aa87695f3c
website/docs: remove tenants docs from sidebar for now ( #8551 )
...
remove tenants docs form sidebar for now
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-02-19 16:17:00 +01:00
a3bfb3d25c
website/docs: 2024.2 release notes ( #8468 )
...
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Co-authored-by: Jens L. <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2024-02-14 20:52:56 +01:00
1db322b42f
security: fix CVE-2024-23647 ( #8345 )
...
* security: fix CVE-2024-23647
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add website
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-01-29 17:40:24 +01:00
abc0c2d2a2
root: Multi-tenancy ( #7590 )
...
* tenants -> brands, init new tenant model, migrate some config to tenants
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* setup logging for tenants
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* configure celery and cache
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* small fixes, runs
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* task fixes, creation of tenant now works by cloning a template schema, some other small stuff
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix-tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* upstream fixes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix-pylint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix avatar tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* migrate config reputation_expiry as well
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix web rebase
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix migrations for template schema
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix migrations for template schema
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix migrations for template schema 3
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* revert reputation expiry migration
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix type
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix some more tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* website: tenants -> brands
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* try fixing e2e tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* start frontend :help:
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add ability to disable tenants api
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* delete embedded outpost if it is disabled
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* make sure embedded outpost is disabled when tenants are enabled
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* management commands: add --schema option where relevant
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* store files per-tenant
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix embedded outpost deletion
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix files migration
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add tenant api tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add domain tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add settings tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* make --schema-name default to public in mgmt commands
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* sources/ldap: make sure lock is per-tenant
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix stuff I broke
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix remaining failing tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* try fixing e2e tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* much better frontend, but save does not refresh form properly
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* update django-tenants with latest fixes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* i18n-extract
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* review comments
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* move event_retention from brands to tenants
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* wip
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* root: add support for storing media files in S3
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* use permissions for settings api
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* blueprints: disable tenants management
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix embedded outpost create/delete logic
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* make gen
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* make sure prometheus metrics are correctly served
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* makefile: don't delete the go api client when not regenerating it
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* tenants api: add recovery group and token creation endpoints
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix startup
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix prometheus metrics
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix web stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix migrations from stable
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix oauth source type import
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Revert "fix oauth source type import"
This reverts commit d015fd0244marc.schmitt@risson.space >
* try with connection_created signal
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix scim tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix web after merge
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix enterprise settings
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Revert "try with connection_created signal"
This reverts commit 764a999db832b40a3bbbmarc.schmitt@risson.space >
* fix django version
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix web after merge
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* relock poetry
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix reconcile
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* try running tenant save in a transaction
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* black
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* test: export postgres logs for debugging and use failfast
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* test: fix container name for logs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* do not copy tenant data
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Revert "try running tenant save in a transaction"
This reverts commit da6dec5a614bffb19704marc.schmitt@risson.space >
* why not
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* remove failfast
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove postgres query logging
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update reconcile logic to clearly differentiate between tenant and global
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix reconcile app decorator
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* enable django checks
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* actually nodata was unnecessary as we're cloning from template and not from public
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* pylint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* update django-tenants with sequence fix
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* actually update
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix e2e tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add tests for settings api
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add tests for recovery api
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* recovery tests: do them on a new tenant
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* web: fix system status being degraded when embedded outpost is disabled
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix recovery tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix tenants tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint-fix
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint-fix
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* update UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add management command to create a tenant
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add docs
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* release notes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* more docs
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* checklist
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* self review
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* spelling
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* make web after upgrading
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* remove extra xlif file
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* prettier
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Revert "add management command to create a tenant"
This reverts commit 39d13c0447jens@goauthentik.io >
* rewite some things on the release notes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* root: make sure install_id comes from public schema
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* require a license to use tenants
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix tenants tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix files migration
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* release notes: add warning about user sessions being invalidated
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* remove api disabled test, we can't test for it
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
---------
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2024-01-23 14:28:06 +01:00
6649f7ab72
providers/oauth2: fix CVE-2024-21637 ( #8104 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-01-09 18:14:12 +01:00
240cf6dd94
enterprise/providers: Add RAC [AUTH-15] ( #7291 )
...
