62BX6/bECZOmQAgiFg5NoBd5MQheZ3tzal7f1wvzfiEcmrcJNRi2zRr2nY2zF+0uqw==",
"version": "20.16.9",
"resolved": "https://registry.npmjs.org/@types/node/-/node-20.16.9.tgz",
"integrity": "sha512-rkvIVJxsOfBejxK7I0FO5sa2WxFmJCzoDwcd88+fq/CUfynNywTo/1/T6hyFz22CyztsnLS9nVlHOnTI36RH5w==",
"dev": true,
"dependencies": {
"undici-types": "~6.19.2"
@ -15053,9 +15053,9 @@
}
},
"node_modules/webdriver": {
"version": "9.1.0",
"resolved": "https://registry.npmjs.org/webdriver/-/webdriver-9.1.0.tgz",
"integrity": "sha512-cdTAJ3OFyAEsQVDNqwP8f21I/xaazIotSHrLGcIgIwgfe4rzQpnpXxz2UnXQTtSjjnVmVoYOUAmYhScO02+uww==",
"version": "9.1.1",
"resolved": "https://registry.npmjs.org/webdriver/-/webdriver-9.1.1.tgz",
"integrity": "sha512-XRZitu+W3xpnuA6gFgiSGBCt2P8m4g2Yzt+zXgPqlKiDGwr27F5m40pP2AnlQBlQO7hw0OJJa68QR1KW2D9cHA==",
"dev": true,
"dependencies": {
"@types/node": "^20.1.0",
@ -15073,18 +15073,18 @@
}
},
"node_modules/webdriver/node_modules/@types/node": {
"version": "20.16.6",
"resolved": "https://registry.npmjs.org/@types/node/-/node-20.16.6.tgz",
"integrity": "sha512-T7PpxM/6yeDE+AdlVysT62BX6/bECZOmQAgiFg5NoBd5MQheZ3tzal7f1wvzfiEcmrcJNRi2zRr2nY2zF+0uqw==",
"version": "20.16.9",
"resolved": "https://registry.npmjs.org/@types/node/-/node-20.16.9.tgz",
"integrity": "sha512-rkvIVJxsOfBejxK7I0FO5sa2WxFmJCzoDwcd88+fq/CUfynNywTo/1/T6hyFz22CyztsnLS9nVlHOnTI36RH5w==",
"dev": true,
"dependencies": {
"undici-types": "~6.19.2"
}
},
"node_modules/webdriverio": {
"version": "9.1.0",
"resolved": "https://registry.npmjs.org/webdriverio/-/webdriverio-9.1.0.tgz",
"integrity": "sha512-6wJ7emnLhxJ3F10cUGaBjzgaabZCByAdNA59/J0Ctg/i40lOdsmHpoYVktlbXYUeOdqUC0raVLi6pngBOSqL1g==",
"version": "9.1.1",
"resolved": "https://registry.npmjs.org/webdriverio/-/webdriverio-9.1.1.tgz",
"integrity": "sha512-jREz3Vy7ItpNn0HG/vh5oZYAzSv4PGGy8mxht7j4BXkcUjkPCBfHtAAXHRwwJVxu1rWJLzn4QhfjLIaEFe73NA==",
"dev": true,
"dependencies": {
"@types/node": "^20.11.30",
@ -15113,7 +15113,7 @@
"rgb2hex": "0.2.5",
"serialize-error": "^11.0.3",
"urlpattern-polyfill": "^10.0.0",
"webdriver": "9.1.0"
"webdriver": "9.1.1"
},
"engines": {
"node": ">=18.20.0"

4
tests/wdio/package.json
View File

@ -11,8 +11,8 @@
"@types/mocha": "^10.0.8",
"@typescript-eslint/eslint-plugin": "^8.7.0",
"@typescript-eslint/parser": "^8.7.0",
"@wdio/cli": "^9.1.0",
"@wdio/local-runner": "^9.1.0",
"@wdio/cli": "^9.1.1",
"@wdio/local-runner": "^9.1.1",
"@wdio/mocha-framework": "^9.1.0",
"@wdio/spec-reporter": "^9.1.0",
"eslint-plugin-lit": "^1.14.0",

