authentik

Author	SHA1	Message	Date
Jens Langhammer	4571f5e644	working PEAP decode Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:43:00 +02:00
Jens Langhammer	ee234ea3aa	simplify Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:43:00 +02:00
Jens Langhammer	82c177b7eb	try to make this work Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:43:00 +02:00
Jens Langhammer	1155ccb3e8	support SSLKEYLOGFILE Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:43:00 +02:00
Jens Langhammer	1575b96262	separate eap logic into protocol Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:59 +02:00
Jens Langhammer	19bb77638a	folder structure to prepare eap in eap Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:59 +02:00
Jens Langhammer	d6cf129eaa	attempt peap Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:59 +02:00
Jens Langhammer	b6686cff14	refactor v1, start support for more protocols and implement nak Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:59 +02:00
Jens Langhammer	8cf8f1e199	keep eap state when refreshing Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:59 +02:00
Jens Langhammer	50c50c4109	remove panic Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:59 +02:00
Jens Langhammer	3ada3a7e0e	make certificate configurable Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:58 +02:00
Jens Langhammer	fa06c9fe4e	start tying it into the flow Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:58 +02:00
Jens Langhammer	2a024238fe	slightly better logging Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:58 +02:00
Jens Langhammer	91c87b7c3c	ok this works kinda Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:58 +02:00
Jens Langhammer	318443f270	hmmm idk Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:57 +02:00
Jens Langhammer	ac88784089	maybe? Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:57 +02:00
Jens Langhammer	855afa7b9f	slight read refactor (seems to fix flaky issues?) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:57 +02:00
Jens Langhammer	240abfef41	use tighter retry that cancels and backs off Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:57 +02:00
Jens Langhammer	03075f1890	slight refactor Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:57 +02:00
Jens Langhammer	5bc0ed6e11	apparently it works now Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:57 +02:00
Jens Langhammer	8f4cfc28c7	fix outgoing buffer not cleared when sending unchunked Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:57 +02:00
Jens Langhammer	6d77eaaab7	deduplicate Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:56 +02:00
Jens Langhammer	9cee59537c	prep ctx Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:56 +02:00
Jens Langhammer	fc5c0e2789	generate MPPE key Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:56 +02:00
Jens Langhammer	573446689f	fix remaning tls data not sent Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:56 +02:00
Jens Langhammer	fd4bfe604d	more fixup Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:56 +02:00
Jens Langhammer	06e76a5b37	it's almost working Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:56 +02:00
Jens Langhammer	3c228bf5c3	try to make the finish work Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:55 +02:00
Jens Langhammer	8a80f07db2	this might actually be cooking Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:55 +02:00
Jens Langhammer	ae59a3e576	we're getting somewhere Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:55 +02:00
Jens Langhammer	df21e678d6	fix a bunch more Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:55 +02:00
Jens Langhammer	a71532b3e3	refactor more Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:55 +02:00
Jens Langhammer	d7cb0b3ea1	fixup Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:54 +02:00
Jens Langhammer	ba8f137885	keep track of total payload size Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:54 +02:00
Jens Langhammer	958ff66070	fix parsing when lengincluded is not set Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:54 +02:00
Jens Langhammer	ad57c66a32	better log Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:54 +02:00
Jens Langhammer	2bba0ddd74	might actually happen? Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-01 22:42:54 +02:00
Dominic R	5af2378738	outposts/ldap: Handle comma-separated attributes in LDAP search requests (#15000 ) Closes https://github.com/goauthentik/authentik/issues/13539 When LDAP clients like Jira submit search requests with comma-separated attributes (e.g., ["uid,cn,sn"] instead of ["uid", "cn", "sn"]), the LDAP outpost would return an "Operations Error". Ths fix adds attribute normalization to properly handle both formats by splitting comma separated attributes into individual entries. Tests pass: ``` === RUN TestNormalizeAttributes === RUN TestNormalizeAttributes/Empty_input === RUN TestNormalizeAttributes/No_commas === RUN TestNormalizeAttributes/Single_comma-separated_string === RUN TestNormalizeAttributes/Mixed_input === RUN TestNormalizeAttributes/With_spaces === RUN TestNormalizeAttributes/Empty_parts === RUN TestNormalizeAttributes/Single_element === RUN TestNormalizeAttributes/Only_commas === RUN TestNormalizeAttributes/Multiple_comma-separated_attributes === RUN TestNormalizeAttributes/Case_preservation === RUN TestNormalizeAttributes/Leading_and_trailing_spaces === RUN TestNormalizeAttributes/Real-world_LDAP_attribute_examples === RUN TestNormalizeAttributes/Jira-style_attribute_format === RUN TestNormalizeAttributes/Single_string_with_single_attribute === RUN TestNormalizeAttributes/Mix_of_standard_and_operational_attributes --- PASS: TestNormalizeAttributes (0.00s) --- PASS: TestNormalizeAttributes/Empty_input (0.00s) --- PASS: TestNormalizeAttributes/No_commas (0.00s) --- PASS: TestNormalizeAttributes/Single_comma-separated_string (0.00s) --- PASS: TestNormalizeAttributes/Mixed_input (0.00s) --- PASS: TestNormalizeAttributes/With_spaces (0.00s) --- PASS: TestNormalizeAttributes/Empty_parts (0.00s) --- PASS: TestNormalizeAttributes/Single_element (0.00s) --- PASS: TestNormalizeAttributes/Only_commas (0.00s) --- PASS: TestNormalizeAttributes/Multiple_comma-separated_attributes (0.00s) --- PASS: TestNormalizeAttributes/Case_preservation (0.00s) --- PASS: TestNormalizeAttributes/Leading_and_trailing_spaces (0.00s) --- PASS: TestNormalizeAttributes/Real-world_LDAP_attribute_examples (0.00s) --- PASS: TestNormalizeAttributes/Jira-style_attribute_format (0.00s) --- PASS: TestNormalizeAttributes/Single_string_with_single_attribute (0.00s) --- PASS: TestNormalizeAttributes/Mix_of_standard_and_operational_attributes (0.00s) PASS ok goauthentik.io/internal/outpost/ldap/search 0.194s ```	2025-06-11 18:16:40 +02:00
