Merge branch 'master' into version-2021.12

website/docs/core/terminology.md

@@ -28,7 +28,7 @@ At a base level a policy is a yes/no gate. It will either evaluate to True or Fa
 
 See [Policies](./policies/)
 
-### Stages & Stages
+### Flows & Stages
 
 Flows are an ordered sequence of stages. These flows can be used to define how a user authenticates, enrolls, etc.
 

website/docs/flow/index.md

@@ -36,16 +36,16 @@ This stage should always contain a [**User Logout**](stages/user_logout.md) stag
 
 ### Enrollment
 
-This designates a flow for enrollment. This flow can contain any amount of verification stages, such as [**email**](stages/email/index.md) or [**captcha**](stages/captcha/index.md). At the end, to create the user, you can use the [**user_write**](stages/user_write.md) stage, which either updates the currently staged user, or if none exists, creates a new one.
+This designates a flow for enrollment. This flow can contain any amount of verification stages, such as [**email**](stages/email/) or [**captcha**](stages/captcha/). At the end, to create the user, you can use the [**user_write**](stages/user_write.md) stage, which either updates the currently staged user, or if none exists, creates a new one.
 
 ### Unenrollment
 
-This designates a flow for unenrollment. This flow can contain any amount of verification stages, such as [**email**](stages/email/index.md) or [**captcha**](stages/captcha/index.md). As a final stage, to delete the account, use the [**user_delete**](stages/user_delete.md) stage.
+This designates a flow for unenrollment. This flow can contain any amount of verification stages, such as [**email**](stages/email/) or [**captcha**](stages/captcha/). As a final stage, to delete the account, use the [**user_delete**](stages/user_delete.md) stage.
 
 ### Recovery
 
-This designates a flow for recovery. This flow normally contains an [**identification**](stages/identification/index.md) stage to find the user. It can also contain any amount of verification stages, such as [**email**](stages/email/index.md) or [**captcha**](stages/captcha/index.md).
-Afterwards, use the [**prompt**](stages/prompt/index.md) stage to ask the user for a new password and the [**user_write**](stages/user_write.md) stage to update the password.
+This designates a flow for recovery. This flow normally contains an [**identification**](stages/identification/) stage to find the user. It can also contain any amount of verification stages, such as [**email**](stages/email/) or [**captcha**](stages/captcha/).
+Afterwards, use the [**prompt**](stages/prompt/) stage to ask the user for a new password and the [**user_write**](stages/user_write.md) stage to update the password.
 
 ### Setup
 

website/docs/flow/stages/authenticator_validate/index.md

@@ -4,11 +4,11 @@ title: Authenticator Validation Stage
 
 This stage validates an already configured Authenticator Device. This device has to be configured using any of the other authenticator stages:
 
-- [Duo authenticator stage](../authenticator_duo/index.md)
-- [SMS authenticator stage](../authenticator_sms/index.md).
-- [Static authenticator stage](../authenticator_static/index.md).
-- [TOTP authenticator stage](../authenticator_totp/index.md)
-- [WebAuth authenticator stage](../authenticator_webauthn/index.md).
+- [Duo authenticator stage](../authenticator_duo/)
+- [SMS authenticator stage](../authenticator_sms/).
+- [Static authenticator stage](../authenticator_static/).
+- [TOTP authenticator stage](../authenticator_totp/)
+- [WebAuth authenticator stage](../authenticator_webauthn/).
 
 You can select which type of device classes are allowed.
 

website/docs/flow/stages/invitation/index.md

@@ -10,4 +10,4 @@ To check if a user has used an invitation within a policy, you can check `reques
 
 To use an invitation, use the URL `https://authentik.tld/if/flow/your-enrollment-flow/?itoken=invitation-token`.
 
-You can also prompt the user for an invite by using the [*Prompt stage*](../prompt/index.md) by using a field with a field key of `token`.
+You can also prompt the user for an invite by using the [*Prompt stage*](../prompt/) by using a field with a field key of `token`.

website/docs/installation/docker-compose.md

@@ -31,7 +31,7 @@ echo "AUTHENTIK_ERROR_REPORTING__ENABLED=true" >> .env
 
 ## Email configuration (optional, but recommended)
 
-It is also recommended to configure global email credentials. These are used by authentik to notify you about alerts and configuration issues. They can also be used by [Email stages](flow/stages/email/index.md) to send verification/recovery emails.
+It is also recommended to configure global email credentials. These are used by authentik to notify you about alerts and configuration issues. They can also be used by [Email stages](../flow/stages/email/) to send verification/recovery emails.
 
 Append this block to your `.env` file
 

website/docs/installation/kubernetes.md

@@ -46,4 +46,4 @@ helm install authentik authentik/authentik -f values.yaml
 
 This installation automatically applies database migrations on startup. After the installation is done, navigate to the `https://<ingress you've specified>/if/flow/initial-setup/`, to set a password for the akadmin user.
 
