b8ae028d4d
root: backport release 2024.8.1 ( #11273 )
...
release: 2024.8.1
2024-09-08 01:35:15 +02:00
02ae099bdf
root: version 2024.8 backport ( #11166 )
...
* schemas: fix XML Schema loading...for some reason?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* release: 2024.8.0-rc1
* release: 2024.8.0
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
# Conflicts:
# .bumpversion.cfg
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-09-03 14:41:40 +02:00
a6225ad7a7
root: backport version bump ( #11045 )
...
* fix outpost form not loading apps for correct type
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix bug from previous pr
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* release: 2024.6.4
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-08-23 16:33:07 +02:00
eb5842fa5a
rbac: generate blueprint schema permissions from defined models not DB ( #10962 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-08-19 13:44:13 +02:00
d577152f83
providers/SAML: encryption support ( #10934 )
...
* providers/saml: add option to sign assertion and or response
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add encryption
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add form option
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add tests for API
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-08-17 21:10:28 +02:00
8f53d0b9f3
providers/ldap: Remove search group ( #10639 )
...
* remove search_group
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make api operations cleaerer
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix migration
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* actually use get
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use correct api client for ldap
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix migration
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated: fix migration warning
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated: fix styling issue in dark mode
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated-ish fix button order in wizard
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated: fix missing css import
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Optimised images with calibre/image-actions
* Update index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Jens L. <jens@beryju.org >
* Update index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Jens L. <jens@beryju.org >
* Apply suggestions from code review
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Jens L. <jens@beryju.org >
* update release notes based on new template
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens L. <jens@beryju.org >
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
2024-08-14 16:31:11 +02:00
a073b7a5b1
enterprise: add support for license flags ( #10842 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-08-09 22:20:01 +02:00
4b5bb77d99
enterprise: UI improvements, better handling of expiry ( #10828 )
...
* web/admin: show enterprise banner on the very top
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rework license
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix a bunch of things
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add some more tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add more tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix middleware
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* better api
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add tests for and fix read only mode
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* field name consistency
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-08-09 14:26:38 +02:00
68af5b0572
sources/plex: add property mappings ( #10772 )
2024-08-08 11:36:24 +02:00
19c3f7dd80
sources/saml: Basic support for EncryptedAssertion element. ( #10099 )
...
* source/saml: Updated backend for encrypted assertion support
* source/saml: all lint-fix checks passed
* source/saml: Used Optional type instead of union, on enc_key_descriptor type hint
* source/saml: request_encrypted_assertion model field migration
* source/saml: Added 'noqa' comment to type hint on encryption key descriptor
* small fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add to UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add some error handling
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* sources/saml: Pivot to encryption_kp model field, instead of request_encryption bool
* sources/saml: Typo fix
* re-create migrations
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update web
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add to release notes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add improve error handling, add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* test metadata with encryption and remove WantAssertionsEncrypted since it's not in the schema
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated fix to radius path
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix unrelated fix...sigh
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-migrate
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2024-08-07 19:58:28 +02:00
83b02a17d5
sources: add property mappings for all oauth and saml sources ( #8771 )
...
Co-authored-by: Jens L. <jens@goauthentik.io >
2024-08-07 19:14:22 +02:00
f7b16ed723
policies: add GeoIP policy ( #10454 )
...
* add GeoIP policy
* handle empty lists of ASNs and countries
* handle missing GeoIP database or missing IP from the database
The exceptions raised here are `PolicyException`s to let admins bypass
an execution failure.
* fix translations
whoops
* remove `GeoIPPolicyMode`
Use the policy binding's `negate` option instead
* fix `DataProvision` typing
`ak-dual-select-provider` can handle unpaginated data
* use `django-countries` instead of a static list of countries for ISO-3166
* simplify `GeoIPPolicyForm`
* pass `GeoIPPolicy` on empty policy
* add backend tests to `GeoIPPolicy`
* revise translations
* move `iso-3166/` to `policies/geoip_iso3166/`
* add client-side caching to ISO3166 API call
* fix `GeoIPPolicy` creation
The automatically generated APIs can't seem to handle `CountryField`,
so I'll have to do this by hand too.
