habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,921 Commits 205 Branches 395 Tags
13b25432215fffecf6b5b3fb0bd34e81a59b3c21
Commit Graph

164 Commits

Author SHA1 Message Date
Jens L.
520148bba4 root: Backport version change (#12146) 
* release: 2024.10.3

* release: 2024.10.4
 2024-11-22 01:51:30 +01:00
Jens L.
85bb638243 security: fix CVE 2024 52289 (#12113) 
* initial migration

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* migrate tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix loading

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* start dynamic ui

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* initial ui

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add serialize

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add error message handling

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix/add tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* prepare docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* migrate to new input

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2024-11-21 14:46:43 +01:00
Jens L.
6702f34b40 release: 2024.10.2 (#12031) 2024-11-15 00:53:40 +01:00
Simonyi Gergő
6b155621fe blueprints: add default Password policy (#11793) 
* add password policy to default password change flow

This change complies with the minimal compositional requirements by
NIST SP 800-63 Digital Identity Guidelines. See
https://pages.nist.gov/800-63-4/sp800-63b.html#password

More work is needed to comply with other parts of the Guidelines,
specifically

> If the chosen password is found on the blocklist, the CSP or verifier
> [...] SHALL provide the reason for rejection.

and

> Verifiers SHALL offer guidance to the subscriber to assist the user in
> choosing a strong password. This is particularly important following
> the rejection of a password on the blocklist as it discourages trivial
> modification of listed weak passwords.

* add docs for default Password policy

* remove HIBP from default Password policy

* add zxcvbn to default Password policy

* add fallback password error message to password policy, fix validation policy

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* reword docs

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com>

* add HIBP caveat

Co-authored-by: Jens L. <jens@goauthentik.io>
Signed-off-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com>

* separate policy into separate blueprint

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use password policy for oobe flow

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* kiss

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
 2024-11-11 13:31:30 +01:00
Jens L.
4f1ddc5779 stages/captcha: Run interactive captcha in Frame (#11857) 
* initial turnstile frame

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add interactive flag

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add interactive support for all

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix missing migration

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* don't hide in identification stage if interactive

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fixup

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* require less hacky css

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2024-11-11 13:20:49 +01:00
Simonyi Gergő
0a862e4fff root: backport version bump 2024.10.1 (#11929) 
release: 2024.10.1
 2024-11-05 20:29:31 +01:00
Jens L.
7352f37b05 enterprise/rac: fix API Schema for invalidation_flow (#11907) 
* enterprise/rac: fix API Schema for invalidation_flow

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2024-11-04 19:33:31 +01:00
Simonyi Gergő
8245d08ddb root: backport version bump 2024.10.0 (#11868) 
* release: 2024.10.0-rc1

* root: `bumpversion` 2024.10 (#11865)

release: 2024.10.0
 2024-10-31 00:39:41 +01:00
Marc 'risson' Schmitt
c38adcf25a sources/kerberos: add kiprop to ignored system principals (#11852) 2024-10-29 17:30:33 +01:00
Simonyi Gergő
9ee0ba141c stages/identification: add captcha to identification stage (#11711) 
* add captcha to identification stage

* simplify component invocations

* fail fast on `onTokenChange` default behavior

* reword docs

* rename `token` to `captcha_token` in Identification stage contexts

(In Captcha stage contexts the name `token` seems well-scoped.)

* use `nothing` instead of ``` html`` ```

* remove rendered Captcha component from document flow on Identification stages

Note: this doesn't remove the captcha itself, if interactive, only the loading
indicator.

