authentik

Author	SHA1	Message	Date
Jens L	42c21da8b6	blueprints: fix blueprint importer logging potentially sensitive data (#6567 )	2023-08-18 00:33:26 +01:00
Jens L	7b3d1a229f	stages/authenticator_static: make static token size adjustable (#6565 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-08-17 23:48:05 +02:00
Jens L	10b0c84d97	root: migrate bootstrap to blueprints (#6433 ) * remove old bootstrap Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add meta model to set user password Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ensure KeyOf works with objects in the state of created that already exist Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * migrate Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add support for shorter form !If tag Signed-off-by: Jens Langhammer <jens@goauthentik.io> * allow !Context to resolve other yaml tags Signed-off-by: Jens Langhammer <jens@goauthentik.io> * don't require serializer to be valid for deleting an object Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix check if a model is being created Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove duplicate way to set password Signed-off-by: Jens Langhammer <jens@goauthentik.io> * migrate token Signed-off-by: Jens Langhammer <jens@goauthentik.io> * only change what is required with migrations Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add description Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix admin status Signed-off-by: Jens Langhammer <jens@goauthentik.io> * expand tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * don't require bootstrap in events to fix ci? Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-07-31 19:34:46 +02:00
Jens L	5139656e95	blueprints: prevent duplicate password stage in default flow when using combined identification stage (#6432 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-07-31 13:42:35 +02:00
Jens L	b08f8d8e0c	api: re-fix url import logging (#6400 ) * fix logging Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove lib from apps lib doesn't declare any models, so it really doesn't need to be in there anyways? Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove lib from schema too Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-07-27 12:56:51 +02:00
Jens L	d50f92d8b4	enterprise: cleanup v2 (#6330 ) * cleanup minor stuff Signed-off-by: Jens Langhammer <jens@goauthentik.io> * change default user type to internal to be more consistent Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-07-21 18:23:51 +02:00
Jens L	2f469d2709	root: partial Live-updating config (#5959 ) * stages/email: directly use email credentials from config Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use custom database backend that supports dynamic credentials Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add crude config reloader Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make method names for CONFIG clearer Signed-off-by: Jens Langhammer <jens@goauthentik.io> * replace config.set with environ Not sure if this is the cleanest way, but it persists through a config reload Signed-off-by: Jens Langhammer <jens@goauthentik.io> * re-add set for @patch Signed-off-by: Jens Langhammer <jens@goauthentik.io> * even more crudeness Signed-off-by: Jens Langhammer <jens@goauthentik.io> * clean up some old stuff? Signed-off-by: Jens Langhammer <jens@goauthentik.io> * somewhat rewrite config loader to keep track of a source of an attribute so we can refresh it Signed-off-by: Jens Langhammer <jens@goauthentik.io> * cleanup old things Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix flow e2e Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-07-19 23:13:22 +02:00
Jens L	41af486006	enterprise: initial enterprise (#5721 ) * initial Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add user type Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add external users Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add ui, add more logic, add public JWT validation key Signed-off-by: Jens Langhammer <jens@goauthentik.io> * revert to not use install_id as session jwt signing key Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix more Signed-off-by: Jens Langhammer <jens@goauthentik.io> * switch to PKI Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add more licensing stuff Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add install ID to form Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix bugs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start adding tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fixes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use x5c correctly Signed-off-by: Jens Langhammer <jens@goauthentik.io> * license checks Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use production CA Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more UI stuff Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rename to summary Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update locale, improve ui Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add direct button Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update link Signed-off-by: Jens Langhammer <jens@goauthentik.io> * format and such Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove old attributes from ldap Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove is_enterprise_licensed Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix admin interface styling issue Signed-off-by: Jens Langhammer <jens@goauthentik.io> * Update authentik/core/models.py Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Jens L. <jens@beryju.org> * fix default case Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens L. <jens@beryju.org> Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>	2023-07-17 17:57:08 +02:00
Jens L	469899233a	policies/event_matcher: change empty values to null (#6032 ) * policies/event_matcher: change empty values to null Signed-off-by: Jens Langhammer <jens@goauthentik.io> * migrate old default values Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-06-21 15:49:46 +02:00