177
web/package-lock.json generated
View File

@ -29,7 +29,7 @@
"@lit/reactive-element": "^2.0.4",
"@lit/task": "^1.0.1",
"@open-wc/lit-helpers": "^0.7.0",
"@patternfly/elements": "^4.0.1",
"@patternfly/elements": "^4.0.2",
"@patternfly/patternfly": "^4.224.2",
"@sentry/browser": "^8.32.0",
"@webcomponents/webcomponentsjs": "^2.8.0",
@ -83,12 +83,17 @@
"@types/eslint__js": "^8.42.3",
"@types/grecaptcha": "^3.0.9",
"@types/guacamole-common-js": "1.5.2",
"@types/node": "^22.7.2",
"@types/node": "^22.7.3",
"@types/showdown": "^2.0.6",
"@typescript-eslint/eslint-plugin": "^8.7.0",
"@typescript-eslint/parser": "^8.7.0",
<<<<<<< HEAD
"@wdio/browser-runner": "^8.40.2",
"@wdio/cli": "^8.40.2",
=======
"@wdio/browser-runner": "^9.1.1",
"@wdio/cli": "^9.1.1",
>>>>>>> main
"@wdio/mocha-framework": "^9.1.0",
"@wdio/spec-reporter": "^9.1.0",
"babel-plugin-macros": "^3.1.0",
@ -4555,10 +4560,9 @@
}
},
"node_modules/@patternfly/elements": {
"version": "4.0.1",
"resolved": "https://registry.npmjs.org/@patternfly/elements/-/elements-4.0.1.tgz",
"integrity": "sha512-uYRfT6v3mPEJz/ty8XGIOqxaS7mr/UJT/uBTgcwAPFalTVmNnoVKMFlCEGxUnAQXS9FNeu2Ir4ycpLy6LFbApQ==",
"license": "MIT",
"version": "4.0.2",
"resolved": "https://registry.npmjs.org/@patternfly/elements/-/elements-4.0.2.tgz",
"integrity": "sha512-JaM4l2aWE4GXVzqWN90oYsi2w4YhkWWG18cSDoh0qemi8iZNoD74DrUYn1KdZz3FS7q2G05X7ST4wr7qbsOceQ==",
"dependencies": {
"@lit/context": "^1.1.2",
"@patternfly/icons": "^1.0.3",
@ -9781,9 +9785,9 @@
"license": "MIT"
},
"node_modules/@types/node": {
"version": "22.7.2",
"resolved": "https://registry.npmjs.org/@types/node/-/node-22.7.2.tgz",
"integrity": "sha512-866lXSrpGpgyHBZUa2m9YNWqHDjjM0aBTJlNtYaGEw4rqY/dcD7deRVTbBBAJelfA7oaGDbNftXF/TL/A6RgoA==",
"version": "22.7.3",
"resolved": "https://registry.npmjs.org/@types/node/-/node-22.7.3.tgz",
"integrity": "sha512-qXKfhXXqGTyBskvWEzJZPUxSslAiLaB6JGP1ic/XTH9ctGgzdgYguuLP1C601aRTSDNlLb0jbKqXjZ48GNraSA==",
"dev": true,
"dependencies": {
"undici-types": "~6.19.2"
@ -10219,13 +10223,20 @@
"license": "MIT"
},
"node_modules/@wdio/browser-runner": {
<<<<<<< HEAD
"version": "8.40.5",
"resolved": "https://registry.npmjs.org/@wdio/browser-runner/-/browser-runner-8.40.5.tgz",
"integrity": "sha512-JFDB4SzrXOu2lDfRDDrQ6z+LlcywYqv2YPX0Tr7tv2Vpt3V3Ztv6bVrz8z/S6AE9F+JdOA20GIKS4cunUqaEqA==",
=======
"version": "9.1.1",
"resolved": "https://registry.npmjs.org/@wdio/browser-runner/-/browser-runner-9.1.1.tgz",
"integrity": "sha512-T1qusYaKKVfOUoGCv3unRt/iA1+lDDZIXgebIH7ik2pUiR7CwjOktROzIo9/1oqWFSf2AgJ0Q3dt8mCAzoSuwQ==",
>>>>>>> main
"dev": true,
"dependencies": {
"@babel/plugin-proposal-class-properties": "^7.18.6",
"@originjs/vite-plugin-commonjs": "^1.0.3",
<<<<<<< HEAD
"@types/istanbul-lib-source-maps": "^4.0.1",
"@vitest/spy": "^2.0.3",
"@wdio/globals": "8.40.5",
@ -10237,6 +10248,19 @@
"@wdio/types": "8.40.3",
"@wdio/utils": "8.40.3",
"deepmerge-ts": "^5.0.0",
=======
"@types/istanbul-lib-source-maps": "^4.0.4",
"@vitest/spy": "^2.0.4",
"@wdio/globals": "9.1.1",
"@wdio/local-runner": "9.1.1",
"@wdio/logger": "9.1.0",
"@wdio/mocha-framework": "9.1.0",
"@wdio/protocols": "9.0.8",
"@wdio/runner": "9.1.1",
"@wdio/types": "9.1.0",
"@wdio/utils": "9.1.0",
"deepmerge-ts": "^7.0.3",
>>>>>>> main
"expect": "^29.7.0",
"expect-webdriverio": "^4.11.2",
"get-port": "^7.0.0",
@ -10252,9 +10276,15 @@
"source-map-support": "^0.5.21",
"vite": "~4.5.0",
"vite-plugin-istanbul": "^6.0.0",
<<<<<<< HEAD
"vite-plugin-top-level-await": "^1.3.0",
"webdriver": "8.40.3",
"webdriverio": "8.40.5"
=======
"vite-plugin-top-level-await": "^1.4.1",
"webdriver": "9.1.1",
"webdriverio": "9.1.1"
>>>>>>> main
},
"engines": {
"node": "^16.13 || >=18"
@ -10839,6 +10869,7 @@
"esbuild": "^0.14.0 || ^0.15.0 || ^0.16.0 || ^0.17.0 || ^0.18.0"
}
},
<<<<<<< HEAD
"node_modules/@wdio/browser-runner/node_modules/ms": {
"version": "2.1.2",
"resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz",
@ -10960,6 +10991,22 @@
"@wdio/protocols": "8.40.3",
"@wdio/types": "8.40.3",
"@wdio/utils": "8.40.3",
=======
"node_modules/@wdio/cli": {
"version": "9.1.1",
"resolved": "https://registry.npmjs.org/@wdio/cli/-/cli-9.1.1.tgz",
