stages/identification: refresh captcha on failure (#13697)
* refactor cleanup behavior after stage form submit
* refresh captcha on failing Identification stage
* Revert "stages/identification: check captcha after checking authentication (#13533)"
This reverts commit b7beac6795.
Including a Captcha stage in an Identification stage is partially to
prevent password spraying attacks. The reverted commit negated this
feature to fix a UX bug. After 6fde42a9170, the functionality can now be
reinstated.
---------
Co-authored-by: Jens L. <jens@goauthentik.io>
Co-authored-by: Simonyi Gergő <gergo@goauthentik.io>
web/admin: reworked sync status card (#13625)
* reworked sync status
* update imports
* add story and fix import
* format
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L. <jens@goauthentik.io>
stages/email: Clean newline characters in TemplateEmailMessage (#13666)
* Clean new line characters in TemplateEmailMessage
* Use blankspace replace in names
* Use blankspace replace in names
Co-authored-by: Marcelo Elizeche Landó <marcelo@goauthentik.io>
providers/rac: fix signals and Endpoint caching (#13529)
* fix RAC signals
And possibly other things by not using `ManagedAppConfig`. This was
broken by 2128e7f45f.
* invalidate Endpoint cache on update or delete
This will result in more invalidations, but it will also fix some
invalid Endpoint instances from showing up in Endpoint lists.
Since an Endpoint can be tied to a Policy, some invalid results can
still show up if the result of the Policy changes (either because the
Policy itself changes or because data checked by that Policy changes).
Even with those potentially invalid results, I believe the caching
itself is advantageous as long as the API provides an option for
`superuser_full_list`.
Co-authored-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com>
web/admin: fix display bug for assigned users in application bindings in the wizard (#13435)
* web: Add InvalidationFlow to Radius Provider dialogues
## What
- Bugfix: adds the InvalidationFlow to the Radius Provider dialogues
- Repairs: `{"invalidation_flow":["This field is required."]}` message, which was *not* propagated
to the Notification.
- Nitpick: Pretties `?foo=${true}` expressions: `s/\?([^=]+)=\$\{true\}/\1/`
## Note
Yes, I know I'm going to have to do more magic when we harmonize the forms, and no, I didn't add the
Property Mappings to the wizard, and yes, I know I'm going to have pain with the *new* version of
the wizard. But this is a serious bug; you can't make Radius servers with *either* of the current
dialogues at the moment.
* This (temporary) change is needed to prevent the unit tests from failing.
\# What
\# Why
\# How
\# Designs
\# Test Steps
\# Other Notes
* Revert "This (temporary) change is needed to prevent the unit tests from failing."
This reverts commit dddde09be5.
* web/admin: fix display bug for assigned users in application bindings in the wizard
## What
Modifies the type-of-binding detection algorithm to check if there's a user field and
that it's a number.
## Why
The original type-of-binding detector checked if the field was set and asserted that it was a string
of at least one character. Unfortunately, this doesn't work for `user`, where the primary key is an
integer. Changing the algorithm to "It's really a string with something in it, *or* it's a number,"
works.
## Testing
- Ensure you have at least one user you can use, and that user has a username.
- Navigate through the Application Wizard until you reach the binding page.
- Create a user binding
- See that the user shows up in the table.
Co-authored-by: Ken Sternberg <133134217+kensternberg-authentik@users.noreply.github.com>
web/user: ensure modal container on user-settings page is min-height: 100% (#13402)
* web: Add InvalidationFlow to Radius Provider dialogues
## What
- Bugfix: adds the InvalidationFlow to the Radius Provider dialogues
- Repairs: `{"invalidation_flow":["This field is required."]}` message, which was *not* propagated
to the Notification.
- Nitpick: Pretties `?foo=${true}` expressions: `s/\?([^=]+)=\$\{true\}/\1/`
## Note
Yes, I know I'm going to have to do more magic when we harmonize the forms, and no, I didn't add the
Property Mappings to the wizard, and yes, I know I'm going to have pain with the *new* version of
the wizard. But this is a serious bug; you can't make Radius servers with *either* of the current
dialogues at the moment.
* This (temporary) change is needed to prevent the unit tests from failing.
\# What
\# Why
\# How
\# Designs
\# Test Steps
\# Other Notes
* Revert "This (temporary) change is needed to prevent the unit tests from failing."
This reverts commit dddde09be5.
* web/admin: ensure modal container on user-settings page is min-height: 100%
## What
Add a min-height and auto-scroll directives to the CSS for the main section of the user-settings
page.
```
+ .pf-c-page__main {
+ min-height: 100vw;
+ overflow-y: auto;
```
## Why
Without this, Safari refused to render any pop-up modals that were "centered" on the viewport but
were "beneath" the rendered content space of the container. As a result, users could not create new
access tokens or app passwords. This is arguably incorrect behavior on Safari's part, but 🤷♀️.
Adding `overflow-y: auto` on the container means that if the page is not long enough to host the
pop-up, it will be accessible via scrolling.
## Testing
- Using Safari, Visit the User->User Settings, click "Tokens and App Passwords" tab, and click
"Create Token" or "Create App Password"
- Observe that the dialog is now accessible.
## Related Issue:
- [Unable to create API token in Safari
#12891](https://github.com/goauthentik/authentik/issues/12891)
* Fix a really stupid typo.
Co-authored-by: Ken Sternberg <133134217+kensternberg-authentik@users.noreply.github.com>
