84b5992e55
ci: bump golangci/golangci-lint-action from 6 to 7 ( #13661 )
...
* ci: bump golangci/golangci-lint-action from 6 to 7
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action ) from 6 to 7.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases )
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v6...v7 )
---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
* fix lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix v2
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix v3
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: dependabot[bot] <support@github.com >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2025-03-26 18:03:20 +01:00
94eff50306
root: redis, make sure tlscacert isn't an empty string ( #12407 )
...
* root: redis, make sure tlscacert isn't an empty string
* make TLSCaCert a string instead of pointer
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2025-01-13 20:14:26 +01:00
40a7135c0c
core: app entitlements ( #12090 )
...
* core: initial app entitlements
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* base off of pbm
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add tests and oauth2
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add to proxy
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rewrite to use bindings
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make policy bindings form and list more customizable
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* double fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* refine permissions
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add missing rbac modal to app entitlements
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* separate scope for app entitlements
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* include entitlements mapping in proxy
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add API validation to prevent policies from being bound to entitlements
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make preview
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add initial docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove duplicate docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-12-18 14:32:44 +01:00
a892d4afd8
providers/proxy: fix Issuer when AUTHENTIK_HOST_BROWSER is set ( #11968 )
...
correctly use host_browser's hostname as host header for token requests to ensure Issuer is identical
2024-11-13 00:54:40 +01:00
f482937474
providers/proxy: fix handling of AUTHENTIK_HOST_BROWSER ( #11722 )
...
* providers/proxy: fix handling of AUTHENTIK_HOST_BROWSER (#9622/#4688/#6476)
* chore: fix tests
2024-10-24 16:34:45 +02:00
ad3820c11c
providers/proxy: fix panic, keep session storages open ( #11439 )
...
* fix panic when redis connection fails
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-use session when refreshing apps
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-09-19 23:05:58 +02:00
171d0f55cb
providers/proxy: fix URL path getting lost when partial URL is given to rd= ( #11354 )
...
* providers/proxy: fix URL path getting lost when partial URL is given to rd=
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* better fallback + tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-09-12 18:02:08 +02:00
b8560f2a86
providers/proxy: bump go-oidc to v3 ( #10432 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-07-10 12:54:45 +02:00
c45bb8e985
providers/proxy: rework redirect mechanism ( #8594 )
...
* providers/proxy: rework redirect mechanism
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add session id, don't tie to state in session
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* handle state failing to parse
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* save session after creating state
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove debug
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* include task expiry in status
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix redirect URL detection
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-05-06 03:07:08 +02:00
a742331484
root: make redis settings more consistent ( #9335 )
...
* make redis settings more consistent
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add support to go
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rewrite url
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix redis connect in wait_for_db
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* censor password when logging error
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* reword docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add redis url generation helper
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-04-18 16:49:41 +02:00
1b81973358
outposts/proxy: Fix invalid redirect on external hosts containing path components ( #8915 )
...
* outposts/proxy: Fix invalid redirect on external hosts containing path components
Signed-off-by: Max <github@germancoding.com >
* outposts/proxy: Fix test for changed redirect logic
Signed-off-by: Max <github@germancoding.com >
---------
Signed-off-by: Max <github@germancoding.com >
2024-03-19 20:31:08 +01:00
104e70c383
root: support redis username ( #8935 )
2024-03-18 12:44:38 +01:00
d54b410429
outposts/proxy: better Redis error message ( #8044 )
...
* outposts/proxy: better Redis error message
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update internal/outpost/proxyv2/application/session.go
Co-authored-by: Jens L. <jens@goauthentik.io >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
---------
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Co-authored-by: Jens L. <jens@goauthentik.io >
2024-01-02 20:01:53 +00:00
1ea3dae5ac
providers/proxy: use access token ( #8022 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-12-30 16:36:43 +01:00
729ef4d786
root: bump python deps (django 5) ( #7862 )
...
* bump python deps
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* vendor pickle serializer for now
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
#7761
* cleanup some things and re-build api scheme
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix web and go
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* actually fix go...?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* better annotate json fields
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use jsondictfield wherever
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove all virtualenvs?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* ?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* final version bump
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-12-18 22:07:59 +01:00
dc7ffba8fa
internal: remove special route for /outpost.goauthentik.io ( #7539 )
...
With this special route for outpost.goauthentik.io, misdirected requests to /outpost.goauthentik.io/auth/start will create a cookie for the domain authentik is accessed under, which will cause issues with the actual full auth flow. Requests to /outpost.goauthentik.io will still be routed to the outpost, but with this change only when the hostname matches
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-11-13 17:39:40 +01:00
695719540b
providers/proxy: Fix duplicate cookies when using file system store. ( #7541 )
...
Fix duplicate cookies when using file system store.
2023-11-13 15:33:49 +01:00
4080080acd
internal: remove deprecated metrics ( #7540 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-11-13 14:48:37 +01:00
dd4e9030b4
providers/proxy: fix closed redis client ( #7385 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-11-03 15:19:21 +01:00
7d91842e8a
providers/proxy: attempt to fix duplicate cookie ( #7324 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-10-27 00:41:13 +02:00
dd7d3bf738
providers/proxy: fix redis cookies missing strict path ( #7135 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-10-10 12:17:35 +02:00
4db365c947
providers/proxy: improve SLO by backchannel logging out sessions ( #7099 )
...