Jens L	01311929d1	providers/ldap: improve password totp detection (#6006 ) * providers/ldap: improve password totp detection Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add flag for totp mfa support Signed-off-by: Jens Langhammer <jens@goauthentik.io> * keep support for static tokens Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix migrations Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-06-20 12:09:13 +02:00
Jens L	05d73f688c	policies/event_matcher: add model filter (#5802 ) * policies/event_matcher: add model filter Signed-off-by: Jens Langhammer <jens@goauthentik.io> * cleanup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * improve logic Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove t`` Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-06-12 22:11:11 +02:00
ChandonPierre	029395d08b	sources/ldap: add support for cert based auth (#5850 ) * ldap: support cert based auth Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ldap: default sni switch to off * ldap: `get_info=NONE` on insufficient access error * fix: Make file locale script * ldap: add google ldap attribute mappings * ldap: move google secure ldap blueprint to examples Revert "ldap: add google ldap attribute mappings" This reverts commit 8a861bb92c1bd763b6e7ec0513f73b3039a1adb4. * ldap: remove `validate` for client cert auth not strictly necessary * ldap: write temp cert files more securely * ldap: use first array value for sni when provided csv input * don't specify tempdir we set $TMPDIR in the dockerfile Signed-off-by: Jens Langhammer <jens@goauthentik.io> * limit API to only allow certificate key pairs with private key Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use maxsplit Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update locale Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens L. <jens@goauthentik.io> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2023-06-12 15:41:44 +02:00
Jens L	f0619814f9	blueprints: allow setting user's passwords from blueprints (#5797 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-05-29 21:28:44 +02:00
Jens L	bb64fb1130	core: make groups field for user optional (#5702 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-05-21 15:19:05 +02:00
Jens L	5d5938c412	sources/saml: separate verification cert (#5699 ) * sources/saml: allow separate verification certificate to be specified Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add migration to keep current behaviour Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update strings Signed-off-by: Jens Langhammer <jens@goauthentik.io> * keep testing verification Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-05-21 14:42:17 +02:00
Jens L	f4b0d6e85c	providers/scim: default to None for fields instead of empty list (#5642 ) * providers/scim: default to None for fields instead of empty list Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make name of delete_none_keys clearer Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-05-17 00:25:28 +02:00
Jens L	c3398004ff	blueprints: add meta models to schema (#5611 ) these models were previously ignored Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-05-15 14:39:48 +02:00
Michael OBrien	eb071d4d90	providers/oauth2: add user UUID as subject option (#5556 ) * providers/oauth2: add user UUID as subject option * Added translations for new OAuth2 subject option	2023-05-10 17:50:13 +02:00
Jens L	92fd6a55db	blueprints: adjust wording on managed field (#5558 )	2023-05-09 23:41:42 +02:00
Jens L	5fd414576b	website: show all blog posts in sidebar (#5532 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-05-08 22:05:02 +02:00
Jens L	9f4be4d150	blueprints: support setting file URLs in blueprints (#5510 ) * blueprints: support setting file URLs in blueprints Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make new fields not required Signed-off-by: Jens Langhammer <jens@goauthentik.io> * include conditional fields in schema Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-05-08 15:07:00 +02:00
Jens L	53f827b54f	blueprints: specify schema for blueprint metadata (#5509 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-05-07 20:11:18 +02:00
Jens L	2a2e159a0d	blueprints: improve schema generation by including model schema (#5503 ) * blueprints: improve schema generation by including model schema Signed-off-by: Jens Langhammer <jens@goauthentik.io> * unset required Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add deps Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-05-07 12:32:01 +02:00
sdimovv	ee6edec1d8	stages/prompt: Add initial_data prompt field and ability to select a default choice for choice fields (#5095 ) * Added initial_value to model * Added initial_value to admin panel * Added initial_value support to flows; updated tests * Updated default blueprints * update docs * Fix test * Fix another test * Fix yet another test * Add placeholder migration * Remove unused import	2023-04-19 12:27:51 +02:00
Jens L	1d2725825c	providers/scim: add missing default fields (#5108 ) * providers/scim: add missing default fields Signed-off-by: Jens Langhammer <jens@goauthentik.io> #4554 * update tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-28 14:42:52 +02:00
Jens L	3f5effb1bc	providers/radius: simple radius outpost (#1796 ) * initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens@goauthentik.io> * cleanup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add migrations Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix web Signed-off-by: Jens Langhammer <jens@goauthentik.io> * minor fixes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use search-select Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update locale Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fixup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix ip with port being sent to delegated ip Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add radius tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-20 16:54:35 +01:00