* add invisible requirement to captcha on Identification stage

* stylize docs

* add friendlier error messages to Captcha stage

* fix tests

* make captcha error messages even friendlier

* add test case to retriable captcha

* use default

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
 2024-10-25 08:13:35 +02:00
Jens L.
3bdb287b78 providers/oauth2: fix amr claim not set due to login event not associated (#11780) 
* providers/oauth2: fix amr claim not set due to login event not associated

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add sid claim

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* import engine only once

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove manual sid extraction from proxy, add test, make session key hashing more obvious

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* unrelated string fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2024-10-23 21:29:18 +02:00
Marc 'risson' Schmitt
d817c646bd sources: add Kerberos (#10815) 
* sources: introduce new property mappings per-user and group

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* sources/ldap: migrate to new property mappings

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* lint-fix and make gen

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* web changes

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* fix tests

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* update tests

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* remove flatten for generic implem

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* rework migration

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* lint-fix

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* wip

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* fix migrations

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* re-add field migration to property mappings

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* fix migrations

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* more migrations fixes

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* easy fixes

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* migrate to propertymappingmanager

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* ruff and small fixes

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* move mapping things into a separate class

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* migrations: use using(db_alias)

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* migrations: use built-in variable

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* add docs

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* add release notes

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* wip

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* wip

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* wip

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* wip

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* wip

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* wip

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* wip

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* wip

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* lint

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* fix login reverse

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* wip

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* wip

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* refactor source flow manager matching

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* kerberos sync with mode matching

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* fixup

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* wip

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* finish frontend

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* Optimised images with calibre/image-actions

* make web

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* add test for internal password update

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* fix sync tests

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* fix filter

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* switch to blueprints property mappings, improvements to frontend

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* some more small fixes

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* fix reverse

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* properly deal with password changes signals

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* actually deal with it properly

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* fix

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* update docs

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* fix

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* fix

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* lint-fix

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* blueprints: realm as group: make it non default

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* small fixes and improvements

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* wip

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* fix title

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* add password backend to default flow

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* link docs page properly, add in admin interface, add suggestions for how to apply changes to a fleet of machines

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* add troubleshooting

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* fix default flow pass backend

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* fix flaky spnego tests

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* lint

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* properly convert gssapi name to python str

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* fix unpickable types

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* make sure the last server token is returned to the client

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* lint

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* Update website/docs/developer-docs/setup/full-dev-environment.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* Update website/docs/users-sources/sources/protocols/kerberos/browser.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* Update website/docs/users-sources/sources/protocols/kerberos/browser.md

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* Update website/docs/users-sources/sources/protocols/kerberos/browser.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* Update website/docs/users-sources/sources/protocols/kerberos/browser.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* Update website/docs/users-sources/sources/protocols/kerberos/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* Update website/docs/users-sources/sources/protocols/kerberos/index.md

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* Update website/docs/users-sources/sources/protocols/kerberos/index.md

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* Update website/docs/users-sources/sources/protocols/kerberos/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* Update website/docs/users-sources/sources/protocols/kerberos/browser.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* Update website/docs/users-sources/sources/protocols/kerberos/browser.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* Update website/docs/users-sources/sources/protocols/kerberos/browser.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* Update website/docs/users-sources/sources/protocols/kerberos/browser.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* Update website/docs/users-sources/sources/protocols/kerberos/browser.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* Update website/docs/users-sources/sources/protocols/kerberos/browser.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* Update website/docs/users-sources/sources/protocols/kerberos/browser.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* Update website/docs/users-sources/sources/protocols/kerberos/browser.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* Update website/docs/users-sources/sources/protocols/kerberos/browser.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* Update website/docs/users-sources/sources/protocols/kerberos/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* Update website/docs/users-sources/sources/protocols/kerberos/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* Update website/docs/users-sources/sources/protocols/kerberos/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* Update website/docs/users-sources/sources/protocols/kerberos/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* Update website/docs/users-sources/sources/protocols/kerberos/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* Update website/docs/users-sources/sources/protocols/kerberos/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* Update website/docs/users-sources/sources/protocols/kerberos/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* Update website/docs/users-sources/sources/protocols/kerberos/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* Update website/docs/users-sources/sources/protocols/kerberos/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* Update website/docs/users-sources/sources/protocols/kerberos/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* Update website/docs/users-sources/sources/protocols/kerberos/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* Update website/docs/users-sources/sources/protocols/kerberos/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* Update website/docs/users-sources/sources/protocols/kerberos/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* Update website/docs/users-sources/sources/protocols/kerberos/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* Update website/docs/users-sources/sources/protocols/kerberos/index.md

