ff06214b0e
core: include version in built JS files ( #9558 )
...
* web: fix esbuild issue with style sheets
Getting ESBuild, Lit, and Storybook to all agree on how to read and parse stylesheets is a serious
pain. This fix better identifies the value types (instances) being passed from various sources in
the repo to the three *different* kinds of style processors we're using (the native one, the
polyfill one, and whatever the heck Storybook does internally).
Falling back to using older CSS instantiating techniques one era at a time seems to do the trick.
It's ugly, but in the face of the aggressive styling we use to avoid Flashes of Unstyled Content
(FLoUC), it's the logic with which we're left.
In standard mode, the following warning appears on the console when running a Flow:
```
Autofocus processing was blocked because a document already has a focused element.
```
In compatibility mode, the following **error** appears on the console when running a Flow:
```
crawler-inject.js:1106 Uncaught TypeError: Failed to execute 'observe' on 'MutationObserver': parameter 1 is not of type 'Node'.
at initDomMutationObservers (crawler-inject.js:1106:18)
at crawler-inject.js:1114:24
at Array.forEach (<anonymous>)
at initDomMutationObservers (crawler-inject.js:1114:10)
at crawler-inject.js:1549:1
initDomMutationObservers @ crawler-inject.js:1106
(anonymous) @ crawler-inject.js:1114
initDomMutationObservers @ crawler-inject.js:1114
(anonymous) @ crawler-inject.js:1549
```
Despite this error, nothing seems to be broken and flows work as anticipated.
* core: include version in built JS files
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add fallback
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* include build hash
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix stuff
why does this even work locally
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* idk man node
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* just not use import assertions
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* web: add no-console, use proper dirname path
* web: retarget to use the base package.json file.
* web: encode path to root package.json using git
This is the most authoritative way of finding the root of the git project.
* use full version to match frontend
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add fallback for missing .git folder
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Ken Sternberg <ken@goauthentik.io >
2024-06-18 17:05:28 +09:00
fbad02fac1
providers/scim, sources/ldap: switch to using postgres advisory locks instead of redis locks ( #9511 )
...
* providers/scim, sources/ldap: switch to using postgres advisory locks instead of redis locks
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* website/integrations: discord: fix typo
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix timeout logic
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* remove redis locks completely
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Apply suggestions from code review
Signed-off-by: Jens L. <jens@beryju.org >
---------
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Signed-off-by: Jens L. <jens@beryju.org >
Co-authored-by: Jens L <jens@goauthentik.io >
2024-05-23 13:41:42 +02:00
a5467c6e19
root: add primary-replica db router ( #9479 )
...
* root: add primary-replica db router
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* copy all settings for database replicas
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* refresh read replicas config, switch to using a dict instead of a list for easier refresh
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add test for get_keys
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix getting override
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* nosec
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* small fixes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix replica settings
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* generate config: add a dummy read replica
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add doc
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add healthchecks for replicas
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add note about hot reloading
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
2024-05-21 20:15:49 +02:00
99ad492951
enterprise/providers/microsoft_entra: initial account sync to microsoft entra ( #9632 )
...
* initial
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add entra mappings
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix some stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make API endpoints more consistent
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* implement more things
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add user tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix most group tests + fix bugs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more group tests, fix bugs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix missing __init__
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add ui for provisioned users
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix a bunch of bugs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add `creating` to property mapping env
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* always sync group members
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix group membership
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix some types
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add group member add test
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* create sync status component to dedupe
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix discovery tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* get rid of more code and fix more issues
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add error handling for auth and transient
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make sure autoretry is on
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format web
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* wait for task in signal
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add squashed google migration
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-05-09 15:41:23 +02:00
aeb1b450eb
enterprise/providers/google: initial account sync to google workspace ( #9384 )
...