Jens L	28ddeb124f	providers: SCIM (#4835 ) * basic user sync Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add group sync and some refactor Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start API Signed-off-by: Jens Langhammer <jens@goauthentik.io> * allow null authorization flow Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add UI Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make task monitored Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add missing dependency Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make authorization_flow required for most providers via API Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more UI Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make task result better readable, exclude anonymous user Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add task UI Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add scheduled task for all sync Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make scim errors more readable Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add mappings, migrate to mappings Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add mapping UI and more Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add scim docs to web Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start implementing membership Signed-off-by: Jens Langhammer <jens@goauthentik.io> * migrate signals to tasks Signed-off-by: Jens Langhammer <jens@goauthentik.io> * migrate fully to tasks Signed-off-by: Jens Langhammer <jens@goauthentik.io> * strip none keys, fix lint errors Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix things Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start adding tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix saml Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add scim schemas and validate against it Signed-off-by: Jens Langhammer <jens@goauthentik.io> * improve error handling Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add group put support, add group tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * send correct application/scim+json headers Signed-off-by: Jens Langhammer <jens@goauthentik.io> * stop sync if no mappings are confiugred Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add test for task sync Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add membership tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use decorator for tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make tests better Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-06 19:39:08 +01:00
Jens L	972dce1462	security: fix CVE-2023-26481 (#4832 ) fix CVE-2023-26481 Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-02 20:15:33 +01:00
Jens L	980320e24b	tests/e2e: use example blueprints for testing (#4805 ) * tests/e2e: use blueprints for testing Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add identification stage assignment Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add recovery flow tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-27 22:42:36 +01:00
Jens L	39d0893303	flows: change default flow stage binding settings (#4784 ) * flows: change default flow stage binding settings Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fallback to correct value Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-27 15:21:26 +01:00
Jens Langhammer	36229f4224	blueprints: improve error handling in example flow closes #4714 Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-23 16:57:46 +01:00
Jens L	80f4fccd35	providers/oauth2: OpenID conformance (#4758 ) * don't open inspector by default when debug is enabled Signed-off-by: Jens Langhammer <jens@goauthentik.io> * encode error in fragment when using hybrid grant_type Signed-off-by: Jens Langhammer <jens@goauthentik.io> * require nonce for all response_types that get an id_token from the authorization endpoint Signed-off-by: Jens Langhammer <jens@goauthentik.io> * don't set empty family_name Signed-off-by: Jens Langhammer <jens@goauthentik.io> * only set at_hash when response has token Signed-off-by: Jens Langhammer <jens@goauthentik.io> * cleaner way to get login time Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove authentication requirement from authentication flow Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use wrapper Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix auth_time not being handled correctly Signed-off-by: Jens Langhammer <jens@goauthentik.io> * minor cleanup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add test files Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove USER_LOGIN_AUTHENTICATED Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rework prompt=login handling Signed-off-by: Jens Langhammer <jens@goauthentik.io> * also set last login uid for max_age check to prevent double login when max_age and prompt=login is set Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-23 15:26:41 +01:00
Jens L	af43330fd6	providers/oauth2: rework OAuth2 Provider (#4652 ) * always treat flow as openid flow Signed-off-by: Jens Langhammer <jens@goauthentik.io> * improve issuer URL generation Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more refactoring Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update introspection Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more refinement Signed-off-by: Jens Langhammer <jens@goauthentik.io> * migrate more Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix more things, update api Signed-off-by: Jens Langhammer <jens@goauthentik.io> * regen migrations Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix a bunch of things Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start updating tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix implicit flow, auto set exp Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix timeozone not used correctly Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix revoke Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more timezone shenanigans Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix userinfo tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update web Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix proxy outpost Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix api tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix missing at_hash for implicit flows Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * re-include at_hash in implicit auth flow Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use folder context for outpost build Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-09 20:19:48 +01:00
