* web: Add InvalidationFlow to Radius Provider dialogues
## What
- Bugfix: adds the InvalidationFlow to the Radius Provider dialogues
- Repairs: `{"invalidation_flow":["This field is required."]}` message, which was *not* propagated
to the Notification.
- Nitpick: Pretties `?foo=${true}` expressions: `s/\?([^=]+)=\$\{true\}/\1/`
## Note
Yes, I know I'm going to have to do more magic when we harmonize the forms, and no, I didn't add the
Property Mappings to the wizard, and yes, I know I'm going to have pain with the *new* version of
the wizard. But this is a serious bug; you can't make Radius servers with *either* of the current
dialogues at the moment.
* First things first: save the blueprint that initializes the test runner.
* Committing to having the PKs be a string, and streamlining an event handler. Type solidity needed for the footer control.
* web/admin/better-footer-links
# What
- A data control that takes two string fields and returns the JSON object for a FooterLink
- A data control that takes a control like the one above and assists the user in entering a
collection of such objects.
# Why
We're trying to move away from CodeMirror for the simple things, like tables of what is essentially
data entry. Jens proposed this ArrayInput thing, and I've simplified it so you define what "a row"
is as a small, lightweight custom Component that returns and validates the datatype for that row,
and ArrayInput creates a table of rows, and that's that.
We're still working out the details, but the demo is to replace the "Name & URL" table in
AdminSettingsForm with this, since it was silly to ask the customer to hand-write JSON or YAML,
getting the keys right every time, for an `Array<Record<{ name: string, href: string }>>`. And some
client-side validation can't hurt.
Storybook included. Tests to come.
* Not ready for prime time.
* One lint. Other lints are still in progress.
* web: lots of 'as unknown as Foo'
I know this is considered bad practice, but we use Lit and Lit.spread
to send initialization arguments to functions that create DOM
objects, and Lit's prefix convention of '.' for object, '?' for
boolean, and '@' for event handler doesn't map at all to the Interface
declarations of Typescript. So we have to cast these types when
sending them via functions to constructors.
* web/admin/better-footer-links
# What
- Remove the "JSON or YAML" language from the AdminSettings page for describing FooterLinks inputs.
- Add unit tests for ArrayInput and AdminSettingsFooterLinks.
- Provide a property for accessing a component's value
# Why
Providing a property by which the JSONified version of the value can be accessed enhances the
ability of tests to independently check that the value is in a state we desire, since properties can
easily be accessed across the wire protocol used by browser-based testing environments.
* Ensure the UI is built from _current_ before running tests.
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
# Conflicts:
# web/src/elements/ak-array-input.test.ts
providers/scim: add comparison with existing group on update and delta update users (#11414)
* fix incorrect default group mapping
* providers/scim: add comparison with existing group on update and delta update users
* fix
* fix
* fix another exception when creating groups
* fix users to add check
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L. <jens@goauthentik.io>
web/admin: fix invalid create date shown for MFA registered before date was saved (#11728)
web/admin: fix invalid create date shown for MFA registered before date was tracked
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L. <jens@goauthentik.io>
providers/oauth2: don't overwrite attributes when updating service acccount (#11709)
providers/oauth2: don't overwrite attributes when updating service account
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L. <jens@goauthentik.io>
core: fix permission check for scoped impersonation (#11603)
* fix: permission check for scoped impersonation
set global permission to have higher priority than the permission on a specific object
* add tests
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: walhallyus <walhallyus@gmail.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
sources/ldap: fix mapping check, fix debug endpoint (#11442)
* run connectivity check always
* don't run sync if either sync_ option is enabled and no mappings are set
* misc label fix
* misc writing changse
* add api validation
* fix debug endpoint
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L. <jens@goauthentik.io>
events: always use expiry from current tenant for events, not only when creating from HTTP request (#11415)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L. <jens@goauthentik.io>
providers/proxy: fix URL path getting lost when partial URL is given to rd= (#11354)
* providers/proxy: fix URL path getting lost when partial URL is given to rd=
* better fallback + tests
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L. <jens@goauthentik.io>
core: ensure all providers have correct priority (#11280)
follow up to #11267 which broke SAML lookup
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L. <jens@goauthentik.io>
root: fix ensure `outpost_connection_discovery runs on worker startup (#11260)
* root: fix ensure outpost_connection_discovery runs on worker startup
Make outpost_connection_discovery a startup task for default_tenant to ensure it's ran during worker startup. Without this waiting for the 8 hour schedule to fire is required.
fixes: https://github.com/goauthentik/authentik/issues/10933
* format
---------
Signed-off-by: Anthony Rabbito <arabbito@coreweave.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Anthony Rabbito <hello@anthonyrabbito.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
web/users: show - if device was registered before we started saving the time (#11256)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L. <jens@goauthentik.io>
providers/ldap: rework search_group migration to work with read replicas (#11228)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L. <jens@goauthentik.io>