-It is also recommended to configure global email credentials. These are used by authentik to notify you about alerts, configuration issues. They can also be used by [Email stages](flow/stages/email/index.md) to send verification/recovery emails.
+It is also recommended to configure global email credentials. These are used by authentik to notify you about alerts, configuration issues. They can also be used by [Email stages](../flow/stages/email/) to send verification/recovery emails.

website/docs/providers/oauth2.md

@@ -4,7 +4,7 @@ title: OAuth2 Provider
 
 This provider supports both generic OAuth2 as well as OpenID Connect
 
-Scopes can be configured using Scope Mappings, a type of [Property Mappings](../property-mappings/index.md#scope-mapping).
+Scopes can be configured using Scope Mappings, a type of [Property Mappings](../property-mappings/#scope-mapping).
 
 | Endpoint             | URL                                                                  |
 | -------------------- | -------------------------------------------------------------------- |

website/docs/providers/saml.md

@@ -2,7 +2,7 @@
 title: SAML Provider
 ---
 
-This provider allows you to integrate enterprise software using the SAML2 Protocol. It supports signed requests and uses [Property Mappings](../property-mappings/index.md#saml-property-mapping) to determine which fields are exposed and what values they return. This makes it possible to expose vendor-specific fields.
+This provider allows you to integrate enterprise software using the SAML2 Protocol. It supports signed requests and uses [Property Mappings](../property-mappings/#saml-property-mapping) to determine which fields are exposed and what values they return. This makes it possible to expose vendor-specific fields.
 Default fields are exposed through auto-generated Property Mappings, which are prefixed with "authentik default".
 
 | Endpoint               | URL                                                            |

website/docs/releases/v0.11.md

@@ -5,7 +5,7 @@ slug: "0.11"
 
 This update brings these headline features:
 
-- Add Backup and Restore, currently only externally schedulable, documented [here](../maintenance/backups/index.md)
+- Add Backup and Restore, currently only externally schedulable, documented [here](../maintenance/backups/)
 - New Admin Dashboard with more metrics and Charts
 
     Shows successful and failed logins from the last 24 hours, as well as the most used applications

website/docs/releases/v2021.1.md

@@ -8,7 +8,7 @@ slug: "2021.1"
 - New versioning schema (year.month.release)
 - Add global email settings
 
-    In previous versions, you had to configure email connection details per [Email Stage](../flow/stages/email/index.md). Now, you can (and should) configure global settings.
+    In previous versions, you had to configure email connection details per [Email Stage](../flow/stages/email/). Now, you can (and should) configure global settings.
 
     This is documented under the [docker-compose](../installation/docker-compose.md) and [Kubernetes](../installation/kubernetes.md) sections.
 

website/docs/releases/v2021.12.md

@@ -103,6 +103,54 @@ This release does not have any headline features, and mostly fixes bugs.
 - web/elements: close dropdown when refresh event is dispatched
 - web/user: allow custom font-awesome icons for applications
 
+## Fixed in 2021.12.1-rc4
+
+- core: fix error when using invalid key-values in attributes query
+- flows: fix error in inspector view
+- flows: fix error when trying to print FlowToken objects
+- lib: correctly report "faked" IPs to sentry
+- outposts: add additional checks for websocket connection
+- outposts: cleanup logs for failed binds
+- outposts: don't try to create docker client for embedded outpost
+- outposts: fix docker controller not stopping containers
+- outposts: fix unlabeled transaction
+- outposts: handle RuntimeError during websocket connect
+- outposts: rewrite re-connect logic without recws
+- outposts: set display name for outpost service account
+- outposts/ldap: fix searches with mixed casing
+- outposts/proxy: use filesystem storage for non-embedded outposts
+- policies: don't always clear application cache on post_save
+- stagse/authenticator_webauthn: remove pydantic import
+- web: fix borders of sidebars in dark mode
+
+## Fixed in 2021.12.1-rc5
+
+- crypto: add additional validation before importing a certificate
+- events: add flow_execution event type
+- events: fix schema for top_per_user
+- flows: fix wrong exception being caught in flow inspector
+- outposts: reset backoff after successful connect
+- outposts/proxy: fix securecookie: the value is too long again, since it can happen even with filesystem storage
+- providers/oauth2: add additional logging to show with token path is taken
+- providers/oauth2: use generate_key instead of uuid4
+- sources/ldap: fix incorrect task names being referenced, use source native slug
+- sources/oauth: add initial okta type
+- sources/oauth: allow oauth types to override their login button challenge
+- sources/oauth: implement apple native sign-in using the apple JS SDK
+- sources/oauth: strip parts of custom apple client_id
+- stages/authenticator_webauthn: make user_verification configurable
+- stages/identification: fix miscalculated sleep
+- stages/invitation: use GroupMemberSerializer serializer to prevent all of the user's groups and their users from being returned
+- web: add link to open API Browser for API Drawer
+- web/admin: add dashboard with user creation/login statistics
+- web/admin: fix invalid display for LDAP Source sync status
+- web/admin: fix rendering for applications on view page
+- web/admin: fix rendering of applications with custom icon
+- web/admin: improve wording for froward_auth, don't show setup when using proxy mode
+- web/admin: show warning when deleting currently logged in user
+- web/admin: update overview page
+- web/flows: fix error when attempting to enroll new webauthn device
+
 ## Upgrading
 
 This release does not introduce any new requirements.

website/docs/releases/v2021.2.md

@@ -116,11 +116,11 @@ Due to the switch to managed objects, some default property mappings are changin
 The change affects the "SAML Name" property, which has been changed from an oid to a Schema URI to aid readability.
 
 The integrations affected are:
-- [Ansible Tower/AWX](/integrations/services/awx-tower/index)
-- [GitLab](/integrations/services/gitlab/index)
-- [NextCloud](/integrations/services/nextcloud/index)
-- [Rancher](/integrations/services/rancher/index)
-- [Sentry](/integrations/services/sentry/index)
+- [Ansible Tower/AWX](/integrations/services/awx-tower/)
+- [GitLab](/integrations/services/gitlab/)
+- [NextCloud](/integrations/services/nextcloud/)
+- [Rancher](/integrations/services/rancher/)
+- [Sentry](/integrations/services/sentry/)
 
 ### docker-compose