Jens L.	88fa7e37dc	outposts: Refactor session end signal and add LDAP support (#14539 ) * outpost: promote session end signal to non-provider specific Signed-off-by: Jens Langhammer <jens@goauthentik.io> * implement server-side logout in ldap Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix previous import Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use better retry logic Signed-off-by: Jens Langhammer <jens@goauthentik.io> * log Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make more generic if we switch from ws to something else Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make it possible to e2e test WS Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix ldap session id Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ok I actually need to go to bed this took me an hour to fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> * format; add ldap test Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix leftover state Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove thread Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use ws base for radius Signed-off-by: Jens Langhammer <jens@goauthentik.io> * separate test utils Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rename Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix missing super calls Signed-off-by: Jens Langhammer <jens@goauthentik.io> * websocket tests with browser 🎉 Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add proxy test for sign out Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix install_id issue with channels tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix proxy basic auth test Signed-off-by: Jens Langhammer <jens@goauthentik.io> * big code dedupe Signed-off-by: Jens Langhammer <jens@goauthentik.io> * allow passing go build args Signed-off-by: Jens Langhammer <jens@goauthentik.io> * improve waiting for outpost Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rewrite ldap tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ok actually fix the tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * undo a couple things that need more time to cook Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove unused lockfile-lint dependency since we use a shell script and SFE does not have a lockfile Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix session id for ldap Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix missing createTimestamp and modifyTimestamp ldap attributes closes #10474 Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-06-10 12:11:21 +02:00
Jens L.	dea2d67ceb	internal/outpost: fix incorrect usage of golang SHA API (#14981 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-06-09 20:57:36 +02:00
Jens L.	b7417e77c7	outposts: remove duplicate startup/setup code, add pyroscope, make sentry not reconfigure every time (#14724 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-06-07 03:01:00 +02:00
Jens L.	a306cecb73	providers/proxy: add option to override host header with property mappings (#14927 )	2025-06-06 14:54:59 +02:00
Jens L.	57f25a97c9	providers/ldap: retain binder and update users instead of re-creating (#14735 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-05-28 13:43:35 +02:00
Jens L.	65517f3b7f	enterprise/stages: Add MTLS stage (#14296 ) * prepare client auth with inbuilt server Signed-off-by: Jens Langhammer <jens@goauthentik.io> * introduce better IPC auth Signed-off-by: Jens Langhammer <jens@goauthentik.io> * init Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start stage Signed-off-by: Jens Langhammer <jens@goauthentik.io> * only allow trusted proxies to set MTLS headers Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more stage progress Signed-off-by: Jens Langhammer <jens@goauthentik.io> * dont fail if ipc_key doesn't exist Signed-off-by: Jens Langhammer <jens@goauthentik.io> * actually install app Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add some tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update API Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix unquote Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix int serial number not jsonable Signed-off-by: Jens Langhammer <jens@goauthentik.io> * init ui Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add UI Signed-off-by: Jens Langhammer <jens@goauthentik.io> * unrelated: fix git pull in makefile Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix parse helper Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add test for outpost Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more tests and improvements Signed-off-by: Jens Langhammer <jens@goauthentik.io> * improve labels Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add support for multiple CAs on brand Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add support for multiple CAs to MTLS stage Signed-off-by: Jens Langhammer <jens@goauthentik.io> * dont log ipcuser secret views Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix go mod Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-05-19 22:48:17 +02:00
dependabot[bot]	7826e7a605	core: bump oss/go/microsoft/golang from 1.23-fips-bookworm to 1.24-fips-bookworm (#13027 ) * core: bump oss/go/microsoft/golang Bumps oss/go/microsoft/golang from 1.23-fips-bookworm to 1.24-fips-bookworm. --- updated-dependencies: - dependency-name: oss/go/microsoft/golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> * upstream docker image, use native fips Signed-off-by: Jens Langhammer <jens@goauthentik.io> * bump go version Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2025-03-30 03:26:30 +02:00
Jens L.	5bcf501842	outposts/ldap: fix paginator going into infinite loop (#13677 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-03-27 00:05:43 +01:00
dependabot[bot]	84b5992e55	ci: bump golangci/golangci-lint-action from 6 to 7 (#13661 ) * ci: bump golangci/golangci-lint-action from 6 to 7 Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 6 to 7. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/v6...v7) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * fix lint Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix v2 Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix v3 Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2025-03-26 18:03:20 +01:00
Jens L.	f37e1ca642	brands: migrate custom CSS to brands (#13172 ) * brands: migrate custom CSS to brands Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix missing default Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * simpler migration Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add css to brand form Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-03-19 22:52:38 +00:00
Andrea Scarpino	94eff50306	root: redis, make sure tlscacert isn't an empty string (#12407 ) * root: redis, make sure tlscacert isn't an empty string * make TLSCaCert a string instead of pointer Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2025-01-13 20:14:26 +01:00
Jens L.	ee6fcdfbd8	internal: fix missing trailing slash in outpost websocket (#12470 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2024-12-23 23:42:42 +01:00

1 2 3 4 5 ...

446 Commits