* add docs for GeoIP Policy
* docs: stylize
add review suggestions from @tanberry
* refactor `GeoIPPolicy` API
It is now as declarative as I could make it.
* clean up `api.py` and `views.py`
2024-08-06 10:37:29 +00:00
4363c899ac
release: 2024.6.3
2024-08-05 20:08:28 +02:00
d24e2abe7f
rbac: rework API for terraform, add blueprint support ( #10698 )
...
* rbac: rework API slightly to improve terraform compatibility
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* sigh https://www.django-rest-framework.org/api-guide/filtering/#filtering-and-object-lookups
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add permission support for users global permissions
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add role support to blueprints
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix yaml tags
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add generated read-only role
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix web
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make permissions optional
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add object permission support to blueprints
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests kinda
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add more tests and fix bugs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-08-02 16:34:30 +02:00
e60c36b889
release: 2024.6.2
2024-08-01 01:13:29 +02:00
3b1c42776b
sources/scim: add property mappings ( #10650 )
...
* sources/scim: add property mappings
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix filterset
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix doc link
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
---------
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
2024-07-29 22:32:51 +02:00
61c6887e82
providers/radius: Add support for custom attributes ( #10509 )
...
* unrelated: show logs for failed blueprints
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add dictionaries
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated: remove some unused api functions
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add initial api
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* placeholder backend
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* idk
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add proper mappings
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-07-25 19:08:33 +02:00
ced4533890
sources/ldap: rename ldappropertymapping to ldapsourcepropertymapping ( #10606 )
2024-07-25 16:09:36 +02:00
e65b905301
sources: refactor user connection api ( #10607 )
2024-07-25 14:16:50 +02:00
5a8d580c86
core: b2c improvements p1 ( #9257 )
...
* add default app and restrict
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* also pass raw email token for custom email templates
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* revoke access token when user logs out
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remigrate
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add command to change user types
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add some docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* blankable
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* actually fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-07-23 11:10:38 +02:00
1a6ac4740d
sources: introduce new property mappings per user and group ( #8750 )
...
* sources: introduce new property mappings per-user and group
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* sources/ldap: migrate to new property mappings
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint-fix and make gen
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* web changes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* update tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* remove flatten for generic implem
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* rework migration
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint-fix
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* wip
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix migrations
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* re-add field migration to property mappings
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix migrations
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* more migrations fixes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* easy fixes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* migrate to propertymappingmanager
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* ruff and small fixes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* move mapping things into a separate class
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* migrations: use using(db_alias)
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* migrations: use built-in variable
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add docs
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add release notes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
---------
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
2024-07-22 15:26:22 +02:00
6abbe1dd4b
web: fix mismatched button labels for boundpolicy and boundstage list ( #10551 )
...
* remove wrong help text for multi select
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make labelling for create and and bind existing more consistent
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix oobe missing label
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix application library empty state not shown
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix missing formatting for title on access denied stage
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-07-19 17:51:28 +02:00
b0507d2063
web: provide 'show password' button ( #10337 )
...
* web: fix esbuild issue with style sheets
Getting ESBuild, Lit, and Storybook to all agree on how to read and parse stylesheets is a serious
pain. This fix better identifies the value types (instances) being passed from various sources in
the repo to the three *different* kinds of style processors we're using (the native one, the
polyfill one, and whatever the heck Storybook does internally).
Falling back to using older CSS instantiating techniques one era at a time seems to do the trick.
It's ugly, but in the face of the aggressive styling we use to avoid Flashes of Unstyled Content
(FLoUC), it's the logic with which we're left.
In standard mode, the following warning appears on the console when running a Flow:
```
Autofocus processing was blocked because a document already has a focused element.