* outposts: add support for provider-specific websocket messages
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* providers/proxy: add custom signal on logout to logout in provider
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-10-09 01:06:52 +02:00
efb2823391
internal: fix redis session store ( #7011 )
2023-09-28 21:06:27 +02:00
c93c6ee6f9
root: replace boj/redistore with vendored version of rbcervilla/redisstore ( #6988 )
...
* root: replace boj/redistore with vendored version of rbcervilla/redisstore
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* setup env for go tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-09-26 18:56:37 +02:00
1410169af1
providers/proxy: fix JWKS url in embedded outpost ( #6644 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-08-28 00:52:01 +02:00
9e29789c09
root: fix config loading for outposts ( #6640 )
...
* root: fix config loading for outposts
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix error handling
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* improve check to see if outpost is embedded or not
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* also fix oauth url fetching
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-08-26 19:40:48 +02:00
f6b144a0fa
providers/proxy: only intercept auth header when a value is set ( #6488 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-08-06 01:18:20 +02:00
0782b3b0fa
providers/proxy: set outpost session cookie to httponly and secure wh… ( #6482 )
...
* providers/proxy: set outpost session cookie to httponly and secure when possible
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* set samesite too
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-08-05 22:09:27 +02:00
a2714ab1f1
outposts: make metrics compliant with Prometheus best-practices ( #6398 )
...
web/outpost: make metrics compliant with Prometheus best-practices
Today, all NewHistogramVec store values in nanoseconds without changing
the default histogram bucket, which are made for seconds, making them
a bit useless. In addition, some metrics names are not self-explanatoryand
and do not comply with Prometheus best practices.
This commit tries to fix all of this "issues".
NOTE: I kept old metrics in order to avoid breaking changes with
existing dashboards and metrics.
Signed-off-by: Alexandre NICOLAIE <xunleii@users.noreply.github.com >
2023-07-27 18:51:08 +02:00
906faf9cce
providers/proxy: fix panic when claims in session were nil ( #5569 )
...
* providers/proxy: fix panic when claims in session were nil
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add new options
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-05-10 20:58:44 +02:00
fd2677af1f
root: bump api generator ( #5139 )
...
* root: bump api generator
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* bump api diff too
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* bump go api client
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* simplify go api generation
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-04-01 18:10:52 +02:00
ef028af7d1
providers/proxy: rework endpoints logic ( #4993 )
...
* providers/proxy: rework endpoints logic
again...this time with tests and better logic
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-03-18 18:51:20 +01:00
f70be86ddc
providers/proxy: strip scheme when comparing redirect URL
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-02-20 21:22:26 +01:00
9f431396c0
providers/proxy: ensure issuer is correct when browser url override is set
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
#4715
2023-02-19 17:35:29 +01:00
b6c120f555
providers/proxy: fix client credential flows not using http interceptor
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-02-15 00:22:56 +01:00
ec42b597ab
providers/proxy: send token request internally, with overwritten host header ( #4675 )
...
* send token request internally, with overwritten host header
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-02-13 16:34:47 +01:00
8f70354e3c
internal: remove debug remnant from cookie testing
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-02-12 17:29:18 +01:00
21e29744c2
providers/proxy: different cookie name based on hashed client id ( #4666 )
2023-02-12 16:34:57 +01:00
af43330fd6
providers/oauth2: rework OAuth2 Provider ( #4652 )
...
* always treat flow as openid flow
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* improve issuer URL generation
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more refactoring
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update introspection
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more refinement
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* migrate more
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix more things, update api
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* regen migrations
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix a bunch of things
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start updating tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix implicit flow, auto set exp
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix timeozone not used correctly
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix revoke
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more timezone shenanigans
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix userinfo tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update web
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix proxy outpost
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix api tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix missing at_hash for implicit flows
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-include at_hash in implicit auth flow
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use folder context for outpost build
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-02-09 20:19:48 +01:00
3170b2f92c
providers/proxy: add token support for basic auth
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-02-07 22:50:49 +01:00
61b06eff06
providers/proxy: better log outpost token errors
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-02-06 20:26:43 +01:00
388367785d
*/saml: disable pretty_print, add signature tests
...
closes #4536
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-02-03 15:42:09 +01:00
7d4ce41e12
providers/proxy: outpost wide logout implementation ( #4605 )
...
* initial outpost wide logout implementation
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* handle deserialize error
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix file cleanup, add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-02-02 21:18:59 +01:00
43854dc828
outposts/proxy: fix panic due to IsSet misbehaving
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-01-19 18:22:55 +01:00
c11367553e
providers/proxy: fix issuer for embedded outpost ( #4480 )
...
fix issuer for embedded outpost
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-01-19 15:39:30 +01:00
23c69c456a
providers/proxy: add setting to intercept authorization header ( #4457 )
...
* add setting to intercept authorization header
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rename to intercept_header_auth
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-01-17 18:56:48 +01:00
19ee98b36d
outposts/proxy: allow setting no-redirect via header or query param
...
closes #4455
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-01-17 10:56:43 +01:00
9b2ceb0d44
outposts/proxy: make logged user more consistent, set FlushInterval
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-01-14 23:58:15 +01:00
69d4719687
outposts/proxy: set http code when no redirect header is set
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-01-14 22:20:52 +01:00
d31e566873
outposts/proxy: add header to prevent redirects
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-01-14 22:18:25 +01:00