"integrity": "sha512-RECj2AwAL8yDpLvX962OXnYk6KnqioLSlTckBRXfNIDGAHEB4oP5+FxwGbFsxQgu9+BN1GIujZYXdnRt71+I6A==",
"dev": true,
"dependencies": {
"@types/node": "^20.1.1",
"@vitest/snapshot": "^1.2.1",
"@wdio/config": "9.1.0",
"@wdio/globals": "9.1.1",
"@wdio/logger": "9.1.0",
"@wdio/protocols": "9.0.8",
"@wdio/types": "9.1.0",
"@wdio/utils": "9.1.0",
>>>>>>> main
"async-exit-hook": "^2.0.1",
"chalk": "^5.2.0",
"chokidar": "^3.5.3",
@ -10974,7 +11021,12 @@
"lodash.union": "^4.6.0",
"read-pkg-up": "10.0.0",
"recursive-readdir": "^2.2.3",
<<<<<<< HEAD
"webdriverio": "8.40.5",
=======
"tsx": "^4.7.2",
"webdriverio": "9.1.1",
>>>>>>> main
"yargs": "^17.7.2"
},
"bin": {
@ -11391,6 +11443,7 @@
"url": "https://github.com/sponsors/isaacs"
}
},
<<<<<<< HEAD
"node_modules/@wdio/config/node_modules/proxy-agent": {
"version": "6.3.1",
"resolved": "https://registry.npmjs.org/proxy-agent/-/proxy-agent-6.3.1.tgz",
@ -11414,6 +11467,12 @@
"version": "7.18.3",
"resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-7.18.3.tgz",
"integrity": "sha512-jumlc0BIUrS3qJGgIkWZsyfAM7NCWiBcCDhnd+3NNM5KbBmLTgHVfWBcg6W+rLUsIpzpERPsvwUP7CckAQSOoA==",
=======
"node_modules/@wdio/globals": {
"version": "9.1.1",
"resolved": "https://registry.npmjs.org/@wdio/globals/-/globals-9.1.1.tgz",
"integrity": "sha512-Zk67/yOLm5e3Xl1wEBq77HVmXz0ijh17ipFM0eFL1jf2ErDg+k/OLW++JDxSnrpibnCUZD2f2dsuO60lEJ/6Xg==",
>>>>>>> main
"dev": true,
"engines": {
"node": ">=12"
@ -11439,6 +11498,7 @@
"node": "^16.13 || >=18"
},
"optionalDependencies": {
<<<<<<< HEAD
"expect-webdriverio": "^4.11.2",
"webdriverio": "8.40.5"
}
@ -11454,6 +11514,23 @@
"@wdio/repl": "8.40.3",
"@wdio/runner": "8.40.5",
"@wdio/types": "8.40.3",
=======
"expect-webdriverio": "^5.0.1",
"webdriverio": "9.1.1"
}
},
"node_modules/@wdio/local-runner": {
"version": "9.1.1",
"resolved": "https://registry.npmjs.org/@wdio/local-runner/-/local-runner-9.1.1.tgz",
"integrity": "sha512-PsGb3BDC6Z0m6BZoOCdoJRAP7dEkJ1xxyNMHznazbVwRCeCJAERoWlseZdxwbm9biR82bpt0YoDhbqyeIhSxUg==",
"dev": true,
"dependencies": {
"@types/node": "^20.1.0",
"@wdio/logger": "9.1.0",
"@wdio/repl": "9.0.8",
"@wdio/runner": "9.1.1",
"@wdio/types": "9.1.0",
>>>>>>> main
"async-exit-hook": "^2.0.1",
"split2": "^4.1.0",
"stream-buffers": "^3.0.2"
@ -11462,10 +11539,17 @@
"node": "^16.13 || >=18"
}
},
<<<<<<< HEAD
"node_modules/@wdio/local-runner/node_modules/@wdio/logger": {
"version": "8.38.0",
"resolved": "https://registry.npmjs.org/@wdio/logger/-/logger-8.38.0.tgz",
"integrity": "sha512-kcHL86RmNbcQP+Gq/vQUGlArfU6IIcbbnNp32rRIraitomZow+iEoc519rdQmSVusDozMS5DZthkgDdxK+vz6Q==",
=======
"node_modules/@wdio/local-runner/node_modules/@types/node": {
"version": "20.16.9",
"resolved": "https://registry.npmjs.org/@types/node/-/node-20.16.9.tgz",
"integrity": "sha512-rkvIVJxsOfBejxK7I0FO5sa2WxFmJCzoDwcd88+fq/CUfynNywTo/1/T6hyFz22CyztsnLS9nVlHOnTI36RH5w==",
>>>>>>> main
"dev": true,
"dependencies": {
"chalk": "^5.1.2",
@ -11609,6 +11693,7 @@
}
},
"node_modules/@wdio/runner": {
<<<<<<< HEAD
"version": "8.40.5",
"resolved": "https://registry.npmjs.org/@wdio/runner/-/runner-8.40.5.tgz",
"integrity": "sha512-5sKORwwps0fvuPDfBbBz+jm8RV2xBV4xBGOLHiad6Mpruzc7+uDwxz6ILkE+CErQhJoNdB99YOOm2foh+aO4Ww==",
@ -11625,15 +11710,40 @@
"gaze": "^1.1.3",
"webdriver": "8.40.3",
"webdriverio": "8.40.5"
=======
"version": "9.1.1",
"resolved": "https://registry.npmjs.org/@wdio/runner/-/runner-9.1.1.tgz",
"integrity": "sha512-/kgcbP6lrVQVQB5JlqszE/LW1dYlyCpt0WC0B6ZO+rPxTof546iA4//YhEg0p74E2C/GI5PrLlU7lMVNcJv40Q==",
"dev": true,
"dependencies": {
"@types/node": "^20.11.28",
"@wdio/config": "9.1.0",
"@wdio/globals": "9.1.1",
"@wdio/logger": "9.1.0",
"@wdio/types": "9.1.0",
"@wdio/utils": "9.1.0",
"deepmerge-ts": "^7.0.3",
"expect-webdriverio": "^5.0.1",
"gaze": "^1.1.3",
"webdriver": "9.1.1",
"webdriverio": "9.1.1"
>>>>>>> main
},
"engines": {
"node": "^16.13 || >=18"
}
},
<<<<<<< HEAD
"node_modules/@wdio/runner/node_modules/@puppeteer/browsers": {
"version": "1.9.1",
"resolved": "https://registry.npmjs.org/@puppeteer/browsers/-/browsers-1.9.1.tgz",
"integrity": "sha512-PuvK6xZzGhKPvlx3fpfdM2kYY3P/hB1URtK8wA7XUJ6prn6pp22zvJHu48th0SGcHL9SutbPHrFuQgfXTFobWA==",