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* Update website/docs/users-sources/sources/protocols/kerberos/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* more docs review

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* fix missing library

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* fix missing library again

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* fix web import

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* fix sync

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* fix sync v2

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* fix sync v3

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

---------

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
 2024-10-23 17:58:29 +02:00
Jens L.
cec3fdb612 stages: authenticator_endpoint_gdtc (#10477) 
* rework

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add loading overlay for chrome

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* start docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Apply suggestions from code review

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>

* save data

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix web ui, prevent deletion

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* text fixes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
 2024-10-22 22:46:46 +02:00
Jens L.
47206d3328 providers/oauth2: add initial JWE support (#11344) 
* providers/oauth2: add initial JWE support

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* re-migrate, only set id_token_encryption_* when encryption key is set

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add jwks test with encryption

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2024-10-17 14:04:19 +02:00
Jens L.
075944abba providers/scim: add option to ignore SCIM server cert (#11437) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2024-10-14 17:03:58 +02:00
Jens L.
5b66dbe890 flows: provider invalidation (#5048) 
* add initial

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add web stage for session end

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* migrate saml and tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* cleanup

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* group flow settings when providers have multiple flows

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* adjust name for default provider invalidation

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* re-make migrations

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add invalidation_flow to saml importer

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* re-do migrations again

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update web stuff to get rid of old libraries

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make unbind flow for ldap configurable

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* unrelated: fix flow inspector

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* handle invalidation_flow as optional, as it should be

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* also fix ldap outpost

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* don't generate URL in client

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* actually make it work???

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix migration breaking things...?

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* start fixing tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix fallback

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* re-migrate

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix duplicate flow setting

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add migration

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix race condition with brand

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix oauth test

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix SAML tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add to wizard, fix required

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make required, start release notes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2024-10-14 15:35:12 +02:00
Nicolas
77c595a0fd sources/saml: fix NameIDFormat descriptor in metadata generation (#11614) 
* source/saml - Changed namespace of X509SSubjectName NameIDFormat

Under the SAML2 Core spec
(http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf)
8.3.3 the URI of the 5.509 Subject Name contains SAML:1.1 and not
SAML:2.0

* source/saml - Change NameIDFormat descriptor build logic to only append chosen format for the source.

* Merge diff
 2024-10-11 14:27:36 +02:00
Jens L.
975b6e53a6 release: 2024.8.3 (#11542) 2024-09-27 16:58:04 +02:00
Jens L.
ba28e6de41 security: fix CVE-2024-47070 (#11536) 
* security: fix CVE-2024-47070

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Update website/docs/security/CVE-2024-47070.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
 2024-09-27 16:18:37 +02:00
Jens L.
5822653155 release: 2024.8.2 (#11395) 2024-09-16 15:02:51 +02:00
Jens L.
b8ae028d4d root: backport release 2024.8.1 (#11273) 
release: 2024.8.1
 2024-09-08 01:35:15 +02:00
Jens L.
02ae099bdf root: version 2024.8 backport (#11166) 
* schemas: fix XML Schema loading...for some reason?

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* release: 2024.8.0-rc1

* release: 2024.8.0

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

# Conflicts:
#	.bumpversion.cfg

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2024-09-03 14:41:40 +02:00
Jens L.
a6225ad7a7 root: backport version bump (#11045) 
* fix outpost form not loading apps for correct type

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix bug from previous pr

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* release: 2024.6.4

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2024-08-23 16:33:07 +02:00
Jens L.
eb5842fa5a rbac: generate blueprint schema permissions from defined models not DB (#10962) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2024-08-19 13:44:13 +02:00
Jens L.
d577152f83 providers/SAML: encryption support (#10934) 
* providers/saml: add option to sign assertion and or response

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add encryption

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add form option

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add tests for API

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2024-08-17 21:10:28 +02:00
Jens L.
8f53d0b9f3 providers/ldap: Remove search group (#10639) 
* remove search_group

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make api operations cleaerer

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix migration

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* actually use get

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use correct api client for ldap