* providers/google: initial account sync to google workspace
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start separating scim sync client
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* generalize more...ish
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* set dispatch_uid
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start generalizing task
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fully separate tasks
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix more
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix signals...?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start google dedupe
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* drawing the rest of the owl
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* juse use a whole lot less magic
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* member sync, better implement conflict/retry-able exceptions
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* max wizards taller
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* gen api, basic UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix some bugs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix a bunch more bugs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* generalize sync status API
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rework sync chart
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add slugify to evaluator
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add test property mappings
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rename to google workspace
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* handle existing objects
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix credential render
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* verify email has correct domain before syncing user
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix missing docstring
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix lock not being used
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* abstract more common stuff away
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* backport time limit fix
https://github.com/goauthentik/authentik/pull/9546
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start discovery
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* implement discover for google
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* prevent same issue as with https://github.com/goauthentik/authentik/pull/9557
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix sync status
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make group name unique in API
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix reference to old wrapper
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start adding tests
man this api client is awful
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add SkipObject
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* dont use weak ref
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add group tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add user and group delete options
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* set user agent
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* if the api's testing tools are awful, let's just make our own
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add more tests and already fix some more bugs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add discover
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add preview banner
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add group import test
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* only import users/groups in the correct parent group
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix conflicting args
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix missing schedule
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix web ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add default_group_email_domain
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-05-07 19:52:20 +02:00
06d1062423
tenants: fix scheduled tasks not running on default tenant ( #9583 )
...
* tenants: fix scheduled tasks not running on default tenant
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add some extra time to keep system task around
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make sure we actually send it to all tenants
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-05-06 03:16:30 +02:00
64d4a19ccf
root: expose session storage configuration ( #9337 )
...
* root: expose session storage configuration
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-04-18 20:53:27 +02:00
a742331484
root: make redis settings more consistent ( #9335 )
...
* make redis settings more consistent
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add support to go
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rewrite url
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix redis connect in wait_for_db
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* censor password when logging error
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* reword docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add redis url generation helper
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-04-18 16:49:41 +02:00
3c28cf1909
sources: add SCIM source ( #3051 )
...
* initial
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* rebuild migration
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* include root URL in API
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add UI base URL
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* only allow SCIM basic auth for testing and debug
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* start user tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* antlr for scim filter parsing, why
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix url mountpoint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* ...turns out we don't need antlr
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start to revive this PR
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Apply suggestions from code review
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Jens L. <jens@beryju.org >
* don't put doc structure changes into this
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix web ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make mostly work
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add filter support
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add e2e tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix helper
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-add codecov oidc
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove unused fields from API
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix group membership
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated: fix backchannel helper text size
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* test against authentik as SCIM server I guess?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix scim provider task render
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add preview banner
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Revert "re-add codecov oidc"
This reverts commit fdeeb391afba710645e77608e0ab2e97485c48d1.
* add API for connection objects
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix preview banner
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add UI for users and groups
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens L. <jens@beryju.org >
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
2024-04-15 14:23:43 +02:00
bb1f18d973
root: generate python client ( #9107 )
...
* generate api client
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
# Conflicts:
# authentik/lib/expression/evaluator.py
# poetry.lock
* don't attempt to pr upgrade api client
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
# Conflicts:
# poetry.lock
# pyproject.toml
* use new generator
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* t
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use upstream generator since that one is v2 already 🤦
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add missing help to makefile
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-04-04 15:39:42 +02:00
104e70c383
root: support redis username ( #8935 )
2024-03-18 12:44:38 +01:00
d8536ed78e
root: fix app settings load order ( #8569 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-02-19 10:30:32 +00:00
ebd05be2c4
root: simplify task signal imports ( #8454 )
...
* *: deduplicate boilerplate for importing related models
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* also auto-import .checks
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix error during prometheus metrics from #8435
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-02-08 12:44:33 +00:00
8949464294
root: reformat with latest black version and fix tests ( #8376 )
...
* format files
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix pyright
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* revert #8367
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* sigh
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-01-31 15:24:45 +01:00
9ed2b74661
root: fix system check warnings ( #8277 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-01-24 12:10:55 +01:00
4184f8a770
enterprise: add full audit log [AUTH-458] ( #8177 )
...