* add basic guacamole
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make everything mostly work
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add rac build to CI
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix resize, fix web lint, sendSize correctly
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* pre-send connection from client, format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* improve throughput
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rework TokenOutpostConsumer into middleware
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix some layout issues
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add outpost controllers
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start testing audio things
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix a bunch of things
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add deps
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix to work with outpost group
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add simple loadbalancing
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add simple reconnect
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* show reconnecting text
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix error when checking ports
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* move to providers
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add flow check to interface
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix go lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix rac app label
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix audio
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add logging
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* allow overriding all settings
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix duplicate keyboard, debug high DPI
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-add deps
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix missing __init__.py breaking model loading
I love python
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* bump successful ws connection to info
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* hide cursor since guac draws that
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add clipboard support (bidirectional)
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make codespell not want to break the code
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* run pr comment in separate task
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start endpoint and property mapping stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more endpoint things
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated: fix event model_pk filtering with ints
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated: improve event display for changelog
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rebuild endpoint stuff again
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* idk special url
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more stuff, connect token with session
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add disconnect
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rework disconnect
cleanly disconnect from guacd instead of just letting the connection timeout
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* clear cache when creating outpost
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* support host:port and fix protocol
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* center smaller viewport
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rework connection to wait more and stop after some time
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add policy control to endpoints
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove provider protocol
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* don't switch to different outpost connection when already chosen
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start using property mappings, add static settings
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add some RAC mapping settings
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start adding tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add tests for event changes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add tests and fix issues found by said tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add preview banner, move endpoints to main page
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add locale
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* auto-select endpoint if only one is available
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* backport https://github.com/goauthentik/authentik/pull/7831 to rac
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* dont select property mappings on endpoints
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make table modal only load when opened
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* only auto-redirect when open
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix web deps
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* check for token expiry and terminate session
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-add endpoint name to title
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* disconnect connection when token is manually deleted
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add initial RAC docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add connection expiry setting to provider
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix flaky tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-12-30 21:33:14 +01:00
b88e39411c
security: fix CVE-2023-48228 ( #7666 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-11-21 18:10:07 +01:00
261879022d
security: fix oobe-flow reuse when akadmin is deleted ( #7361 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-10-28 21:24:06 +02:00
d9b3e307e3
website/docs: add 2023.10 release notes ( #7309 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-10-26 15:10:17 +02:00
84fdd3c750
website/docs: RBAC docs ( #7191 )
...
* draft rbac docs
* tweaks
* add a permissions topic
* tweaks
* more changes
* draft permissions topic
* more content on roles
* links
* typo
* more conceptual info
* Optimised images with calibre/image-actions
* more content on roles
* add more x-ref links
* fix links
* more content
* links
* typos
* polishing
* Update website/docs/user-group-role/access-control/permissions.md
Co-authored-by: Jens L. <jens@goauthentik.io >
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com >
* separwate conceptual vs procedural in permissions
* finished groups procedurals
* new page
* added link
* Update website/docs/user-group-role/access-control/permissions.md
Co-authored-by: Jens L. <jens@goauthentik.io >
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com >
* polish
* edits from PR review
* restructured view section to remove repetition
* rest of edits from PR review
* polished flows and stages
* polish
* typo
---------
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com >
Co-authored-by: Tana Berry <tana@goauthentik.io >
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
Co-authored-by: Jens L. <jens@goauthentik.io >
2023-10-26 12:31:32 +02:00
78af350610
website/docs: Balok pr for User docs ( #7139 )
...
* procedrual docs
* restructure
* new image, edit tweaks
* more tweaks
* edits
* edits for new button labels
* more content in invitations
* tweaks
* Optimised images with calibre/image-actions
* fixed link
* links
* ken's edits
* changed label name
* spelling checks
* fix links
* links again
* fighting with imports
* ugh
* add extensions back
* fix link
* tweak
* rename file again
* more links
* added punctuation
* use generated index
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Tana Berry <tana@goauthentik.io >
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2023-10-12 21:45:21 +02:00
782341441a
website: update 2023.8 release notes ( #6666 )
...