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix migration

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* unrelated: fix migration warning

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* unrelated: fix styling issue in dark mode

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* unrelated-ish fix button order in wizard

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* unrelated: fix missing css import

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Optimised images with calibre/image-actions

* Update index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>

* Update index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>

* Apply suggestions from code review

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>

* update release notes based on new template

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
 2024-08-14 16:31:11 +02:00
Jens L.
a073b7a5b1 enterprise: add support for license flags (#10842) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2024-08-09 22:20:01 +02:00
Jens L.
4b5bb77d99 enterprise: UI improvements, better handling of expiry (#10828) 
* web/admin: show enterprise banner on the very top

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* rework license

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix a bunch of things

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add some more tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add more tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix middleware

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* better api

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add tests for and fix read only mode

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* field name consistency

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2024-08-09 14:26:38 +02:00
Marc 'risson' Schmitt
68af5b0572 sources/plex: add property mappings (#10772) 2024-08-08 11:36:24 +02:00
Nicolas
19c3f7dd80 sources/saml: Basic support for EncryptedAssertion element. (#10099) 
* source/saml: Updated backend for encrypted assertion support

* source/saml: all lint-fix checks passed

* source/saml: Used Optional type instead of union, on enc_key_descriptor type hint

* source/saml: request_encrypted_assertion model field migration

* source/saml: Added 'noqa' comment to type hint on encryption key descriptor

* small fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add to UI

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add some error handling

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* sources/saml: Pivot to encryption_kp model field, instead of request_encryption bool

* sources/saml: Typo fix

* re-create migrations

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update web

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add to release notes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* unrelated fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add improve error handling, add tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* test metadata with encryption and remove WantAssertionsEncrypted since it's not in the schema

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* unrelated fix to radius path

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix unrelated fix...sigh

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* re-migrate

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
 2024-08-07 19:58:28 +02:00
Marc 'risson' Schmitt
83b02a17d5 sources: add property mappings for all oauth and saml sources (#8771) 
Co-authored-by: Jens L. <jens@goauthentik.io>
 2024-08-07 19:14:22 +02:00
Simonyi Gergő
f7b16ed723 policies: add GeoIP policy (#10454) 
* add GeoIP policy

* handle empty lists of ASNs and countries

* handle missing GeoIP database or missing IP from the database

The exceptions raised here are `PolicyException`s to let admins bypass
an execution failure.

* fix translations

whoops

* remove `GeoIPPolicyMode`

Use the policy binding's `negate` option instead

* fix `DataProvision` typing

`ak-dual-select-provider` can handle unpaginated data

* use `django-countries` instead of a static list of countries for ISO-3166

* simplify `GeoIPPolicyForm`

* pass `GeoIPPolicy` on empty policy

* add backend tests to `GeoIPPolicy`

* revise translations

* move `iso-3166/` to `policies/geoip_iso3166/`

* add client-side caching to ISO3166 API call

* fix `GeoIPPolicy` creation

The automatically generated APIs can't seem to handle `CountryField`,
so I'll have to do this by hand too.

* add docs for GeoIP Policy

* docs: stylize

add review suggestions from @tanberry

* refactor `GeoIPPolicy` API

It is now as declarative as I could make it.

* clean up `api.py` and `views.py`
 2024-08-06 10:37:29 +00:00
Jens Langhammer
4363c899ac release: 2024.6.3 2024-08-05 20:08:28 +02:00
Jens L.
d24e2abe7f rbac: rework API for terraform, add blueprint support (#10698) 
* rbac: rework API slightly to improve terraform compatibility

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* sigh https://www.django-rest-framework.org/api-guide/filtering/#filtering-and-object-lookups

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add permission support for users global permissions

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add role support to blueprints

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix yaml tags

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add generated read-only role

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix web

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make permissions optional

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add object permission support to blueprints

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests kinda

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add more tests and fix bugs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2024-08-02 16:34:30 +02:00
Jens Langhammer
e60c36b889 release: 2024.6.2 2024-08-01 01:13:29 +02:00
Marc 'risson' Schmitt
3b1c42776b sources/scim: add property mappings (#10650) 
* sources/scim: add property mappings

