8e72fcab59 
					 
					
						
						
							
							release: 2023.10.2  
						
						
						
						
					 
					
						2023-10-28 21:43:54 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						7d91842e8a 
					 
					
						
						
							
							providers/proxy: attempt to fix duplicate cookie ( #7324 )  
						
						... 
						
						
						
						Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-10-27 00:41:13 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						64c38909ff 
					 
					
						
						
							
							release: 2023.10.1  
						
						
						
						
					 
					
						2023-10-26 20:06:05 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						ed46fd629e 
					 
					
						
						
							
							release: 2023.10.0  
						
						
						
						
					 
					
						2023-10-26 16:51:57 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						8aafa06259 
					 
					
						
						
							
							providers/radius: TOTP MFA support ( #7217 )  
						
						... 
						
						
						
						* move CheckPasswordMFA to flow executor
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add mfa support field to radius
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-10-18 19:43:36 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						e28babb0b8 
					 
					
						
						
							
							core: Initial RBAC ( #6806 )  
						
						... 
						
						
						
						* rename consent permission
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* the user version
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
t
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* initial role
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start form
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* some minor table refactoring
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix user, add assign
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add roles ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix backend
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add assign API for roles
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start adding toggle buttons
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start view page
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* exclude add_ permission for per-object perms
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* small cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add permission list for roles
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make sidebar update
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix page header not re-rendering?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fixup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add search
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* show first category in table groupBy except when its empty
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make model and object PK optional but required together
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* allow for setting global perms
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* exclude non-authentik permissions
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* exclude models which aren't allowed (base models etc)
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* ensure all models have verbose_name set, exclude some more internal objects
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* lint fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix role perm assign
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add unasign for global perms
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add meta changes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* clear modal state after submit
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add roles to our group
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix duplicate url names
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make recursive group query more usable
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add name field to role itself and move group creation to signal
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start sync
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* move rbac stuff to separate django app
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix lint and such
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix go
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start API changes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add more API tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make admin interface not require superuser for now, improve error handling
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* replace some IsAdminUser where applicable
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* migrate flow inspector perms to actual permission
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix license not being a serializermodel
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add permission modal to models without view page
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add additional permissions to assign/unassign permissions
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add action to unassign user permissions
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add permissions tab to remaining view pages
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix flow inspector permission check
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix codecov config?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add more API tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* ensure viewsets have an order set
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* hopefully the last api name change
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make perm modal less confusing
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start user view permission page
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* only make delete bulk form expandable if usedBy is set
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* expand permission tables
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add more things
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add user global permission table
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests' url names
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add tests for assign perms
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add unassign tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rebuild permissions
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* prevent assigning/unassigning permissions to internal service accounts
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* only enable default api browser in debug
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix role object permissions showing duplicate
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix role link on role object permissions table
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix object permission modal having duplicate close buttons
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* return error if user has no global perm and no object perms
also improve error display on table
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* small optimisation
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* optimise even more
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update locale
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add system permission for non-object permissions
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* allow access to admin interface based on perm
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* clean
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* don't exclude base models
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-10-16 17:31:50 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						dd7d3bf738 
					 
					
						
						
							
							providers/proxy: fix redis cookies missing strict path ( #7135 )  
						
						... 
						
						
						
						Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-10-10 12:17:35 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						a22bc5a261 
					 
					
						
						
							
							lifecycle: fix install_id migration not running ( #7116 )  
						
						... 
						
						
						
						* lifecycle: fix install_id migration not running
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix ldap test?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* idk if this works
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-10-09 19:52:06 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						f11bb8bfd4 
					 
					
						
						
							
							providers/ldap: add windows adsi support ( #7098 )  
						
						... 
						
