* main: (22 commits)
lifecycle: fix missing krb5 deps for full testing in image (#11815)
translate: Updates for file web/xliff/en.xlf in zh-Hans (#11810)
translate: Updates for file locale/en/LC_MESSAGES/django.po in zh-Hans (#11809)
translate: Updates for file locale/en/LC_MESSAGES/django.po in zh_CN (#11808)
web: bump API Client version (#11807)
core: bump goauthentik.io/api/v3 from 3.2024083.12 to 3.2024083.13 (#11806)
core: bump ruff from 0.7.0 to 0.7.1 (#11805)
core: bump twilio from 9.3.4 to 9.3.5 (#11804)
core, web: update translations (#11803)
providers/scim: handle no members in group in consistency check (#11801)
stages/identification: add captcha to identification stage (#11711)
website/docs: improve root page and redirect (#11798)
providers/scim: clamp batch size for patch requests (#11797)
web/admin: fix missing div in wizard forms (#11794)
providers/proxy: fix handling of AUTHENTIK_HOST_BROWSER (#11722)
core, web: update translations (#11789)
core: bump goauthentik.io/api/v3 from 3.2024083.11 to 3.2024083.12 (#11790)
core: bump gssapi from 1.8.3 to 1.9.0 (#11791)
web: bump API Client version (#11792)
stages/authenticator_validate: autoselect last used 2fa device (#11087)
...
* add captcha to identification stage
* simplify component invocations
* fail fast on `onTokenChange` default behavior
* reword docs
* rename `token` to `captcha_token` in Identification stage contexts
(In Captcha stage contexts the name `token` seems well-scoped.)
* use `nothing` instead of ``` html`` ```
* remove rendered Captcha component from document flow on Identification stages
Note: this doesn't remove the captcha itself, if interactive, only the loading
indicator.
* add invisible requirement to captcha on Identification stage
* stylize docs
* add friendlier error messages to Captcha stage
* fix tests
* make captcha error messages even friendlier
* add test case to retriable captcha
* use default
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
* authenticator_validate: autoselect last used device class
* improve usability of `AuthenticatorValidationStage`
* don't automatically offer the recovery key authenticator validation
I believe this could confuse users more than help them
* web: move mutator block into the `willUpdate` override
Removed the section of code from the renderer that updates the state of the component;
Mutating in the middle of a render is strongly discouraged. This block contains an
algorithm for determining if the selectedDeviceChallenge should be set and how; since
`selectedDeviceChallenge` is a state, we don't want to be changing it outside of those
lifecycle methods that do not trigger a rerender.
* web: move styles() to top of class, extract custom CSS to a named block.
* lint: collapse multiple early returns, missing curly brace.
* autoselect device only once even if the user only has 1 device
* make `DeviceChallenge.last_used` nullable instead of optional
* clarify button text
* fix typo
* add docs for automatic device selection
* update docs
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com>
* fix punctuation
---------
Signed-off-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com>
Co-authored-by: Ken Sternberg <ken@goauthentik.io>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
* main:
web/admin: Add InvalidationFlow to Radius Provider dialogues (#11786)
core, web: update translations (#11782)
providers/oauth2: fix amr claim not set due to login event not associated (#11780)
web: Add InvalidationFlow to Radius Provider dialogues
## What
- Bugfix: adds the InvalidationFlow to the Radius Provider dialogues
- Repairs: `{"invalidation_flow":["This field is required."]}` message, which was *not* propagated
to the Notification.
- Nitpick: Pretties `?foo=${true}` expressions: `s/\?([^=]+)=\$\{true\}/\1/`
## Note
Yes, I know I'm going to have to do more magic when we harmonize the forms, and no, I didn't add the
Property Mappings to the wizard, and yes, I know I'm going to have pain with the *new* version of
the wizard. But this is a serious bug; you can't make Radius servers with *either* of the current
dialogues at the moment.