* update main release notes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update sidebar
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Apply suggestions from code review
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Jens L. <jens@beryju.org >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens L. <jens@beryju.org >
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
2023-08-29 19:57:14 +02:00
aa874dd92a
security: fix CVE-2023-39522 ( #6665 )
...
* stages/email: don't disclose whether a user exists or not when recovering
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update website
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-08-29 19:07:49 +02:00
87f65526e1
website/docs: Enterprise docs ( #6632 )
...
* new ent docs
* first drafts WIP
* Optimised images with calibre/image-actions
* more details added
* further updates
* tweaks
* better image
* Optimised images with calibre/image-actions
* fix typos
* final edits
* fixed formatting fail
---------
Co-authored-by: Tana Berry <tana@goauthentik.io >
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2023-08-29 16:57:29 +00:00
d9f13e89c6
website: update release notes ( #6590 )
...
* move 2023.7 to 2023.8
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* move version dropdown from navbar to sidebar, and only have it on applicable sites
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove title instead of just hiding it
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix some styling for the mobile navbar sidebar
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add social image
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Optimised images with calibre/image-actions
* fix website tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2023-08-22 13:03:11 +02:00
4693c50701
website/docs: Troubleshooting Whitelist Email and Web-Dev Setup Docs ( #6426 )
...
* Whitelist email troubleshooting docs
* update preview website command
* Update website/docs/troubleshooting/whitelist_email.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Sandeep Gadhiya <sandeepgadhiya22@gmail.com >
* Update website/docs/troubleshooting/whitelist_email.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Sandeep Gadhiya <sandeepgadhiya22@gmail.com >
* Update website/docs/troubleshooting/whitelist_email.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Sandeep Gadhiya <sandeepgadhiya22@gmail.com >
* Update website/docs/troubleshooting/whitelist_email.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Sandeep Gadhiya <sandeepgadhiya22@gmail.com >
* Update website/docs/troubleshooting/whitelist_email.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Sandeep Gadhiya <sandeepgadhiya22@gmail.com >
* refactor policies section
* refactor policies section
---------
Signed-off-by: Sandeep Gadhiya <sandeepgadhiya22@gmail.com >
Co-authored-by: sandeepgadhiya <sandeep.gadhiya@turtlemint.com >
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
2023-08-09 10:06:41 -05:00
cc6824fd7c
core: bump django from 4.1.7 to 4.2 ( #5238 )
...
* core: bump django from 4.1.7 to 4.2 (#5151 )
* core: bump django from 4.1.7 to 4.2
Bumps [django](https://github.com/django/django ) from 4.1.7 to 4.2.
- [Release notes](https://github.com/django/django/releases )
- [Commits](https://github.com/django/django/compare/4.1.7...4.2 )
---
updated-dependencies:
- dependency-name: django
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
* upgrade to psycopg3, use custom engine for prometheus metrics
See https://github.com/korfuri/django-prometheus/issues/350
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make scripts use pscopg3
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: dependabot[bot] <support@github.com >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start changelog
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* initial postgres upgrade guide
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Apply suggestions from code review
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Jens L. <jens@beryju.org >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update header
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: dependabot[bot] <support@github.com >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens L. <jens@beryju.org >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
2023-08-01 19:30:28 +02:00
33e7903699
website/docs: add architecture and persistence ( #6250 )
...
* website/docs: add architecture and persistence
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Apply suggestions from code review
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Jens L. <jens@beryju.org >
* Apply suggestions from code review
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Jens L. <jens@beryju.org >
* add note about kubernetes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* link to relevant parts
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens L. <jens@beryju.org >
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
2023-07-31 11:21:33 +02:00
87cc649e17
website: finalise 2023.6 release notes ( #6177 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-07-07 12:17:15 +02:00
d22d147c8e
security: fix CVE-2023-36456 ( #6171 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-07-06 18:16:26 +02:00
b0fbd576fc
security: cure53 fix ( #6039 )
...
* ATH-01-001: resolve path and check start before loading blueprints
This is even less of an issue since 411ef239f6jens@goauthentik.io >
* ATH-01-010: fix missing user filter for webauthn device
This prevents an attack that is only possible when an attacker can intercept HTTP traffic and in the case of HTTPS decrypt it.
