* core: add support to set policy bindings in transactional endpoint
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* improve permission checks
especially since we'll be using the wizard as default in the future, it shouldn't be superuser only
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* rebase, fix error response when using duplicate name in provider
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add permission test
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* providers/ldap: fix global search_full_directory permission not being sufficient
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use full name of permission
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* lifecycle: fix ak exit status not being passed
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use waitstatus_to_exitcode
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* providers/oauth2: fix manual device code entry
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make code input a char field to prevent leading 0s from being cut off
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* core: add ability to provide reason for impersonation
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* tenants api things
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* add missing implem
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* A tooltip needs a DOM object to determine the coordinates where it should render. A solitary string is not enough; a is needed here.
* web: user impersonation reason
To determine where to render the Tooltip content, the object associated with the Tooltip must be a DOM object with an HTML tag. A naked string is not enough; a `<span>` will do nicely here.
Also, fixed a build failure: PFSize was not defined in RelatedUserList.
* add and fix tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* avoid migration change
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* small fixes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
---------
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Co-authored-by: Ken Sternberg <ken@goauthentik.io>
* core: add prompt_data to auth flow (#11702)
I added the prompt_data and user_path to the auth flow. This allows us to more easily sync users details whenever they're logged in through a Source by using the Write stage, identical to an Enrolment flow.
This makes sure that mappings etc are automatically taken into consideration, and are passed to the Authentication flow.
While I was at it, I made the code consistent with the `handle_enroll` method.
Signed-off-by: Wouter van Os <wouter0100@gmail.com>
* updates
* and remove errant .py file that somwhow snuck into the PR! also removed errant api ref files remove old images
* tweak to bumb build
* tweaks
* more tweaks
* removed extraneous old settings
* Update website/integrations/services/vmware-vcenter/index.md
Co-authored-by: Jens L. <jens@goauthentik.io>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
* Update website/integrations/services/vmware-vcenter/index.md
Co-authored-by: Jens L. <jens@goauthentik.io>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
* Update website/integrations/services/vmware-vcenter/index.md
Co-authored-by: Jens L. <jens@goauthentik.io>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
* Update website/integrations/services/vmware-vcenter/index.md
Co-authored-by: Jens L. <jens@goauthentik.io>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
* Update website/integrations/services/vmware-vcenter/index.md
Co-authored-by: Jens L. <jens@goauthentik.io>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
* Update website/integrations/services/vmware-vcenter/index.md
Co-authored-by: Jens L. <jens@goauthentik.io>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
* Update website/integrations/services/vmware-vcenter/index.md
Co-authored-by: Jens L. <jens@goauthentik.io>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
* Update website/integrations/services/vmware-vcenter/index.md
Co-authored-by: Jens L. <jens@goauthentik.io>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
* Update website/integrations/services/vmware-vcenter/index.md
Co-authored-by: Jens L. <jens@goauthentik.io>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
* Update website/integrations/services/vmware-vcenter/index.md
Co-authored-by: Jens L. <jens@goauthentik.io>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
* formatting
* tweak
* why not saved before argh
---------
Signed-off-by: Wouter van Os <wouter0100@gmail.com>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Wouter van Os <wouter0100@gmail.com>
Co-authored-by: Tana M Berry <tana@goauthentik.com>
Co-authored-by: Jens L. <jens@goauthentik.io>
* add password policy to default password change flow
This change complies with the minimal compositional requirements by
NIST SP 800-63 Digital Identity Guidelines. See
https://pages.nist.gov/800-63-4/sp800-63b.html#password
More work is needed to comply with other parts of the Guidelines,
specifically
> If the chosen password is found on the blocklist, the CSP or verifier
> [...] SHALL provide the reason for rejection.
and
> Verifiers SHALL offer guidance to the subscriber to assist the user in
> choosing a strong password. This is particularly important following
> the rejection of a password on the blocklist as it discourages trivial
> modification of listed weak passwords.
* add docs for default Password policy
* remove HIBP from default Password policy
* add zxcvbn to default Password policy
* add fallback password error message to password policy, fix validation policy
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* reword docs
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com>
* add HIBP caveat
Co-authored-by: Jens L. <jens@goauthentik.io>
Signed-off-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com>
* separate policy into separate blueprint
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use password policy for oobe flow
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* kiss
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