=======
"node_modules/@wdio/runner/node_modules/@types/node": {
"version": "20.16.9",
"resolved": "https://registry.npmjs.org/@types/node/-/node-20.16.9.tgz",
"integrity": "sha512-rkvIVJxsOfBejxK7I0FO5sa2WxFmJCzoDwcd88+fq/CUfynNywTo/1/T6hyFz22CyztsnLS9nVlHOnTI36RH5w==",
>>>>>>> main
"dev": true,
"dependencies": {
"debug": "4.3.4",
@ -27364,9 +27474,15 @@
}
},
"node_modules/webdriver": {
<<<<<<< HEAD
"version": "8.40.3",
"resolved": "https://registry.npmjs.org/webdriver/-/webdriver-8.40.3.tgz",
"integrity": "sha512-mc/pxLpgAQphnIaWvix/QXzp9CJpEvIA3YeF9t5plPaTbvbEaCAYYWkTP6e3vYPYWvx57krjGaYkNUnDCBNolA==",
=======
"version": "9.1.1",
"resolved": "https://registry.npmjs.org/webdriver/-/webdriver-9.1.1.tgz",
"integrity": "sha512-XRZitu+W3xpnuA6gFgiSGBCt2P8m4g2Yzt+zXgPqlKiDGwr27F5m40pP2AnlQBlQO7hw0OJJa68QR1KW2D9cHA==",
>>>>>>> main
"dev": true,
"dependencies": {
"@types/node": "^22.2.0",
@ -27385,10 +27501,17 @@
"node": "^16.13 || >=18"
}
},
<<<<<<< HEAD
"node_modules/webdriver/node_modules/@puppeteer/browsers": {
"version": "1.9.1",
"resolved": "https://registry.npmjs.org/@puppeteer/browsers/-/browsers-1.9.1.tgz",
"integrity": "sha512-PuvK6xZzGhKPvlx3fpfdM2kYY3P/hB1URtK8wA7XUJ6prn6pp22zvJHu48th0SGcHL9SutbPHrFuQgfXTFobWA==",
=======
"node_modules/webdriver/node_modules/@types/node": {
"version": "20.16.9",
"resolved": "https://registry.npmjs.org/@types/node/-/node-20.16.9.tgz",
"integrity": "sha512-rkvIVJxsOfBejxK7I0FO5sa2WxFmJCzoDwcd88+fq/CUfynNywTo/1/T6hyFz22CyztsnLS9nVlHOnTI36RH5w==",
>>>>>>> main
"dev": true,
"dependencies": {
"debug": "4.3.4",
@ -27541,9 +27664,15 @@
}
},
"node_modules/webdriverio": {
<<<<<<< HEAD
"version": "8.40.5",
"resolved": "https://registry.npmjs.org/webdriverio/-/webdriverio-8.40.5.tgz",
"integrity": "sha512-fKzaAF8lbgVFWIP8i0eGk22MpjactVVTWP8qtUXDob5Kdo8ffrg1lCKP8mcyrz6fiZM1OY1m6dvkbFelf23Nxw==",
=======
"version": "9.1.1",
"resolved": "https://registry.npmjs.org/webdriverio/-/webdriverio-9.1.1.tgz",
"integrity": "sha512-jREz3Vy7ItpNn0HG/vh5oZYAzSv4PGGy8mxht7j4BXkcUjkPCBfHtAAXHRwwJVxu1rWJLzn4QhfjLIaEFe73NA==",
>>>>>>> main
"dev": true,
"dependencies": {
"@types/node": "^22.2.0",
@ -27569,8 +27698,14 @@
"query-selector-shadow-dom": "^1.0.0",
"resq": "^1.9.1",
"rgb2hex": "0.2.5",
<<<<<<< HEAD
"serialize-error": "^11.0.1",
"webdriver": "8.40.3"
=======
"serialize-error": "^11.0.3",
"urlpattern-polyfill": "^10.0.0",
"webdriver": "9.1.1"
>>>>>>> main
},
"engines": {
"node": "^16.13 || >=18"
@ -28459,7 +28594,9 @@
"chokidar": {
"optional": true
}
}
},
"resolved": "https://registry.npmjs.org/@swc/cli/-/cli-0.4.0.tgz",
"integrity": "sha512-4JdVrPtF/4rCMXp6Q1h5I6YkYZrCCcqod7Wk97ZQq7K8vNGzJUryBv4eHCvqx5sJOJBrbYm9fcswe1B0TygNoA=="
},
"packages/sfe/node_modules/chokidar": {
"version": "3.6.0",
@ -28484,7 +28621,9 @@
},
"optionalDependencies": {
"fsevents": "~2.3.2"
}
},
"resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.6.0.tgz",
"integrity": "sha512-7VT13fmjotKpGipCW9JEQAusEPE+Ei8nl6/g4FBAmIm0GOOLMua9NDDo/DWp0ZAxCr3cPq5ZpBqmPAQgDda2Pw=="
},
"packages/sfe/node_modules/commander": {
"version": "8.3.0",
@ -28492,7 +28631,9 @@
"license": "MIT",
"engines": {
"node": ">= 12"
}
},
"resolved": "https://registry.npmjs.org/commander/-/commander-8.3.0.tgz",
"integrity": "sha512-OkTL9umf+He2DZkUq8f8J9of7yL6RJKI24dVITBmNfZBmri9zYZQrKkuXiKhyfPSu8tUhnVBB1iKXevvnlR4Ww=="
},
"packages/sfe/node_modules/glob-parent": {
"version": "5.1.2",
@ -28505,7 +28646,9 @@
},
"engines": {
"node": ">= 6"
}
},
"resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz",
"integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow=="
},
"packages/sfe/node_modules/picomatch": {
"version": "2.3.1",
@ -28532,7 +28675,9 @@
},
"engines": {
"node": ">=8.10.0"
}
},
"resolved": "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz",
"integrity": "sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA=="
},
"packages/sfe/node_modules/semver": {
"version": "7.6.3",
@ -28543,7 +28688,9 @@
},
"engines": {
"node": ">=10"
}
},
"resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
"integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A=="
}
}
}