						
						
						* fix(outpost/ldap): missing user object classes
* add "person" object class
* update user object classes
* update boolean strings to upper for being compliant
tags: WIP-LDAP-Outpost-Windows-ADSI-Support
* feat(outpost/ldap): add subschema attributes
* add supported capability OIDs for Windows
* add relevant supported ldap control OIDs
tags: WIP-LDAP-Outpost-Windows-ADSI-Support
* feat(outpost/ldap): update schema for windows Compatibility
* add relevant dITContentRules for authentik
* add all existing attribute types for Windows/Unix/Linux
* add missing object classes definitions
* update classes definitions for being compliant with LDAP schema
* update attributes orders
tags: WIP-LDAP-Outpost-Windows-ADSI-Support
* feat(outpost/ldap): refine LDAP attribute types
* remove unsused attribute types
* order attribute types
tags: WIP-LDAP-Outpost-Windows-ADSI-Support 
						
						
					 
					
						2023-10-09 13:17:46 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						4db365c947 
					 
					
						
						
							
							providers/proxy: improve SLO by backchannel logging out sessions ( #7099 )  
						
						... 
						
						
						
						* outposts: add support for provider-specific websocket messages
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* providers/proxy: add custom signal on logout to logout in provider
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-10-09 01:06:52 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						efb2823391 
					 
					
						
						
							
							internal: fix redis session store ( #7011 )  
						
						
						
						
					 
					
						2023-09-28 21:06:27 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						4a434d581d 
					 
					
						
						
							
							root: handle SIGHUP and SIGUSR2, healthcheck gunicorn ( #6630 )  
						
						... 
						
						
						
						Co-authored-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-09-27 11:34:29 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						c93c6ee6f9 
					 
					
						
						
							
							root: replace boj/redistore with vendored version of rbcervilla/redisstore ( #6988 )  
						
						... 
						
						
						
						* root: replace boj/redistore with vendored version of rbcervilla/redisstore
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* setup env for go tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-09-26 18:56:37 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						5b6fb4a05a 
					 
					
						
						
							
							Merge branch 'version-2023.8'  
						
						... 
						
						
						
						Signed-off-by: Jens Langhammer <jens@goauthentik.io >
# Conflicts:
#	Dockerfile
#	poetry.lock
#	proxy.Dockerfile
#	web/src/admin/AdminInterface.ts
#	web/xliff/zh-Hans.xlf 
						
						
					 
					
						2023-09-11 22:04:23 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						f885f8c039 
					 
					
						
						
							
							release: 2023.8.3  
						
						
						
						
					 
					
						2023-09-11 18:55:08 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						fd561ac802 
					 
					
						
						
							
							root: connect to backend via socket ( #6720 )  
						
						... 
						
						
						
						* root: connect to gunicorn via socket
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* put socket in temp folder
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use non-socket connection for debug
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* don't hardcode local url
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix dev_server missing websocket
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* dedupe logging config between gunicorn and main app
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* slight refactor for proxy errors
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-09-02 17:58:37 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						97e4c8d5e2 
					 
					
						
						
							
							release: 2023.8.2  
						
						
						
						
					 
					
						2023-09-01 17:27:16 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						be3cfaee56 
					 
					
						
						
							
							release: 2023.8.1  
						
						
						
						
					 
					
						2023-08-30 00:31:45 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						bfa78afd54 
					 
					
						
						
							
							release: 2023.8.0  
						
						
						
						
					 
					
						2023-08-29 19:58:42 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						af200a6bf9 
					 
					
						
						
							
							web: cleanup ( #6664 )  
						
						... 
						
						
						
						* web: remove <p> used for padding and do it properly
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* web: remove .form-help-text as it didn't change anything
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* move data-list styling to correct scope
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove title from navbar for docs-only build
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-08-29 18:24:11 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						1410169af1 
					 
					
						
						
							
							providers/proxy: fix JWKS url in embedded outpost ( #6644 )  
						
						... 
						
						
						
						Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-08-28 00:52:01 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						9e29789c09 
					 
					
						
						
							
							root: fix config loading for outposts ( #6640 )  
						
						... 
						
						
						
						* root: fix config loading for outposts
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix error handling
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* improve check to see if outpost is embedded or not
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* also fix oauth url fetching
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-08-26 19:40:48 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						599f7e7c88 
					 
					
						
						
							
							root: config: remove redundant default configs  
						
						... 
						
						
						
						Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space > 
						
						
					 
					
						2023-08-26 02:41:37 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						e0a7d0b365 
					 
					
						
						
							
							root: config: config discovery parity between go and python  
						
						... 
						
						
						
						Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space > 
						
						
					 
					
						2023-08-26 02:41:37 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						f6b144a0fa 
					 
					
						
						
							
							providers/proxy: only intercept auth header when a value is set ( #6488 )  
						
						... 
						