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* fix filterset

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* fix doc link

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* lint

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

---------

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
 2024-07-29 22:32:51 +02:00
Jens L.
61c6887e82 providers/radius: Add support for custom attributes (#10509) 
* unrelated: show logs for failed blueprints

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add dictionaries

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* unrelated: remove some unused api functions

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add initial api

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* placeholder backend

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* idk

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add proper mappings

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2024-07-25 19:08:33 +02:00
Marc 'risson' Schmitt
ced4533890 sources/ldap: rename ldappropertymapping to ldapsourcepropertymapping (#10606) 2024-07-25 16:09:36 +02:00
Marc 'risson' Schmitt
e65b905301 sources: refactor user connection api (#10607) 2024-07-25 14:16:50 +02:00
Jens L.
5a8d580c86 core: b2c improvements p1 (#9257) 
* add default app and restrict

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* also pass raw email token for custom email templates

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* revoke access token when user logs out

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remigrate

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add command to change user types

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add some docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* blankable

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* actually fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2024-07-23 11:10:38 +02:00
Marc 'risson' Schmitt
1a6ac4740d sources: introduce new property mappings per user and group (#8750) 
* sources: introduce new property mappings per-user and group

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* sources/ldap: migrate to new property mappings

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* lint-fix and make gen

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* web changes

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* fix tests

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* update tests

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* remove flatten for generic implem

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* rework migration

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* lint-fix

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* wip

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* fix migrations

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* re-add field migration to property mappings

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* fix migrations

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* more migrations fixes

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* easy fixes

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* migrate to propertymappingmanager

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* ruff and small fixes

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* move mapping things into a separate class

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* migrations: use using(db_alias)

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* migrations: use built-in variable

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* add docs

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* add release notes

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

---------

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
 2024-07-22 15:26:22 +02:00
Jens L.
6abbe1dd4b web: fix mismatched button labels for boundpolicy and boundstage list (#10551) 
* remove wrong help text for multi select

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make labelling for create and and bind existing more consistent

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix oobe missing label

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix application library empty state not shown

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix missing formatting for title on access denied stage

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2024-07-19 17:51:28 +02:00
Ken Sternberg
b0507d2063 web: provide 'show password' button (#10337) 
* web: fix esbuild issue with style sheets

Getting ESBuild, Lit, and Storybook to all agree on how to read and parse stylesheets is a serious
pain. This fix better identifies the value types (instances) being passed from various sources in
the repo to the three *different* kinds of style processors we're using (the native one, the
polyfill one, and whatever the heck Storybook does internally).

Falling back to using older CSS instantiating techniques one era at a time seems to do the trick.
It's ugly, but in the face of the aggressive styling we use to avoid Flashes of Unstyled Content
(FLoUC), it's the logic with which we're left.

In standard mode, the following warning appears on the console when running a Flow:

```
Autofocus processing was blocked because a document already has a focused element.
```

In compatibility mode, the following **error** appears on the console when running a Flow:

```
crawler-inject.js:1106 Uncaught TypeError: Failed to execute 'observe' on 'MutationObserver': parameter 1 is not of type 'Node'.
    at initDomMutationObservers (crawler-inject.js:1106:18)
    at crawler-inject.js:1114:24
    at Array.forEach (<anonymous>)
    at initDomMutationObservers (crawler-inject.js:1114:10)
    at crawler-inject.js:1549:1
initDomMutationObservers @ crawler-inject.js:1106
(anonymous) @ crawler-inject.js:1114
initDomMutationObservers @ crawler-inject.js:1114
(anonymous) @ crawler-inject.js:1549
```

Despite this error, nothing seems to be broken and flows work as anticipated.

* web: provide `show password` on login page

Provide a `show password` icon, text, and button for the password field both in the
IdentificationStage and the PasswordStage. Essentially the same code for both, although the id of
the password field is unique to each.

Requested by Cloudflare.  Seems to be a common thing anyway.