* ATH-01-008: fix web forms not submitting correctly when pressing enter
When submitting some forms with the Enter key instead of clicking "Confirm"/etc, the form would not get submitted correctly
This would in the worst case is when setting a user's password, where the new password can end up in the URL, but the password was not actually saved to the user.
* ATH-01-004: remove env from admin system endpoint
this endpoint already required admin access, but for debugging the env variables are used very little
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* ATH-01-003 / ATH-01-012: disable htmlLabels in mermaid
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* ATH-01-005: use hmac.compare_digest for secret_key authentication
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* ATH-01-009: migrate impersonation to use API
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* ATH-01-010: rework
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* ATH-01-014: save authenticator validation state in flow context
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
bugfixes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* ATH-01-012: escape quotation marks
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add website
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update release ntoes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update with all notes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-06-22 22:25:04 +02:00
b4a3b266b3
website/docs: clarify troubleshooting headlines and order ( #5696 )
...
* website/docs: clarify troubleshooting headlines and order
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Update website/docs/troubleshooting/login.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Jens L. <jens@beryju.org >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens L. <jens@beryju.org >
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
2023-05-19 15:54:04 +02:00
a58374f065
website/docs: add 2023.5 to release sidebar ( #5631 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-05-16 14:12:30 +02:00
8356ceaead
website/docs: added info about how to upgrade ( #5589 )
...
added info about how to upgrade
Co-authored-by: Tana Berry <tana@goauthentik.io >
2023-05-12 10:25:26 -05:00
e75e2cf324
website/docs: flow context docs ( #5243 )
...
* add flow context docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* cleanup some redundant things
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* added more section headers
* tweaked new headings
* Apply suggestions from code review
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Jens L. <jens@beryju.org >
* add more keys, use dedicated prefix for internal keys
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* set toc_max_heading_level: 5
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update datatypes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more consistent header
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more fixes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Update website/docs/flow/context/index.md
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com >
* Update website/docs/flow/context/index.md
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com >
* Update website/docs/flow/context/index.md
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens L. <jens@beryju.org >
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com >
Co-authored-by: Tana Berry <tana@goauthentik.io >
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
2023-04-20 17:31:34 +00:00
67644ace87
website/docs: prepare 2023.4 release notes ( #5223 )
...
* website/docs: prepare 2023.4 release notes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add prompt preview
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Apply suggestions from code review
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Jens L. <jens@beryju.org >
* Update website/docs/releases/2023/v2023.4.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Jens L. <jens@beryju.org >
* add new release to sidebar
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens L. <jens@beryju.org >
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
2023-04-13 14:11:46 +02:00
3f5effb1bc
providers/radius: simple radius outpost ( #1796 )
...
* initial implementation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add migrations
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix web
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* minor fixes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use search-select
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update locale
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fixup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix ip with port being sent to delegated ip
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add radius tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-03-20 16:54:35 +01:00
eaf56f4f3f
stages/user_login: stay logged in ( #4958 )
...
* add initial remember me offset
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add to go executor
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add ui for user login stage
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-03-15 20:21:05 +01:00
095850f038
website/docs: add new release to sidebar, cleanup ( #4926 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-03-13 19:04:25 +01:00
bf7dc5df78
website/docs: separate pages for each webserver ( #4911 )
...
* website/docs: separate pages for each webserver
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Apply suggestions from code review
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Jens L. <jens@beryju.org >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens L. <jens@beryju.org >
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
2023-03-13 17:29:51 +01:00
b6b820f6f1
web: toggle dark/light theme manually ( #4876 )
2023-03-09 23:17:53 +01:00
28ddeb124f
providers: SCIM ( #4835 )
...