10
web/package.json
View File

@ -17,7 +17,7 @@
"@lit/reactive-element": "^2.0.4",
"@lit/task": "^1.0.1",
"@open-wc/lit-helpers": "^0.7.0",
"@patternfly/elements": "^4.0.1",
"@patternfly/elements": "^4.0.2",
"@patternfly/patternfly": "^4.224.2",
"@sentry/browser": "^8.32.0",
"@webcomponents/webcomponentsjs": "^2.8.0",
@ -71,12 +71,12 @@
"@types/eslint__js": "^8.42.3",
"@types/grecaptcha": "^3.0.9",
"@types/guacamole-common-js": "1.5.2",
"@types/node": "^22.7.2",
"@types/node": "^22.7.3",
"@types/showdown": "^2.0.6",
"@typescript-eslint/eslint-plugin": "^8.7.0",
"@typescript-eslint/parser": "^8.7.0",
"@wdio/browser-runner": "^8.40.2",
"@wdio/cli": "^8.40.2",
"@wdio/browser-runner": "^9.1.1",
"@wdio/cli": "^9.1.1",
"@wdio/mocha-framework": "^9.1.0",
"@wdio/spec-reporter": "^9.1.0",
"babel-plugin-macros": "^3.1.0",
@ -262,7 +262,7 @@
"lint:lockfile": {
"__comment": "The lockfile-lint package does not have an option to ensure resolved hashes are set everywhere",
"shell": true,
"command": "[ -z \"$(jq -r '.packages | to_entries[] | select((.key | startswith(\"node_modules\")) and (.value | has(\"resolved\") | not)) | .key' < package-lock.json)\" ]"
"command": "[ -z \"$(jq -r '.packages | to_entries[] | select((.key | contains(\"node_modules\")) and (.value | has(\"resolved\") | not)) | .key' < package-lock.json)\" ]"
},
"lint:lockfiles": {
"dependencies": [