Should it be an administrative option that this facility is available?  From where should I derive
that information?  I suspect the answer is "a site attribute," but I'd like to get confirmation.

* web: comment doesn't need to be exposed. It's sufficient where it is .

* web: fix button rendering issues

During testing, the buttons did not change as expected.  We are using pure DOM
state to control the look of the button, and avoiding using `.requestUpdate()`
to avoid losing customer input, so depending upon Lit to re-render just the
button was an error.

This commit goes old-school and updates the button's label and icon using
standard DOM features, although we do lean into Lit-html`s `render()`
function to create the DOM component for the icon.

* web: provide `show password` on login page

Provide a `show password` icon, text, and button for the password field both in the
IdentificationStage and the PasswordStage. Essentially the same code for both, although the id of
the password field is unique to each.

Provide a configuration detail server-side to allow administrator to enable or disable the 'show
password' feature.  Off by default.

Requested by Cloudflare.  Seems to be a common thing anyway.  Making it configurable wasn't in
Cloudfare's request, but it seemed logical to add.

* ensure the tests pass; quibbling over the wording of the admin field continues.

* Removed some manually identified fluff.

* web: break out `show password`-enabled input field into its own component

Provides a `show password` field, but as a LightDOM-oriented web component. This form of
input[type="password"] is for flows only, as it has a number of specializations for understanding a
flow's validating round-trip, possible error messages within the challenge, and is left within the
LightDOM both to support compatibility issues and to avoid using `elementInterals`, which is a DOM
feature not supported by some older browsers.

Avoids having to maintain two different instances of the same logic, both for permitting 'show
password', and for handling it.

* web: update PasswordStageForm according to lit-analyzer

With lit-analyzer in the mix and functional, we're seeing new complaints about
inconsistent typing in lit objects, and this was one of them.

* Another lit-analyze error found.
 2024-07-15 18:14:46 -07:00
Jens Langhammer
f6a9773930 release: 2024.6.1 2024-07-11 22:50:33 +02:00
Marc 'risson' Schmitt
35cd126406 release: 2024.6.0-rc1 2024-06-14 18:42:26 +02:00
Jens L
7bb90b1661 providers/microsoft_entra: fix error when updating connection attributes (#10039) 
* providers/microsoft_entra: fix error when updating connection attributes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* include URL to field references

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* only set gws user password when creating by default

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* merge instead of replace connection attributes

an update might not return all attributes so we don't want to fully replace the attributes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2024-06-11 16:03:23 +09:00
Jens L
6cf418a37e stages/captcha: rework (#9959) 
* stages/captcha: rework

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update form with continue option

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update docs, add notes for scores

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* also only raise error from success if needed

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* return full data

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2024-06-04 18:25:38 +09:00
Jens L
95d26563e7 providers/oauth2: don't handle api scope as special scope (#9910) 
* providers/oauth2: don't handle api scope as special scope

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make default scope selection less magic

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ensure missing folder exists

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix duplicate name

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2024-06-01 17:16:56 +09:00
Jens L
50fffa72cc lib/providers/sync: improve outgoing sync (#9835) 
* make connection objects not updatable but allow creating with provider

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* save data returned from google/entra and show it in UI

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* pass connection object

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* set immutable id on user automatically

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* better define transient error codes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix entra

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2024-05-30 10:40:10 +09:00
Jens L
99ad492951 enterprise/providers/microsoft_entra: initial account sync to microsoft entra (#9632) 
* initial

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add entra mappings

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix some stuff

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make API endpoints more consistent

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* implement more things

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add user tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix most group tests + fix bugs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more group tests, fix bugs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix missing __init__

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add ui for provisioned users

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix a bunch of bugs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add `creating` to property mapping env

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* always sync group members

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix stuff

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix group membership

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix some types

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add group member add test

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* create sync status component to dedupe

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix discovery tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* get rid of more code and fix more issues

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add error handling for auth and transient

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make sure autoretry is on

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format web

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* wait for task in signal

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add squashed google migration

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2024-05-09 15:41:23 +02:00