```
In compatibility mode, the following **error** appears on the console when running a Flow:
```
crawler-inject.js:1106 Uncaught TypeError: Failed to execute 'observe' on 'MutationObserver': parameter 1 is not of type 'Node'.
at initDomMutationObservers (crawler-inject.js:1106:18)
at crawler-inject.js:1114:24
at Array.forEach (<anonymous>)
at initDomMutationObservers (crawler-inject.js:1114:10)
at crawler-inject.js:1549:1
initDomMutationObservers @ crawler-inject.js:1106
(anonymous) @ crawler-inject.js:1114
initDomMutationObservers @ crawler-inject.js:1114
(anonymous) @ crawler-inject.js:1549
```
Despite this error, nothing seems to be broken and flows work as anticipated.
* web: provide `show password` on login page
Provide a `show password` icon, text, and button for the password field both in the
IdentificationStage and the PasswordStage. Essentially the same code for both, although the id of
the password field is unique to each.
Requested by Cloudflare. Seems to be a common thing anyway.
Should it be an administrative option that this facility is available? From where should I derive
that information? I suspect the answer is "a site attribute," but I'd like to get confirmation.
* web: comment doesn't need to be exposed. It's sufficient where it is .
* web: fix button rendering issues
During testing, the buttons did not change as expected. We are using pure DOM
state to control the look of the button, and avoiding using `.requestUpdate()`
to avoid losing customer input, so depending upon Lit to re-render just the
button was an error.
This commit goes old-school and updates the button's label and icon using
standard DOM features, although we do lean into Lit-html`s `render()`
function to create the DOM component for the icon.
* web: provide `show password` on login page
Provide a `show password` icon, text, and button for the password field both in the
IdentificationStage and the PasswordStage. Essentially the same code for both, although the id of
the password field is unique to each.
Provide a configuration detail server-side to allow administrator to enable or disable the 'show
password' feature. Off by default.
Requested by Cloudflare. Seems to be a common thing anyway. Making it configurable wasn't in
Cloudfare's request, but it seemed logical to add.
* ensure the tests pass; quibbling over the wording of the admin field continues.
* Removed some manually identified fluff.
* web: break out `show password`-enabled input field into its own component
Provides a `show password` field, but as a LightDOM-oriented web component. This form of
input[type="password"] is for flows only, as it has a number of specializations for understanding a
flow's validating round-trip, possible error messages within the challenge, and is left within the
LightDOM both to support compatibility issues and to avoid using `elementInterals`, which is a DOM
feature not supported by some older browsers.
Avoids having to maintain two different instances of the same logic, both for permitting 'show
password', and for handling it.
* web: update PasswordStageForm according to lit-analyzer
With lit-analyzer in the mix and functional, we're seeing new complaints about
inconsistent typing in lit objects, and this was one of them.
* Another lit-analyze error found.
2024-07-15 18:14:46 -07:00
f6a9773930
release: 2024.6.1
2024-07-11 22:50:33 +02:00
35cd126406
release: 2024.6.0-rc1
2024-06-14 18:42:26 +02:00
7bb90b1661
providers/microsoft_entra: fix error when updating connection attributes ( #10039 )
...
* providers/microsoft_entra: fix error when updating connection attributes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* include URL to field references
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* only set gws user password when creating by default
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* merge instead of replace connection attributes
an update might not return all attributes so we don't want to fully replace the attributes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-06-11 16:03:23 +09:00
6cf418a37e
stages/captcha: rework ( #9959 )
...
* stages/captcha: rework
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update form with continue option
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update docs, add notes for scores
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* also only raise error from success if needed
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* return full data
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-06-04 18:25:38 +09:00
95d26563e7
providers/oauth2: don't handle api scope as special scope ( #9910 )
...
* providers/oauth2: don't handle api scope as special scope
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make default scope selection less magic
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* ensure missing folder exists
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix duplicate name
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-06-01 17:16:56 +09:00
50fffa72cc
lib/providers/sync: improve outgoing sync ( #9835 )
...
* make connection objects not updatable but allow creating with provider
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* save data returned from google/entra and show it in UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* pass connection object
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* set immutable id on user automatically
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* better define transient error codes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix entra
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-05-30 10:40:10 +09:00
99ad492951
enterprise/providers/microsoft_entra: initial account sync to microsoft entra ( #9632 )
...