* enterprise: add full audit log
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* delegate enabled check to apps
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* move audit middleware to separate app
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* cleanse before diff
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make cleanse include a hash of the values
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix sentry error during lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* only use start of hash
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* don't use deepdiff
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add diff ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix info for dict
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update release notes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* enable audit logging for tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix startup with tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* include first 4 chars of raw value?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* only log asterisks
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fixup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-01-24 11:36:06 +01:00
abc0c2d2a2
root: Multi-tenancy ( #7590 )
...
* tenants -> brands, init new tenant model, migrate some config to tenants
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* setup logging for tenants
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* configure celery and cache
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* small fixes, runs
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* task fixes, creation of tenant now works by cloning a template schema, some other small stuff
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix-tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* upstream fixes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix-pylint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix avatar tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* migrate config reputation_expiry as well
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix web rebase
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix migrations for template schema
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix migrations for template schema
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix migrations for template schema 3
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* revert reputation expiry migration
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix type
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix some more tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* website: tenants -> brands
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* try fixing e2e tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* start frontend :help:
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add ability to disable tenants api
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* delete embedded outpost if it is disabled
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* make sure embedded outpost is disabled when tenants are enabled
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* management commands: add --schema option where relevant
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* store files per-tenant
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix embedded outpost deletion
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix files migration
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add tenant api tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add domain tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add settings tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* make --schema-name default to public in mgmt commands
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* sources/ldap: make sure lock is per-tenant
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix stuff I broke
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix remaining failing tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* try fixing e2e tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* much better frontend, but save does not refresh form properly
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* update django-tenants with latest fixes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* i18n-extract
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* review comments
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* move event_retention from brands to tenants
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* wip
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* root: add support for storing media files in S3
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* use permissions for settings api
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* blueprints: disable tenants management
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix embedded outpost create/delete logic
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* make gen
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* make sure prometheus metrics are correctly served
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* makefile: don't delete the go api client when not regenerating it
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* tenants api: add recovery group and token creation endpoints
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix startup
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix prometheus metrics
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix web stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix migrations from stable
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix oauth source type import
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Revert "fix oauth source type import"
This reverts commit d015fd0244marc.schmitt@risson.space >
* try with connection_created signal
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix scim tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix web after merge
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix enterprise settings
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Revert "try with connection_created signal"
This reverts commit 764a999db832b40a3bbbmarc.schmitt@risson.space >
* fix django version
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix web after merge
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* relock poetry
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix reconcile
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* try running tenant save in a transaction
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* black
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* test: export postgres logs for debugging and use failfast
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* test: fix container name for logs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* do not copy tenant data
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Revert "try running tenant save in a transaction"
This reverts commit da6dec5a614bffb19704marc.schmitt@risson.space >
* why not
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* remove failfast
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove postgres query logging
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update reconcile logic to clearly differentiate between tenant and global
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix reconcile app decorator
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* enable django checks
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* actually nodata was unnecessary as we're cloning from template and not from public
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* pylint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* update django-tenants with sequence fix
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* actually update
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix e2e tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add tests for settings api
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add tests for recovery api
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* recovery tests: do them on a new tenant
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* web: fix system status being degraded when embedded outpost is disabled
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix recovery tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix tenants tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint-fix
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint-fix
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* update UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add management command to create a tenant
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add docs
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* release notes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* more docs
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* checklist
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* self review
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* spelling
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* make web after upgrading
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* remove extra xlif file
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* prettier
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Revert "add management command to create a tenant"
This reverts commit 39d13c0447jens@goauthentik.io >
* rewite some things on the release notes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* root: make sure install_id comes from public schema
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* require a license to use tenants
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix tenants tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix files migration
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* release notes: add warning about user sessions being invalidated
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* remove api disabled test, we can't test for it
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
---------
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2024-01-23 14:28:06 +01:00
38e1ad5ade
root: replace django-silk with Spotlight ( #7828 )
...
