tenants: fix scheduled tasks not running on default tenant (#9583)
* tenants: fix scheduled tasks not running on default tenant
* add some extra time to keep system task around
* make sure we actually send it to all tenants
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L <jens@goauthentik.io>
providers/scim: fix SCIM ID incorrectly used as primary key (#9557)
* providers/scim: fix SCIM ID incorrectly used as primary key
* fix unique together
* add test
* add check for empty scim ID
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L <jens@goauthentik.io>
core: only prefetch related objects when required (#9476)
* core: only prefetch related objects when required
* add tests
* add tests to assert query count
* "optimize" another query away
* prefetch parent and roles
* whops that needs to be pre-fetched
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L <jens@goauthentik.io>
events: ensure all models' __str__ can be called without any further lookups (#9480)
* events: ensure all models' __str__ can be called without any further lookups
* allow for additional queries for models using default_token_key
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L <jens@goauthentik.io>
web: Add resolved and integrity fields back to package-lock.json (#9419)
* web: Fix missing resolved and integrity fields in package-lock.json
* web,website: Add lockfile lint to CI
Co-authored-by: Jan van Brügge <supermanitu@gmail.com>
web: markdown: display markdown even when frontmatter is missing (#9404)
* web: fix esbuild issue with style sheets
Getting ESBuild, Lit, and Storybook to all agree on how to read and parse stylesheets is a serious
pain. This fix better identifies the value types (instances) being passed from various sources in
the repo to the three *different* kinds of style processors we're using (the native one, the
polyfill one, and whatever the heck Storybook does internally).
Falling back to using older CSS instantiating techniques one era at a time seems to do the trick.
It's ugly, but in the face of the aggressive styling we use to avoid Flashes of Unstyled Content
(FLoUC), it's the logic with which we're left.
In standard mode, the following warning appears on the console when running a Flow:
```
Autofocus processing was blocked because a document already has a focused element.
```
In compatibility mode, the following **error** appears on the console when running a Flow:
```
crawler-inject.js:1106 Uncaught TypeError: Failed to execute 'observe' on 'MutationObserver': parameter 1 is not of type 'Node'.
at initDomMutationObservers (crawler-inject.js:1106:18)
at crawler-inject.js:1114:24
at Array.forEach (<anonymous>)
at initDomMutationObservers (crawler-inject.js:1114:10)
at crawler-inject.js:1549:1
initDomMutationObservers @ crawler-inject.js:1106
(anonymous) @ crawler-inject.js:1114
initDomMutationObservers @ crawler-inject.js:1114
(anonymous) @ crawler-inject.js:1549
```
Despite this error, nothing seems to be broken and flows work as anticipated.
* web: markdown: display markdown even when frontmatter is missing
Make the check for the document title comprehensive across the
entire demeter. If there is no front matter, `data` will be missing,
not just `data.title`.
Co-authored-by: Ken Sternberg <133134217+kensternberg-authentik@users.noreply.github.com>
* web: fix esbuild issue with style sheets
Getting ESBuild, Lit, and Storybook to all agree on how to read and parse stylesheets is a serious
pain. This fix better identifies the value types (instances) being passed from various sources in
the repo to the three *different* kinds of style processors we're using (the native one, the
polyfill one, and whatever the heck Storybook does internally).
Falling back to using older CSS instantiating techniques one era at a time seems to do the trick.
It's ugly, but in the face of the aggressive styling we use to avoid Flashes of Unstyled Content
(FLoUC), it's the logic with which we're left.
In standard mode, the following warning appears on the console when running a Flow:
```
Autofocus processing was blocked because a document already has a focused element.
```
In compatibility mode, the following **error** appears on the console when running a Flow:
```
crawler-inject.js:1106 Uncaught TypeError: Failed to execute 'observe' on 'MutationObserver': parameter 1 is not of type 'Node'.
at initDomMutationObservers (crawler-inject.js:1106:18)
at crawler-inject.js:1114:24
at Array.forEach (<anonymous>)
at initDomMutationObservers (crawler-inject.js:1114:10)
at crawler-inject.js:1549:1
initDomMutationObservers @ crawler-inject.js:1106
(anonymous) @ crawler-inject.js:1114
initDomMutationObservers @ crawler-inject.js:1114
(anonymous) @ crawler-inject.js:1549
```
Despite this error, nothing seems to be broken and flows work as anticipated.
* web: fix locale prioritization scheme
The locale priority algorithm had two problems: first, the order was incorrect, allowing the global
default from globalAK() to override a lot of more precise settings; second, the algorithm would take
outside locale overrides from the event handler, which was not necessary.
This commit revises the locale prioritization scheme. It continues to watch for "change of locale"
events from all sources (URL, browser, and user/brand/site internal settings), but if the event
carries a suggested locale, that suggestion is ignored. Instead, when a change of locale event
occurs, it re-runs the algorithm in priority order.
That order is:
- The URL query parameter `locale=`
- The User's stated preference in `CurrentUser.attributes`
- The Browser's stated locale
- The Brand's stated preference in `CurrentBrand.attributes`
- The authentik instance's setting `from window.globalAK()`
- The default locale complied into the UI at build time.
Note to @tanberry: We should note this order somewhere in the documentation, so that users are not
"surprised" that their user preference (set in User Interface -> Settings -> User Details -> Locale)
is not overriden by the browser's preference. (The setting they need is "Based on your browser" to
make browser locale detection work.)
* web: fix locale prioritization scheme
The locale priority algorithm had two problems: first, the order was incorrect, allowing the global
default from globalAK() to override a lot of more precise settings; second, the algorithm would take
outside locale overrides from the event handler, which was not necessary.
This commit revises the locale prioritization scheme. It continues to watch for "change of locale"
events from all sources (URL, browser, and user/brand/site internal settings), but if the event
carries a suggested locale, that suggestion is ignored. Instead, when a change of locale event
occurs, it re-runs the algorithm in priority order.
That order is:
- The URL query parameter `locale=`
- The User's stated preference in `CurrentUser.attributes`
- The Browser's stated locale
- The Brand's stated preference in `CurrentBrand.attributes`
- The authentik instance's setting `from window.globalAK()`
- The default locale complied into the UI at build time.
Note to @tanberry: We should note this order somewhere in the documentation, so that users are not
"surprised" that their user preference (set in User Interface -> Settings -> User Details -> Locale)
is not overriden by the browser's preference. (The setting they need is "Based on your browser" to
make browser locale detection work.)
* web: locale patch for currentUser.settings
Temporarily skipping currentUser.settings.locale as a source of
truth because it's not portable between User/Admin and Flow; Flow
in a logged-out state has no access to `/me`, but we need to probe
`/me` for user settings. This conflict currently triggers a bug
in the session heartbeat handler.