Jens Langhammer	55782d3929	blueprints: don't update default tenant Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-31 15:17:05 +01:00
Jens L	53b65a9d1a	stages/prompt: field name (#4497 ) * add prompt field name Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove numerical prefix Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix missing name Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use text field Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add description label Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add migrate blueprint to remove old stages Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add task to remove unretrievable blueprints Signed-off-by: Jens Langhammer <jens@goauthentik.io> * lint Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix blueprint test paths Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * actually fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests even more Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix fixtures Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-24 12:23:22 +01:00
Jens Langhammer	813f70b806	blueprints: fix OOB email field overwriting user settings email field closes #4317 Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-18 19:40:47 +01:00
Jens L	f1b3598a0f	blueprints: don't set session_duration in default and example flows (#4448 ) closes #3944 Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-16 13:18:25 +01:00
Jens L	a960ce9454	stages/user_write: add more user creation options (#4367 ) * add more user creation options Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * update blueprints and docs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2023-01-05 15:46:20 +01:00
Jens L	e6b5810e03	polices/hibp: remove deprecated (#4363 ) * remove hibp Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * don't save event matcher apps in migrations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup migrations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * update docs, update some phrasing Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2023-01-05 13:19:26 +01:00
Jens Langhammer	97513467ad	blueprints: disallow flow token Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-29 21:54:56 +01:00
Jens L	84fbeb5721	security: fix CVE 2022 46172 (#4275 ) * fallback to current user in user_write, add flag to disable user creation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * update api and web ui Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * update default flows Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add cve post to website Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-23 14:12:58 +01:00
Jens Langhammer	042865c606	blueprints: add conditions to blueprint schema Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-21 18:59:17 +01:00
Jens Langhammer	3b973e12a4	blueprints: don't require auth on invalidation flow Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-19 10:33:54 +01:00
Jens L	db95dfe38d	security: fix CVE 2022 46145 (#4140 ) * add flow authentication requirement Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add website for cve Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * flows: handle FlowNonApplicableException without policy result Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add release notes Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-02 16:14:25 +01:00
Jens L	ab3d47c437	blueprints: add desired state attribute to objects (#4061 ) * add state attribute to delete objects Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add tests, move yaml from block to files Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add state to docs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * only try to format Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-22 14:27:20 +01:00
Jens L	363872715d	sources/saml: revamp SAML Source (#3785 ) * update saml source to use user connections, add all attributes to flow context Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * check for SAML Status in response, add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * package apple icon Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add webui for connections Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-14 17:04:47 +02:00
Jens Langhammer	493cdd5c0f	blueprints: fix example blueprints not explicitly setting placeholder_expression Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-09-14 21:54:24 +02:00
Jens Langhammer	5026cebf02	stages/consent: default to expiring consent instead of always_require Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-09-10 13:25:28 +02:00
Jens L	abca435337	blueprints: OCI registry support (#3500 ) * blueprints: add ability to load blueprints via OCI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add docs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix inheritance check for meta models Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add oci tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-08-30 14:08:26 +02:00
Jens L	54ba3e9616	blueprints: add meta model to apply blueprint within blueprint for dependencies (#3486 ) * add meta model to apply blueprint within blueprint for dependencies Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * use custom registry Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix again Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * move ManagedAppConfig to apps.py Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * rename manager to registry Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: use full tag in comment Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-08-29 21:20:58 +02:00

1 2

62 Commits