* root: replace django-silk with Spotlight
https://spotlightjs.com/
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use containerized spotlight
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix lock
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update spotlight version
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove platform
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-01-11 12:33:31 +01:00
02869d8173
stages/user_login: session binding ( #7881 )
...
* start with user_login stage
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
# Conflicts:
# authentik/root/settings.py
* fix and improve logout event
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* lint pass
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update authenticated session when IP changes and binding doesn't break
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update docs, always keep old and new IP in event
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-gen api schema
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-12-23 01:20:23 +01:00
3e530cf1b5
flows: add "require outpost" authentication_requirement ( #7921 )
...
* migrate get_client_ip to middleware
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use middleware directly without wrapper
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add require_outpost setting for flows
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update schema
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update web ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fixup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* improve fallback
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-12-19 13:32:10 +01:00
2ec979d490
root: make test database name configurable ( #7591 )
...
* test
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* idk attempt to fix flaky test
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* oops
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-12-18 23:00:24 +01:00
729ef4d786
root: bump python deps (django 5) ( #7862 )
...
* bump python deps
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* vendor pickle serializer for now
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
#7761
* cleanup some things and re-build api scheme
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix web and go
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* actually fix go...?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* better annotate json fields
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use jsondictfield wherever
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove all virtualenvs?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* ?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* final version bump
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-12-18 22:07:59 +01:00
a07fbf5c02
root: disable django-silk profiler ( #7715 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-11-28 12:23:19 +02:00
9db9ad3d66
root: Restructure broker / cache / channel / result configuration ( #7097 )
...
* Initial commit
* Remove any remaining mentions of Redis URL
This is handled in https://github.com/goauthentik/authentik/pull/5395
* Allow setting broker transport options
This enables usage of other brokers that require additional settings
* Remove remaining reference to Redis URL
This functionality is not part of this PR
* Reset default TLS requirements to none
* Fix linter errors
* Move dict from base64 encoded json to config.py
Additionally add tests
* Replace ast.literal_eval with json.loads
* Use default channel and cache backend configuration
If more customization is desired users shall look at goauthentik.io/docs/installation/configuration#custom-python-settings
* Send config deprecation notification to all superusers
* Remove duplicate method
* Add configuration explanation
For channel layer settings
* Use Event for deprecation warning
* Fix remove duplicated method
* Add missing comma
* Update authentik/lib/config.py
Signed-off-by: Jens L. <jens@beryju.org >
* Fix Event deprecation handling
---------
Signed-off-by: Jens L. <jens@beryju.org >
Co-authored-by: Jens L <jens@beryju.org >
2023-11-10 15:44:37 +01:00
e28babb0b8
core: Initial RBAC ( #6806 )
...
* rename consent permission
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* the user version
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
t
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* initial role
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start form
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* some minor table refactoring
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix user, add assign
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add roles ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix backend
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add assign API for roles
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start adding toggle buttons
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start view page
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* exclude add_ permission for per-object perms
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* small cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add permission list for roles
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make sidebar update
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix page header not re-rendering?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fixup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add search
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* show first category in table groupBy except when its empty
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make model and object PK optional but required together
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* allow for setting global perms
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* exclude non-authentik permissions
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* exclude models which aren't allowed (base models etc)
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* ensure all models have verbose_name set, exclude some more internal objects
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* lint fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix role perm assign
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add unasign for global perms
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add meta changes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* clear modal state after submit
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add roles to our group
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix duplicate url names
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make recursive group query more usable
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add name field to role itself and move group creation to signal
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start sync
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* move rbac stuff to separate django app
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix lint and such
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix go
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start API changes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add more API tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make admin interface not require superuser for now, improve error handling
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* replace some IsAdminUser where applicable
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* migrate flow inspector perms to actual permission
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix license not being a serializermodel
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add permission modal to models without view page
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add additional permissions to assign/unassign permissions
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add action to unassign user permissions
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add permissions tab to remaining view pages
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix flow inspector permission check
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix codecov config?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add more API tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* ensure viewsets have an order set
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* hopefully the last api name change
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make perm modal less confusing
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start user view permission page
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* only make delete bulk form expandable if usedBy is set
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* expand permission tables
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add more things
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add user global permission table
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests' url names
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add tests for assign perms
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add unassign tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rebuild permissions
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* prevent assigning/unassigning permissions to internal service accounts
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* only enable default api browser in debug
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix role object permissions showing duplicate
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix role link on role object permissions table
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix object permission modal having duplicate close buttons
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* return error if user has no global perm and no object perms
also improve error display on table
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* small optimisation
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* optimise even more
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update locale
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add system permission for non-object permissions
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* allow access to admin interface based on perm
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* clean
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* don't exclude base models
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-10-16 17:31:50 +02:00
25d4905d6c
outposts: use channel groups instead of saving channel names ( #7183 )
...