* main: (44 commits)
web/admin: add strict dompurify config for diagram (#11783)
core: bump cryptography from 43.0.1 to 43.0.3 (#11750)
web: bump API Client version (#11781)
sources: add Kerberos (#10815)
root: rework CSRF middleware to set secure flag (#11753)
web/admin: improve invalidation flow default & field grouping (#11769)
providers/scim: add comparison with existing group on update and delta update users (#11414)
website: bump mermaid from 10.6.0 to 10.9.3 in /website (#11766)
web/flows: use dompurify for footer links (#11773)
core, web: update translations (#11775)
core: bump goauthentik.io/api/v3 from 3.2024083.10 to 3.2024083.11 (#11776)
website: bump @types/react from 18.3.11 to 18.3.12 in /website (#11777)
website: bump http-proxy-middleware from 2.0.6 to 2.0.7 in /website (#11771)
web: bump API Client version (#11770)
stages: authenticator_endpoint_gdtc (#10477)
core: add prompt_data to auth flow (#11702)
tests/e2e: fix dex tests failing (#11761)
web/rac: disable DPI scaling (#11757)
web/admin: update flow background (#11758)
website/docs: fix some broken links (#11742)
...
- Pull the OAuth2 Provider Form `render()` method out into a standalone function.
- Why: So it can be shared by both the Wizard and the Provider function. The renderer is (or at
least, can be) a pure function: you give it input and it produces HTML, *and then it stops*.
- Provide a test harness that can test the OAuth2 provider form.
* Added tests and refinements as tests indicate.
* Building out the test suite.
* web: test the simple things. Fix what the tests revealed.
- Move `EmptyState.test.ts` into the `./tests` folder.
- Provide unit tests for:
- Alert
- Divider
- Expand
- Label
- LoadingOverlay
- Give all tested items an Interface and a functional variant for rendering
- Give Label an alternative syntax for declaring alert levels
- Remove the slot name in LoadingOverlay
- Change the slot call in `./enterprise/rac/index.ts` to not need the slot name as well
- Change the attribute names `topMost`, `textOpen`, and `textClosed` to `topmost`, `text-open`, and
`text-closed`, respectively.
- Change locations in the code where those are used to correspond
** Why interfaces: **
Provides another check on the input/output boundaries of our elements, gives Storybook and
WebdriverIO another validation to check, and guarantees any rendering functions cannot be passed
invalid property names.
** Why functions for rendering: **
Providing functions for rendering gets us one step closer to dynamically defining our forms-in-code
at runtime without losing any type safety.
** Why rename the attributes: **
A *very* subtle bug:
[Element:setAttribute()](https://developer.mozilla.org/en-US/docs/Web/API/Element/setAttribute)
automatically "converts an attribute name to all lower-case when called on an HTML element in an
HTML document." The three attributes renamed are all treated *as* attributes, either classic boolean
or stringly-typed attributes, and attempting to manipulate them with `setAttribute()` will fail.
All of these attributes are presentational; none of them end up in a transaction with the back-end,
so kebab-to-camel conversions are not a concern.
Also, ["topmost" is one word](https://www.merriam-webster.com/dictionary/topmost).
** Why remove the slot name: **
Because there was only one slot. A name is not needed.
* Fix minor spelling error.
* First pass at a custom, styled input object.
* .
* web: Demo the simple things. Fix things the Demo says need fixing.
- Move the Element's stories into a `./stories` folder
- Provide stories for (these are the same ones "provided tests for" in the [previous
PR](https://github.com/goauthentik/authentik/pull/11633))
- Alert
- Divider
- Expand
- Label
- LoadingOverlay
- Provide Storybook documentation for:
- AppIcon
- ActionButton
- AggregateCard
- AggregatePromiseCard
- QuickActionsCard
- Alert
- Divider
- EmptyState
- Expand
- Label
- LoadingOverlay
- ApplicationEmptyState
- Fix a bug in LoadingOverlay; naming error in nested slots caused any message attached to the
overlay to not sow up correctly.
- Revise AppIcon to be independent of authentik; it just cares if the data has a name or an icon
reference, it does not need to know about `Application` objects. As such, it's an *element*, not a
*component*, and I've moved it into the right location, and updated the few places it is used to
match.
* Prettier has opinions with which I sometimes diverge.
* Found a bug! Although pf-m-xl was defined as a legal size, there was no code to handle drawing something XL!
* Found a few typos and incorrect API descriptions.