* initial
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add entra mappings
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix some stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make API endpoints more consistent
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* implement more things
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add user tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix most group tests + fix bugs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more group tests, fix bugs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix missing __init__
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add ui for provisioned users
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix a bunch of bugs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add `creating` to property mapping env
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* always sync group members
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix group membership
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix some types
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add group member add test
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* create sync status component to dedupe
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix discovery tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* get rid of more code and fix more issues
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add error handling for auth and transient
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make sure autoretry is on
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format web
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* wait for task in signal
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add squashed google migration
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-05-09 15:41:23 +02:00
aeb1b450eb
enterprise/providers/google: initial account sync to google workspace ( #9384 )
...
* providers/google: initial account sync to google workspace
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start separating scim sync client
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* generalize more...ish
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* set dispatch_uid
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start generalizing task
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fully separate tasks
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix more
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix signals...?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start google dedupe
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* drawing the rest of the owl
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* juse use a whole lot less magic
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* member sync, better implement conflict/retry-able exceptions
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* max wizards taller
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* gen api, basic UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix some bugs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix a bunch more bugs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* generalize sync status API
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rework sync chart
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add slugify to evaluator
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add test property mappings
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rename to google workspace
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* handle existing objects
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix credential render
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* verify email has correct domain before syncing user
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix missing docstring
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix lock not being used
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* abstract more common stuff away
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* backport time limit fix
https://github.com/goauthentik/authentik/pull/9546
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start discovery
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* implement discover for google
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* prevent same issue as with https://github.com/goauthentik/authentik/pull/9557
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix sync status
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make group name unique in API
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix reference to old wrapper
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start adding tests
man this api client is awful
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add SkipObject
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* dont use weak ref
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add group tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add user and group delete options
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* set user agent
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* if the api's testing tools are awful, let's just make our own
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add more tests and already fix some more bugs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add discover
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add preview banner
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add group import test
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* only import users/groups in the correct parent group
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix conflicting args
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix missing schedule
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix web ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add default_group_email_domain
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-05-07 19:52:20 +02:00
6802614fbf
release: 2024.4.2
2024-05-07 18:45:37 +02:00
e33ca93f05
providers/saml: fix ecdsa support ( #9537 )
...
* crypto: add option to select which alg to use to generate
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix missing ecdsa options for XML signing
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* bump xml libraries and remove disclaimer
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* lock djangoframework
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-05-02 15:18:14 +02:00
8f8c3e4944
release: 2024.4.1
2024-04-26 18:43:33 +02:00
6b6d88b81b
release: 2024.4.0-rc1
2024-04-24 19:12:47 +02:00
6f3dc2eafd
sources/ldap: fix default blueprint for mapping user DN to path ( #9355 )
...
* sources/ldap: fix default blueprint for mapping user DN to path
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-04-19 14:44:48 +02:00
0a5b8bea5d
stages/prompt: fix username field throwing error with existing user ( #9342 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-04-18 20:54:31 +02:00
ddc78cc297
stages/authenticator_webauthn: fix attestation value ( #9333 )
...
* fix incorrect attestation conveyance with device restriction
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* save raw aaguid on webauthn device
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-04-18 14:00:16 +02:00
3c28cf1909
sources: add SCIM source ( #3051 )
...
* initial
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* rebuild migration
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* include root URL in API
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add UI base URL
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* only allow SCIM basic auth for testing and debug
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* start user tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* antlr for scim filter parsing, why
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix url mountpoint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* ...turns out we don't need antlr
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start to revive this PR
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Apply suggestions from code review
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Jens L. <jens@beryju.org >
* don't put doc structure changes into this
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix web ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make mostly work
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add filter support
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add e2e tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix helper
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-add codecov oidc
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove unused fields from API
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix group membership
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated: fix backchannel helper text size
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* test against authentik as SCIM server I guess?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix scim provider task render
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add preview banner
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Revert "re-add codecov oidc"
This reverts commit fdeeb391afba710645e77608e0ab2e97485c48d1.