* outposts: use channel groups instead of saving channel names
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use pubsub
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* support storing other args with state
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-10-16 17:01:44 +02:00
e55e27d060
root: disable APPEND_SLASH ( #6928 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-09-26 18:59:28 +02:00
0e5952650b
root: make Celery worker concurrency configurable ( #6837 )
...
* root: made Celery worker concurrency configurable
* core: fixed Celery worker command to set autoscaling options to account for worker concurrency setting
* Update website/docs/installation/configuration.md
Signed-off-by: Jens L. <jens@beryju.org >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens L. <jens@beryju.org >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens L <jens@beryju.org >
2023-09-26 10:37:22 +00:00
a32755b6c8
root: Add setting to adjust database config for pgpool ( #6949 )
2023-09-21 12:54:18 +02:00
6612f729ec
stages/authenticator: vendor otp ( #6741 )
...
* initial import
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update imports
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove email and hotp for now
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove things we don't need and clean up
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* initial merge static
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* initial merge totp
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more fixes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix migrations
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update webui
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add system migration
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more cleanup, add doctests to test_runner
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fixup more lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* cleanup last tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update docstrings
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* implement SerializerModel
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix web format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-09-04 11:45:14 +02:00
fd561ac802
root: connect to backend via socket ( #6720 )
...
* root: connect to gunicorn via socket
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* put socket in temp folder
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use non-socket connection for debug
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* don't hardcode local url
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix dev_server missing websocket
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* dedupe logging config between gunicorn and main app
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* slight refactor for proxy errors
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-09-02 17:58:37 +02:00
a39fef11b8
providers/saml: fix SAML metadata import API requiring flow slug inst… ( #6729 )
...
* providers/saml: fix SAML metadata import API requiring flow slug instead of pk
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* replace format_exc_info with dict_tracebacks, and only for json logger
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-09-01 12:59:25 +02:00
1c1c1cf5da
root: expand exception logging ( #6690 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-08-31 14:17:57 +02:00
9545857042
root/revert persistent connections ( #6677 )
...
Revert "root: always use persistent database connections (#6560 )"
This reverts commit 1d99ec95b5
2023-08-30 00:13:53 +02:00
1d99ec95b5
root: always use persistent database connections ( #6560 )
...
* root: always use persistent database connections
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* root: activate database connection health checks
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
---------
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
2023-08-17 19:38:39 +02:00
561e6956fe
root: add get_int to config loader instead of casting to int everywhere ( #6436 )
...
* root: add get_int to config loader instead of casting to int everywhere
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* improve error handling, add test
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-07-31 19:34:59 +02:00
b08f8d8e0c
api: re-fix url import logging ( #6400 )
...
* fix logging
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove lib from apps
lib doesn't declare any models, so it really doesn't need to be in there anyways?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove lib from schema too
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-07-27 12:56:51 +02:00
7be94df00c
root: set csrf cookie's secure flag same as session ( #6350 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-07-24 13:57:30 +02:00
2f469d2709
root: partial Live-updating config ( #5959 )
...