						
						
						Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-08-06 01:18:20 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						0782b3b0fa 
					 
					
						
						
							
							providers/proxy: set outpost session cookie to httponly and secure wh… ( #6482 )  
						
						... 
						
						
						
						* providers/proxy: set outpost session cookie to httponly and secure when possible
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* set samesite too
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-08-05 22:09:27 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						a2714ab1f1 
					 
					
						
						
							
							outposts: make metrics compliant with Prometheus best-practices ( #6398 )  
						
						... 
						
						
						
						web/outpost: make metrics compliant with Prometheus best-practices
Today, all NewHistogramVec store values in nanoseconds without changing
the default histogram bucket, which are made for seconds, making them
a bit useless. In addition, some metrics names are not self-explanatoryand
and do not comply with Prometheus best practices.
This commit tries to fix all of this "issues".
NOTE: I kept old metrics in order to avoid breaking changes with
existing dashboards and metrics.
Signed-off-by: Alexandre NICOLAIE <xunleii@users.noreply.github.com > 
						
						
					 
					
						2023-07-27 18:51:08 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						41af486006 
					 
					
						
						
							
							enterprise: initial enterprise ( #5721 )  
						
						... 
						
						
						
						* initial
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add user type
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add external users
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add ui, add more logic, add public JWT validation key
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* revert to not use install_id as session jwt signing key
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix more
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* switch to PKI
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add more licensing stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add install ID to form
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix bugs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start adding tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fixes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use x5c correctly
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* license checks
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use production CA
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more UI stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rename to summary
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update locale, improve ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add direct button
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update link
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format and such
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove old attributes from ldap
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove is_enterprise_licensed
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix admin interface styling issue
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Update authentik/core/models.py
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Jens L. <jens@beryju.org >
* fix default case
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens L. <jens@beryju.org >
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com > 
						
						
					 
					
						2023-07-17 17:57:08 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						d6af506a78 
					 
					
						
						
							
							release: 2023.6.1  
						
						
						
						
					 
					
						2023-07-10 13:20:22 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						935821857a 
					 
					
						
						
							
							outposts/ldap: add more tests ( #6188 )  
						
						... 
						
						
						
						* outposts/ldap: add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix missing posixAccount
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* attempt to expand attributes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix routing without base DN
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more logging
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove our custom attribute filtering since this is done by the ldap library
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add test for schema
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-07-09 15:11:00 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						7db9ced218 
					 
					
						
						
							
							release: 2023.6.0  
						
						
						
						
					 
					
						2023-07-07 13:43:16 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						d22d147c8e 
					 
					
						
						
							
							security: fix CVE-2023-36456 ( #6171 )  
						
						... 
						
						
						
						Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-07-06 18:16:26 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						ad81ee2740 
					 
					
						
						
							
							providers/ldap: fix inconsistent saving of user flags on failed cached binds ( #6096 )  
						
						... 
						
						
						
						* feat: assign invalid pk and check
* fix: only set flags if they don't exist
* fix: userinfo not being set if data is available
* minor cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-06-29 16:57:46 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						422b19df60 
					 
					
						
						
							
							release: 2023.5.4  
						
						
						
						
					 
					
						2023-06-26 23:33:04 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						01311929d1 
					 
					
						
						
							
							providers/ldap: improve password totp detection ( #6006 )  
						
						... 
						
						
						
						* providers/ldap: improve password totp detection
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add flag for totp mfa support
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* keep support for static tokens
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix migrations
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-06-20 12:09:13 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						54ef88a6fa 
					 
					
						
						
							
							providers/ldap: rework Schema and DSE ( #5838 )  
						
						... 
						
						
						
						* rework Root DSE
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* always parse filter objectClass
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start adding LDAP Schema
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add more schema
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update schema more
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix cn for schema
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* only include main DN in namingContexts
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use schema from gh
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add description
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add response filtering
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix response filtering
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* don't return rootDSE entry when searching for singleLevel
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove currentTime
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix attribute filtering
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* set SINGLE-VALUE
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix numbers
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-06-08 15:16:40 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						0ce41a1b2d 
					 
					
						
						
							
							providers/ldap: add StartTLS support ( #5861 )  
						
						... 
						