* add API for connection objects
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix preview banner
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add UI for users and groups
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens L. <jens@beryju.org >
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
2024-04-15 14:23:43 +02:00
7ef14eb86d
blueprints: only create default brand if no other default brand exists ( #9222 )
...
* blueprints: only create default brand if no other default brand exists
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix invalid blueprint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix flaky test, improve pytest output
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-04-12 14:59:48 +02:00
fd44bc2bec
stages/authenticator_validate: add ability to limit webauthn device types ( #9180 )
...
* stages/authenticator_validate: add ability to limit webauthn device types
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* reword
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* require enterprise attestation when a device restriction is configured as we need the aaguid
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* improve error message
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add more tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-04-11 13:10:05 +02:00
a70363bd95
core: add user settable token durations ( #7410 )
...
* core: add support for user settable token duration
* web: add support for user settable token duration
* website: add documentation for user settable token duration
* core : fix locales
* web: fix tokenIntent when updating
* core: fix linting
* website: Update website/docs/user-group-role/user/user_ref.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Jean-Michel DILLY <48059109+jmdilly@users.noreply.github.com >
* make token duration system-wide configurable
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* small fixup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* migrate token configs to tenants
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add release notes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* make website
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint-fix
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix migrations
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* nosec
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint-fix
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix migrations for real this time
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* trying with no model using default_token_key
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint-fix
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix save
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint-fix
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* use signal instead of overriding save
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
---------
Signed-off-by: Jean-Michel DILLY <48059109+jmdilly@users.noreply.github.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2024-04-11 13:05:05 +02:00
d24fe25047
sources/oauth: make URLs not required, only check when no OIDC URLs are defined ( #9182 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-04-09 20:35:30 +02:00
9f6dca1170
stages/authenticator_webauthn: add MDS support ( #9114 )
...
* web: align style to show current user for webauthn enroll
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* ask for aaguid
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* initial MDS import
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add API
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add restriction
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix api, add actual restriction
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* default authenticator name based on aaguid
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* connect device with device type
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix typo in webauthn stage name
this typo has been around for 3 years 8708e487ae (diff-bb4aee4a37f4b95c8daa7beb6bf6251d8d2b6deb8c16dce0cd7cb0d6cd71900aR16)jens@goauthentik.io >
* add fido2 dep
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add CI pipeline to automate updating blob
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests, include device type
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* exclude icon for now
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add passkeys aaguid
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make special unknown device type work, add docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-04-08 12:21:26 +02:00
e769f7ee02
blueprints: fix schema generation for PrimaryKeyRelated fields with non-int PK ( #9140 )
...
* fix build error with bandit
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* blueprints: fix incorrect schema for primarykeyrelated fields with non-int PK
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* blueprints: fix export containing null ID
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* include authentik version in blueprint schema
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-04-05 01:01:09 +02:00
852f6f2819
blueprints: fix default username field in user-settings flow ( #9136 )
...
should be username type not text
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-04-04 18:50:44 +02:00
06af8e3a35
sources/ldap: add ability to disable password write on login ( #8377 )
...
* sources/ldap: add ability to disable password write on login
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* reword docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2024-03-25 12:22:21 +00:00
fdcc1dcb36
stages: source stage ( #8330 )
...
* stages: source stage
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* include stage name in dummy stage
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use data instead of instance for login button
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make mostly work
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix ident stage
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make it work
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* pass more data
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix flow inspector not always loading
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix dark theme for stepper
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix inspector styling
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* don't skip source stage unless returning
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* auto open flow inspector when debug
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fixup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix validation
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* include raw saml response in flow context
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add some tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* move
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Apply suggestions from code review
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Jens L. <jens@beryju.org >
* fix import
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens L. <jens@beryju.org >
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
2024-03-14 19:46:27 +01:00
1b24168791
sources/oauth: add gitlab type [AUTH-323] ( #8195 )
...
* sources/oauth: add gitlab type
* Use correct username field
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* format
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint-fix
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* web: add gitlab
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
2024-02-29 16:53:08 +01:00
4733778460
enterprise/providers/rac: connection token management ( #8467 )
2024-02-14 18:57:11 +01:00