40
web/xliff/zh-Hans.xlf
View File

@ -1,4 +1,4 @@
<?xml version="1.0" ?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
<?xml version="1.0"?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
<file target-language="zh-Hans" source-language="en" original="lit-localize-inputs" datatype="plaintext">
<body>
<trans-unit id="s4caed5b7a7e5d89b">
@ -596,9 +596,9 @@
</trans-unit>
<trans-unit id="saa0e2675da69651b">
<source>The URL &quot;<x id="0" equiv-text="${this.url}"/>&quot; was not found.</source>
<target>未找到 URL &quot;
<x id="0" equiv-text="${this.url}"/>&quot;。</target>
<source>The URL "<x id="0" equiv-text="${this.url}"/>" was not found.</source>
<target>未找到 URL "
<x id="0" equiv-text="${this.url}"/>"。</target>
</trans-unit>
<trans-unit id="s58cd9c2fe836d9c6">
@ -1030,8 +1030,8 @@
</trans-unit>
<trans-unit id="sa8384c9c26731f83">
<source>To allow any redirect URI, set this value to &quot;.*&quot;. Be aware of the possible security implications this can have.</source>
<target>要允许任何重定向 URI请将此值设置为 &quot;.*&quot;。请注意这可能带来的安全影响。</target>
<source>To allow any redirect URI, set this value to ".*". Be aware of the possible security implications this can have.</source>
<target>要允许任何重定向 URI请将此值设置为 ".*"。请注意这可能带来的安全影响。</target>
</trans-unit>
<trans-unit id="s55787f4dfcdce52b">
@ -1752,8 +1752,8 @@
</trans-unit>
<trans-unit id="sa90b7809586c35ce">
<source>Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon &quot;fa-test&quot;.</source>
<target>输入完整 URL、相对路径或者使用 'fa://fa-test' 来使用 Font Awesome 图标 &quot;fa-test&quot;。</target>
<source>Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test".</source>
<target>输入完整 URL、相对路径或者使用 'fa://fa-test' 来使用 Font Awesome 图标 "fa-test"。</target>
</trans-unit>
<trans-unit id="s0410779cb47de312">
@ -2916,8 +2916,8 @@ doesn't pass when either or both of the selected options are equal or above the
</trans-unit>
<trans-unit id="s76768bebabb7d543">
<source>Field which contains members of a group. Note that if using the &quot;memberUid&quot; field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...'</source>
<target>包含组成员的字段。请注意,如果使用 &quot;memberUid&quot; 字段,则假定该值包含相对可分辨名称。例如,'memberUid=some-user' 而不是 'memberUid=cn=some-user,ou=groups,...'</target>
<source>Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...'</source>
<target>包含组成员的字段。请注意,如果使用 "memberUid" 字段,则假定该值包含相对可分辨名称。例如,'memberUid=some-user' 而不是 'memberUid=cn=some-user,ou=groups,...'</target>
</trans-unit>
<trans-unit id="s026555347e589f0e">
@ -3663,8 +3663,8 @@ doesn't pass when either or both of the selected options are equal or above the
</trans-unit>
<trans-unit id="s7b1fba26d245cb1c">
<source>When using an external logging solution for archiving, this can be set to &quot;minutes=5&quot;.</source>
<target>使用外部日志记录解决方案进行存档时,可以将其设置为 &quot;minutes=5&quot;。</target>
<source>When using an external logging solution for archiving, this can be set to "minutes=5".</source>
<target>使用外部日志记录解决方案进行存档时,可以将其设置为 "minutes=5"。</target>
</trans-unit>
<trans-unit id="s44536d20bb5c8257">
@ -3840,10 +3840,10 @@ doesn't pass when either or both of the selected options are equal or above the
</trans-unit>
<trans-unit id="sa95a538bfbb86111">
<source>Are you sure you want to update <x id="0" equiv-text="${this.objectLabel}"/> &quot;<x id="1" equiv-text="${this.obj?.name}"/>&quot;?</source>
<source>Are you sure you want to update <x id="0" equiv-text="${this.objectLabel}"/> "<x id="1" equiv-text="${this.obj?.name}"/>"?</source>
<target>您确定要更新
<x id="0" equiv-text="${this.objectLabel}"/>&quot;
<x id="1" equiv-text="${this.obj?.name}"/>&quot; 吗?</target>
<x id="0" equiv-text="${this.objectLabel}"/>"
<x id="1" equiv-text="${this.obj?.name}"/>" 吗?</target>
</trans-unit>
<trans-unit id="sc92d7cfb6ee1fec6">
@ -4919,7 +4919,7 @@ doesn't pass when either or both of the selected options are equal or above the
</trans-unit>
<trans-unit id="sdf1d8edef27236f0">
<source>A &quot;roaming&quot; authenticator, like a YubiKey</source>
<source>A "roaming" authenticator, like a YubiKey</source>
<target>像 YubiKey 这样的“漫游”身份验证器</target>
</trans-unit>
@ -5298,7 +5298,7 @@ doesn't pass when either or both of the selected options are equal or above the
</trans-unit>
<trans-unit id="s1608b2f94fa0dbd4">
<source>If set to a duration above 0, the user will have the option to choose to &quot;stay signed in&quot;, which will extend their session by the time specified here.</source>
<source>If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here.</source>
<target>如果设置时长大于 0用户可以选择“保持登录”选项这将使用户的会话延长此处设置的时间。</target>
</trans-unit>
@ -7722,7 +7722,7 @@ Bindings to groups/users are checked against the user of the event.</source>
<target>成功创建用户并添加到组 <x id="0" equiv-text="${this.group.name}"/></target>
</trans-unit>
<trans-unit id="s824e0943a7104668">
<source>This user will be added to the group &quot;<x id="0" equiv-text="${this.targetGroup.name}"/>&quot;.</source>
<source>This user will be added to the group "<x id="0" equiv-text="${this.targetGroup.name}"/>".</source>
<target>此用户将会被添加到组 &amp;quot;<x id="0" equiv-text="${this.targetGroup.name}"/>&amp;quot;。</target>
</trans-unit>
<trans-unit id="s62e7f6ed7d9cb3ca">
@ -9084,7 +9084,7 @@ Bindings to groups/users are checked against the user of the event.</source>
<target>同步组</target>
</trans-unit>
<trans-unit id="s2d5f69929bb7221d">
<source><x id="0" equiv-text="${prompt.name}"/> (&quot;<x id="1" equiv-text="${prompt.fieldKey}"/>&quot;, of type <x id="2" equiv-text="${prompt.type}"/>)</source>
<source><x id="0" equiv-text="${prompt.name}"/> ("<x id="1" equiv-text="${prompt.fieldKey}"/>", of type <x id="2" equiv-text="${prompt.type}"/>)</source>
<target><x id="0" equiv-text="${prompt.name}"/>&amp;quot;<x id="1" equiv-text="${prompt.fieldKey}"/>&amp;quot;,类型为 <x id="2" equiv-text="${prompt.type}"/></target>
</trans-unit>
<trans-unit id="sa38c5a2731be3a46">
@ -9097,4 +9097,4 @@ Bindings to groups/users are checked against the user of the event.</source>
</trans-unit>
</body>
</file>
</xliff>
</xliff>