						
						
						* providers/ldap: add StartTLS support
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add starttls test
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update form and docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-add tls server name
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update release notes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-06-06 21:40:19 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						5d87eb97be 
					 
					
						
						
							
							outposts/ldap: fix race condition when refreshing the provider  
						
						... 
						
						
						
						Fixes the race condition causing the crash found in #4138 , which doesn't
actually have anything to do with the issue itself.
As far as I can work out, when the outpost refreshes its list of
providers, it copies over its `boundUsers`, probably to avoid having to
fetch them all again, and does so by making a shallow copy of that
`map`, but not the mutex associated with it. It now has multiple
references to the same map, each protected by a different mutex, which
under certain conditions can cause a `concurrent map read and map write`
error.
This fix copies the map contents instead of make a shallow copy.
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space > 
						
						
					 
					
						2023-06-02 15:42:19 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						be85eecac5 
					 
					
						
						
							
							release: 2023.5.3  
						
						
						
						
					 
					
						2023-06-01 19:35:13 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						5e5a74eebf 
					 
					
						
						
							
							release: 2023.5.2  
						
						
						
						
					 
					
						2023-05-26 23:54:12 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						6900ffffd8 
					 
					
						
						
							
							release: 2023.5.1  
						
						
						
						
					 
					
						2023-05-18 21:33:38 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						8faec99bd6 
					 
					
						
						
							
							release: 2023.5.0  
						
						
						
						
					 
					
						2023-05-16 14:00:48 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						906faf9cce 
					 
					
						
						
							
							providers/proxy: fix panic when claims in session were nil ( #5569 )  
						
						... 
						
						
						
						* providers/proxy: fix panic when claims in session were nil
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add new options
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-05-10 20:58:44 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						4d58eba027 
					 
					
						
						
							
							core: bump github.com/getsentry/sentry-go from 0.20.0 to 0.21.0 ( #5548 )  
						
						... 
						
						
						
						* core: bump github.com/getsentry/sentry-go from 0.20.0 to 0.21.0
Bumps [github.com/getsentry/sentry-go](https://github.com/getsentry/sentry-go ) from 0.20.0 to 0.21.0.
- [Release notes](https://github.com/getsentry/sentry-go/releases )
- [Changelog](https://github.com/getsentry/sentry-go/blob/master/CHANGELOG.md )
- [Commits](https://github.com/getsentry/sentry-go/compare/v0.20.0...v0.21.0 )
---
updated-dependencies:
- dependency-name: github.com/getsentry/sentry-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: dependabot[bot] <support@github.com >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-05-09 11:22:57 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						ab795e6642 
					 
					
						
						
							
							internal: ignore insecure TLS certs ( #5483 )  
						
						... 
						
						
						
						* servers: ignore insecure TLS certs
* slight refactor to have a single place for tls config
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-05-05 15:57:52 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						b7b62ba089 
					 
					
						
						
							
							providers/ldap: correctly use pagination in search results in both modes ( #5492 )  
						
						... 
						
						
						
						closes  #4292 
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
					
						2023-05-05 15:51:02 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						5c8f024d12 
					 
					
						
						
							
							website: add documentation for AUTHENTIK_REDIS__TLS ( #5349 )  
						
						... 
						
						
						
						* website: add documentation for AUTHENTIK_REDIS__TLS
Signed-off-by: Bardi Harborow <bardi@bardiharborow.com >
* add tls reqs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Bardi Harborow <bardi@bardiharborow.com >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-04-23 11:37:53 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						bb92c4a967 
					 
					
						
						
							
							providers/ldap: remove deprecated fields ( #5154 )  
						
						... 
						
						
						
						* providers/ldap: remove deprecated fields
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update changelog
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-04-21 14:10:24 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						367f86ecfb 
					 
					
						
						
							
							root: optimise healthchecks ( #5337 )  
						
						... 
						
						
						
						* tests: remove redundant healthchecks
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* internal: do healthcheck within proxy instead of wget to use correct port
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tags
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-04-21 13:32:48 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						ce5f6d5d43 
					 
					
						
						
							
							release: Version 2023.4 ( #5283 )  
						
						... 
						
						
						
						* release: 2023.4.0
* release: 2023.4.1 
						
						
					 
					
						2023-04-18 10:45:17 +02:00