* basic user sync
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add group sync and some refactor
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start API
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* allow null authorization flow
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make task monitored
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add missing dependency
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make authorization_flow required for most providers via API
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make task result better readable, exclude anonymous user
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add task UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add scheduled task for all sync
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make scim errors more readable
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add mappings, migrate to mappings
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add mapping UI and more
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add scim docs to web
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start implementing membership
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* migrate signals to tasks
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* migrate fully to tasks
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* strip none keys, fix lint errors
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix things
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start adding tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix saml
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add scim schemas and validate against it
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* improve error handling
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add group put support, add group tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* send correct application/scim+json headers
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* stop sync if no mappings are confiugred
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add test for task sync
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add membership tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use decorator for tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make tests better
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-03-06 19:39:08 +01:00
972dce1462
security: fix CVE-2023-26481 ( #4832 )
...
fix CVE-2023-26481
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-03-02 20:15:33 +01:00
fc9ae9e938
website: include 2023.2 in sidebar
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-02-14 13:17:55 +01:00
cadb710c38
website/docs: add troubleshooting for CSRF
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-02-02 11:09:03 +01:00
26f9bbeefa
website/docs: add 2023.1 to sidebar
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-01-18 16:36:03 +01:00
c73fce4f58
sources/ldap: manual import ( #4456 )
...
* events: fix task UID
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add ldap sync command
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-01-17 12:21:33 +01:00
cd12e177ea
providers/proxy: add initial header token auth ( #4421 )
...
* initial implementation
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* check for openid/profile claims
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* include jwks sources in proxy provider
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add web ui for jwks
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* only show sources with JWKS data configured
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix introspection tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start basic
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add basic auth
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add docs, update admonitions
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add client_id to api, add tab for auth
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update locale
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-01-13 16:22:03 +01:00
1efc7eecbf
website/docs: add metrics for monitoring and metrics
...
closes #4308
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2023-01-04 20:49:35 +01:00
dc1359a763
providers/saml: initial SLO implementation ( #2346 )
...
* providers/saml: initial SLO implementation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* providers/saml: add logout request tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* providers/saml: add tests for POST SLO
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* matrix e2e tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix import
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* set e2e matrix name
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix imports
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* separate oidc and oauth tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add basic saml slo e2e tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add better metadata download url
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* kinda prepare release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* sort releases into folders
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add slo urls to website
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix linking
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add api tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* update docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2023-01-04 19:45:31 +01:00
9f846d94be
security: fix CVE 2022 23555 ( #4274 )
...
* add flow to invitation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* show warning on invitation page
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add security advisory
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-12-23 14:13:49 +01:00
84fbeb5721
security: fix CVE 2022 46172 ( #4275 )
...
* fallback to current user in user_write, add flag to disable user creation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* update api and web ui
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* update default flows
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add cve post to website
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-12-23 14:12:58 +01:00
f4990bb5da
core: bundle geoip ( #4250 )
...
* bundle geoip
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* correctly pass secrets
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add geoip docs and release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-12-20 22:09:30 +01:00
db95dfe38d
security: fix CVE 2022 46145 ( #4140 )
...
* add flow authentication requirement
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add website for cve
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* flows: handle FlowNonApplicableException without policy result
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-12-02 16:14:25 +01:00
147ebf1a5e
root: rework and expand security policy
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-11-28 12:10:53 +01:00
1efc0c1242
website/docs: update changelog
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-11-21 19:37:28 +01:00
a359184f29
website/docs: add 2022.10 to sidebar
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-10-21 19:42:22 +02:00
10cfccd999
website/docs: add General Setup instructions for LDAP Provider ( #3680 )
...
* Added General Setup instructions for LDAP Provider
* Added General Setup instructions for LDAP Provider and updated relative links
* updated LDAP Outpost note verbiage
* Corrected the case for LDAP and renamed to Generic Setup
* removed ldapsearch example from index page
* updated verbiage around multifactor authentication
* removed note about local LDAP provider
* updated sidebar to reflect generic_setup
* updated logging info
* corrected typo
* updated stage creation instructions and screenshot
* corrected another typo
* corrected another typo
* reword some things
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-10-16 14:57:57 +00:00
8ed2f7fe9e
providers/oauth2: add device flow ( #3334 )
...
* start device flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* web: fix inconsistent app filtering
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add tenant device code flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add throttling to device code view
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* somewhat unrelated changes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add initial device code entry flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add finish stage
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* it works
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add support for verification_uri_complete
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add some tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add more tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-10-11 12:42:10 +02:00
b16a3d5697
internal: use config system for workers/threads, document the settings ( #3626 )
...
use config system for workers/threads, document the settings
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-09-21 09:59:03 +02:00