3
website/.gitignore vendored
View File

@ -16,6 +16,9 @@
.env.test.local
.env.production.local
# Wireit's cache
.wireit
npm-debug.log*
yarn-debug.log*
yarn-error.log*

5
website/docs/releases/2024/v2024.6.md
View File

@ -235,6 +235,11 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2024.6
- security: fix [CVE-2024-42490](../../security/CVE-2024-42490.md), reported by [@m2a2](https://github.com/m2a2) (cherry-pick #11022) #11025
## Fixed in 2024.6.5
- security: fix [CVE-2024-47070](../../security/CVE-2024-47070.md), reported by [@efpi-bot](https://github.com/efpi-bot) from [LogicalTrust](https://logicaltrust.net/en/) (cherry-pick #11536) (#11540)
- security: fix [CVE-2024-47077](../../security/CVE-2024-47077.md), reported by [@quentinmit](https://github.com/quentinmit) (cherry-pick #11535) (#11538)
## API Changes
#### What's New

13
website/docs/releases/2024/v2024.8.md
View File

@ -261,7 +261,7 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2024.8
- web/admin: improve error handling (cherry-pick #11212) (#11219)
- web/users: show - if device was registered before we started saving the time (cherry-pick #11256) (#11257)
## Fixed on 2024.8.2
## Fixed in 2024.8.2
- core: ensure all providers have correct priority (cherry-pick #11280) (#11281)
- core: ensure proxy provider is correctly looked up (cherry-pick #11267) (#11269)
@ -275,6 +275,17 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2024.8
- web: revert lockfile lint, re-add integrity (#11380)
- web/admin: fix notification property mapping forms (cherry-pick #11298) (#11300)
## Fixed in 2024.8.3
- events: always use expiry from current tenant for events, not only when creating from HTTP request (cherry-pick #11415) (#11416)
- providers/proxy: fix traefik label generation (cherry-pick #11460) (#11480)
- security: [CVE-2024-47070](../../security/CVE-2024-47070.md), reported by [@efpi-bot](https://github.com/efpi-bot) from [LogicalTrust](https://logicaltrust.net/en/) (cherry-pick #11536) (#11539)
- security: [CVE-2024-47077](../../security/CVE-2024-47077.md), reported by [@quentinmit](https://github.com/quentinmit) (cherry-pick #11535) (#11537)
- sources/ldap: fix mapping check, fix debug endpoint (cherry-pick #11442) (#11498)
- sources/ldap: fix ms_ad userAccountControl not checking for lockout (cherry-pick #11532) (#11534)
- web: Fix missing integrity fields in package-lock.json (#11509)
- web/admin: fix Authentication flow being required (cherry-pick #11496) (#11497)
## API Changes
#### What's New