* stages/email: directly use email credentials from config
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use custom database backend that supports dynamic credentials
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add crude config reloader
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make method names for CONFIG clearer
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* replace config.set with environ
Not sure if this is the cleanest way, but it persists through a config reload
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-add set for @patch
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* even more crudeness
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* clean up some old stuff?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* somewhat rewrite config loader to keep track of a source of an attribute so we can refresh it
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* cleanup old things
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix flow e2e
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-07-19 23:13:22 +02:00
41af486006
enterprise: initial enterprise ( #5721 )
...
* initial
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add user type
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add external users
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add ui, add more logic, add public JWT validation key
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* revert to not use install_id as session jwt signing key
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix more
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* switch to PKI
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add more licensing stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add install ID to form
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix bugs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start adding tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fixes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use x5c correctly
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* license checks
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use production CA
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more UI stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rename to summary
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update locale, improve ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add direct button
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update link
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format and such
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove old attributes from ldap
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove is_enterprise_licensed
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix admin interface styling issue
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Update authentik/core/models.py
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Jens L. <jens@beryju.org >
* fix default case
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens L. <jens@beryju.org >
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
2023-07-17 17:57:08 +02:00
a987846c76
root: celery refactor ( #6095 )
...
* root: celery refactor
cleanup deprecation messages by configuring celery with a single object
run celery as django management command
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* improve debug experience
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add debugpy to dev dependencies
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix task_always_eager
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-06-28 16:44:50 +02:00
6299fc7f81
root: migrate from os.path to Pathlib ( #5594 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-05-12 20:04:02 +02:00
4671d4afb4
enterprise: initial license ( #5293 )
...
* enterprise: add enterprise license and app
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add license and terms
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* don't build enterprise into docker for now
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-04-19 16:13:45 +02:00
f84a10b59b
core: revert django update ( #5236 )
...
* Revert "core: bump django from 4.1.7 to 4.2 (#5151 )"
This reverts commit 18a4eac527jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-04-13 14:10:12 +02:00
18a4eac527
core: bump django from 4.1.7 to 4.2 ( #5151 )
...
* core: bump django from 4.1.7 to 4.2
Bumps [django](https://github.com/django/django ) from 4.1.7 to 4.2.
- [Release notes](https://github.com/django/django/releases )
- [Commits](https://github.com/django/django/compare/4.1.7...4.2 )
---
updated-dependencies:
- dependency-name: django
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
* upgrade to psycopg3, use custom engine for prometheus metrics
See https://github.com/korfuri/django-prometheus/issues/350
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make scripts use pscopg3
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: dependabot[bot] <support@github.com >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2023-04-11 15:00:27 +02:00
adcd11b1f8
core: extend postgres configuration ( #5138 )
...
Add postgres configuration options to control
TLS verification and client certificates.
2023-04-02 17:39:36 +02:00
3f5effb1bc
providers/radius: simple radius outpost ( #1796 )
...
* initial implementation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add migrations
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix web
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* minor fixes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use search-select
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update locale
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fixup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix ip with port being sent to delegated ip
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add radius tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-03-20 16:54:35 +01:00
28ddeb124f
providers: SCIM ( #4835 )
...
* basic user sync
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add group sync and some refactor
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start API
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* allow null authorization flow
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make task monitored
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add missing dependency
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make authorization_flow required for most providers via API
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make task result better readable, exclude anonymous user
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add task UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add scheduled task for all sync
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make scim errors more readable
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add mappings, migrate to mappings
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add mapping UI and more
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add scim docs to web
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start implementing membership
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* migrate signals to tasks
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* migrate fully to tasks
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* strip none keys, fix lint errors
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix things
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start adding tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix saml
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add scim schemas and validate against it
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* improve error handling
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add group put support, add group tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* send correct application/scim+json headers
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* stop sync if no mappings are confiugred
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add test for task sync
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add membership tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use decorator for tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make tests better
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-03-06 19:39:08 +01:00
069e9c015b
events: fix m2m_change events not being logged
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-02-19 16:28:30 +01:00
f749027143
root: don't log django request warnings
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-02-17 18:08:18 +01:00
