5b66dbe890
flows: provider invalidation ( #5048 )
...
* add initial
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add web stage for session end
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* migrate saml and tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* group flow settings when providers have multiple flows
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* adjust name for default provider invalidation
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-make migrations
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add invalidation_flow to saml importer
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-do migrations again
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update web stuff to get rid of old libraries
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make unbind flow for ldap configurable
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated: fix flow inspector
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* handle invalidation_flow as optional, as it should be
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* also fix ldap outpost
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* don't generate URL in client
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* actually make it work???
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix migration breaking things...?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start fixing tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix fallback
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-migrate
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix duplicate flow setting
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add migration
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix race condition with brand
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix oauth test
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix SAML tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add to wizard, fix required
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make required, start release notes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-10-14 15:35:12 +02:00
8886532ed6
providers/ldap: fix incorrect permission check for search access ( #11217 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-09-05 01:19:11 +02:00
8f53d0b9f3
providers/ldap: Remove search group ( #10639 )
...
* remove search_group
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make api operations cleaerer
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix migration
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* actually use get
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use correct api client for ldap
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix migration
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated: fix migration warning
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated: fix styling issue in dark mode
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated-ish fix button order in wizard
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated: fix missing css import
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Optimised images with calibre/image-actions
* Update index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Jens L. <jens@beryju.org >
* Update index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Jens L. <jens@beryju.org >
* Apply suggestions from code review
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Jens L. <jens@beryju.org >
* update release notes based on new template
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens L. <jens@beryju.org >
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
2024-08-14 16:31:11 +02:00
3f43ff22a8
outpost: improved set secret answers for flow execution ( #8013 )
...
* outpost/radius: set mfa answer for noncode-based mfa
* refactor CheckPasswordInlineMFA to SetSecrets
* small style changes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2024-03-15 18:05:44 +01:00
4080080acd
internal: remove deprecated metrics ( #7540 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-11-13 14:48:37 +01:00
8aafa06259
providers/radius: TOTP MFA support ( #7217 )
...
* move CheckPasswordMFA to flow executor
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add mfa support field to radius
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-10-18 19:43:36 +02:00
a2714ab1f1
outposts: make metrics compliant with Prometheus best-practices ( #6398 )
...
web/outpost: make metrics compliant with Prometheus best-practices
Today, all NewHistogramVec store values in nanoseconds without changing
the default histogram bucket, which are made for seconds, making them
a bit useless. In addition, some metrics names are not self-explanatoryand
and do not comply with Prometheus best practices.
This commit tries to fix all of this "issues".
NOTE: I kept old metrics in order to avoid breaking changes with
existing dashboards and metrics.
Signed-off-by: Alexandre NICOLAIE <xunleii@users.noreply.github.com >
2023-07-27 18:51:08 +02:00
ad81ee2740
providers/ldap: fix inconsistent saving of user flags on failed cached binds ( #6096 )
...
* feat: assign invalid pk and check
* fix: only set flags if they don't exist
* fix: userinfo not being set if data is available
* minor cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2023-06-29 16:57:46 +02:00
01311929d1
providers/ldap: improve password totp detection ( #6006 )
...
* providers/ldap: improve password totp detection
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add flag for totp mfa support
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* keep support for static tokens
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix migrations
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-06-20 12:09:13 +02:00
54ef88a6fa
providers/ldap: rework Schema and DSE ( #5838 )
...
* rework Root DSE
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* always parse filter objectClass
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start adding LDAP Schema
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add more schema
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update schema more
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix cn for schema
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* only include main DN in namingContexts
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use schema from gh
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add description
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add response filtering
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix response filtering
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* don't return rootDSE entry when searching for singleLevel
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove currentTime
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix attribute filtering
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* set SINGLE-VALUE
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix numbers
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-06-08 15:16:40 +02:00
0ce41a1b2d
providers/ldap: add StartTLS support ( #5861 )
...
* providers/ldap: add StartTLS support
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add starttls test
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update form and docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-add tls server name
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update release notes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-06-06 21:40:19 +02:00
4d58eba027
core: bump github.com/getsentry/sentry-go from 0.20.0 to 0.21.0 ( #5548 )
...
* core: bump github.com/getsentry/sentry-go from 0.20.0 to 0.21.0
Bumps [github.com/getsentry/sentry-go](https://github.com/getsentry/sentry-go ) from 0.20.0 to 0.21.0.
- [Release notes](https://github.com/getsentry/sentry-go/releases )
- [Changelog](https://github.com/getsentry/sentry-go/blob/master/CHANGELOG.md )
- [Commits](https://github.com/getsentry/sentry-go/compare/v0.20.0...v0.21.0 )
---
updated-dependencies:
- dependency-name: github.com/getsentry/sentry-go
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: dependabot[bot] <support@github.com >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2023-05-09 11:22:57 +02:00
a9b32e2f97
providers/ldap: add unbind flow execution ( #4484 )
...
add unbind flow execution
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-01-23 20:36:30 +01:00
bd0ef69ece
outposts/ldap: decrease verbosity
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-01-17 11:12:31 +01:00
14a7c9f967
internal: fix outposts not logging flow execution errors correctly
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-08-31 23:03:57 +02:00
bb244b8338
providers/ldap: fix session cache being lost on provider refresh
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-06-04 18:03:00 +02:00
3eb466ff4b
lifecycle: cleanup prometheus ( #2972 )
...
* remove high cardinality labels
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* retry worker number for prometheus multiprocess id
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* revert to pid, use subdirectories
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* cleanup more
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* use worker id based off of https://github.com/benoitc/gunicorn/issues/1352
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix missing app label
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* tests/e2e: remove static names
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-05-29 21:45:25 +02:00
5c91658484
internal: fix nil pointer dereference in ldap outpost
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-05-21 15:48:50 +02:00
25a4310bb1
internal: use Expires not MaxAge for LDAP session
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-05-11 10:04:32 +02:00
ab2299ba1e
outposts/ldap: cached bind ( #2824 )
...
* initial cached ldap bind support
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add web
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* clean up api generation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* use gh action for golangci-lint
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-05-08 16:48:53 +02:00
62a939b91d
internal: bump api client to v3
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-03-03 10:40:07 +01:00
947ecec02b
outposts/ldap: Fix more case sensitivity issues. ( #2144 )
2022-01-25 11:27:27 +01:00
884c546f32
outposts: clean up flow executor
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2021-12-24 19:52:19 +01:00
7d6e88061f
outposts: check if hub from context is set and fallback
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2021-12-16 11:19:57 +01:00
f8aab40e3e
internal: cleanup duplicate and redundant code, properly set sentry SDK scope settings
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2021-12-16 11:00:19 +01:00
5a8c66d325
providers/ldap: memory Query ( #1681 )
...
* outposts/ldap: modularise ldap outpost, to allow different searchers and binders
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* outposts/ldap: add basic in-memory searcher
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* providers/ldap: add search mode field
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* outpost: add search mode field
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2021-11-05 10:37:30 +01:00