2
website/docs/security/CVE-2024-42490.md
View File

@ -2,7 +2,7 @@
_Reported by [@m2a2](https://github.com/m2a2)_
## Improper Authorization for Token modification
## Insufficient Authorization for several API endpoints
### Summary

35
website/docs/security/CVE-2024-47070.md Normal file
View File

@ -0,0 +1,35 @@
# CVE-2024-47070
_Reported by [@efpi-bot](https://github.com/efpi-bot) from [LogicalTrust](https://logicaltrust.net/en/)_
## Password authentication bypass via X-Forwarded-For HTTP header
### Summary
The vulnerability allows bypassing policies by adding X-Forwarded-For header with unparsable IP address, e.g. "a". This results in a possibility to authenticate/authorize to any account with known login or email address.
Since the default authentication flow uses a policy to enable the password stage only when there is no password stage selected on the Identification stage, this vulnerability can be used to skip this policy and continue without the password stage.
### Am I affected
This can be exploited for the following configurations:
- An attacker can access authentik without a reverse proxy (and `AUTHENTIK_LISTEN__TRUSTED_PROXY_CIDRS` is not configured properly)
- The reverse proxy configuration does not correctly overwrite X-Forwarded-For
- Policies (User and group bindings do _not_ apply) are bound to authentication/authorization flows
### Patches
authentik 2024.6.5 and 2024.8.3 fix this issue.
### Workarounds
Ensure the X-Forwarded-For header is always set by the reverse proxy, and is always set to a correct IP.
In addition you can manually change the _Failure result_ option on policy bindings to _Pass_, which will prevent any stages from being skipped if a malicious request is received.
### For more information
If you have any questions or comments about this advisory:
- Email us at [security@goauthentik.io](mailto:security@goauthentik.io)

25
website/docs/security/CVE-2024-47077.md Normal file
View File

@ -0,0 +1,25 @@
# CVE-2024-47077
_Reported by [@quentinmit](https://github.com/quentinmit)_
## Insufficient cross-provider token validation during introspection
### Summary
Access tokens issued to one application can be stolen by that application and used to impersonate the user against any other proxy provider. Also, a user can steal an access token they were legitimately issued for one application and use it to access another application that they aren't allowed to access.
### Details
The proxy provider uses `/application/o/introspect/` to validate bearer tokens provided in the `Authorization` header:
The implementation of this endpoint separately validates the `client_id` and `client_secret` (which are that of the proxy provider) and the `token` without validating that they correspond to the same provider.
### Patches
authentik 2024.6.5 and 2024.8.3 fix this issue.
### For more information
If you have any questions or comments about this advisory:
- Email us at [security@goauthentik.io](mailto:security@goauthentik.io)

8
website/docusaurus.config.ts
View File

@ -17,6 +17,14 @@ module.exports = async function (): Promise<Config> {
organizationName: "Authentik Security Inc.",
projectName: "authentik",
themeConfig: {
announcementBar: {
id: "new_docs_structure",
content:
'Change is hard, especially when a familiar site gets re-arranged. But we think the new layout is easier to navigate. Take a preview peek at the upcoming new <a target="_blank" rel="noopener noreferrer" href="https://deploy-preview-11522--authentik-docs.netlify.app/docs"> Docs structure!</a>',
backgroundColor: "#cc0099",
textColor: "#ffffff",
isCloseable: false,
},
image: "img/social.png",
navbar: {
logo: {

3132
website/package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

13
website/package.json
View File

@ -8,7 +8,7 @@
"build-bundled": "cp ../schema.yml static/schema.yaml && docusaurus gen-api-docs all && cross-env NODE_OPTIONS='--max_old_space_size=65536' docusaurus build",
"deploy": "docusaurus deploy",
"docusaurus": "docusaurus",
"lint:lockfile": "lockfile-lint --path package.json --type npm --allowed-hosts npm --validate-https",
"lint:lockfile": "wireit",
"prettier": "prettier --write .",
"prettier-check": "prettier --check .",
"serve": "docusaurus serve",
@ -56,9 +56,16 @@
"@docusaurus/types": "^3.3.2",
"@types/react": "^18.3.9",
"cross-env": "^7.0.3",
"lockfile-lint": "^4.14.0",
"prettier": "3.3.3",
"typescript": "~5.6.2"
"typescript": "~5.6.2",
"wireit": "^0.14.9"
},
"wireit": {
"lint:lockfile": {
"__comment": "The lockfile-lint package does not have an option to ensure resolved hashes are set everywhere",
"shell": true,
"command": "[ -z \"$(jq -r '.packages | to_entries[] | select((.key | contains(\"node_modules\")) and (.value | has(\"resolved\") | not)) | .key' < package-lock.json)\" ]"
}
},
"engines": {
"node": ">=20"

2
website/sidebars.js
View File

@ -521,6 +521,8 @@ const docsSidebar = {
items: [
"security/security-hardening",
"security/policy",
"security/CVE-2024-47077",
"security/CVE-2024-47070",
"security/CVE-2024-42490",
"security/CVE-2024-38371",
"security/CVE-2024-37905",