5af2378738 
					 
					
						
						
							
							outposts/ldap: Handle comma-separated attributes in LDAP search requests ( #15000 )  
						
						... 
						
						
						
						Closes https://github.com/goauthentik/authentik/issues/13539 
When LDAP clients like Jira submit search requests with comma-separated attributes
(e.g., ["uid,cn,sn"] instead of ["uid", "cn", "sn"]), the LDAP outpost would return
an "Operations Error". Ths fix adds attribute normalization to properly handle
both formats by splitting comma separated attributes into individual entries.
Tests pass:
```
=== RUN   TestNormalizeAttributes
=== RUN   TestNormalizeAttributes/Empty_input
=== RUN   TestNormalizeAttributes/No_commas
=== RUN   TestNormalizeAttributes/Single_comma-separated_string
=== RUN   TestNormalizeAttributes/Mixed_input
=== RUN   TestNormalizeAttributes/With_spaces
=== RUN   TestNormalizeAttributes/Empty_parts
=== RUN   TestNormalizeAttributes/Single_element
=== RUN   TestNormalizeAttributes/Only_commas
=== RUN   TestNormalizeAttributes/Multiple_comma-separated_attributes
=== RUN   TestNormalizeAttributes/Case_preservation
=== RUN   TestNormalizeAttributes/Leading_and_trailing_spaces
=== RUN   TestNormalizeAttributes/Real-world_LDAP_attribute_examples
=== RUN   TestNormalizeAttributes/Jira-style_attribute_format
=== RUN   TestNormalizeAttributes/Single_string_with_single_attribute
=== RUN   TestNormalizeAttributes/Mix_of_standard_and_operational_attributes
--- PASS: TestNormalizeAttributes (0.00s)
    --- PASS: TestNormalizeAttributes/Empty_input (0.00s)
    --- PASS: TestNormalizeAttributes/No_commas (0.00s)
    --- PASS: TestNormalizeAttributes/Single_comma-separated_string (0.00s)
    --- PASS: TestNormalizeAttributes/Mixed_input (0.00s)
    --- PASS: TestNormalizeAttributes/With_spaces (0.00s)
    --- PASS: TestNormalizeAttributes/Empty_parts (0.00s)
    --- PASS: TestNormalizeAttributes/Single_element (0.00s)
    --- PASS: TestNormalizeAttributes/Only_commas (0.00s)
    --- PASS: TestNormalizeAttributes/Multiple_comma-separated_attributes (0.00s)
    --- PASS: TestNormalizeAttributes/Case_preservation (0.00s)
    --- PASS: TestNormalizeAttributes/Leading_and_trailing_spaces (0.00s)
    --- PASS: TestNormalizeAttributes/Real-world_LDAP_attribute_examples (0.00s)
    --- PASS: TestNormalizeAttributes/Jira-style_attribute_format (0.00s)
    --- PASS: TestNormalizeAttributes/Single_string_with_single_attribute (0.00s)
    --- PASS: TestNormalizeAttributes/Mix_of_standard_and_operational_attributes (0.00s)
PASS
ok      goauthentik.io/internal/outpost/ldap/search     0.194s
``` 
						
						
					 
					
						2025-06-11 18:16:40 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						88fa7e37dc 
					 
					
						
						
							
							outposts: Refactor session end signal and add LDAP support ( #14539 )  
						
						... 
						
						
						
						* outpost: promote session end signal to non-provider specific
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* implement server-side logout in ldap
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix previous import
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use better retry logic
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* log
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make more generic if we switch from ws to something else
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make it possible to e2e test WS
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix ldap session id
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* ok I actually need to go to bed this took me an hour to fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format; add ldap test
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix leftover state
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove thread
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use ws base for radius
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* separate test utils
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rename
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix missing super calls
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* websocket tests with browser 🎉 
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add proxy test for sign out
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix install_id issue with channels tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix proxy basic auth test
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* big code dedupe
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* allow passing go build args
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* improve waiting for outpost
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rewrite ldap tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* ok actually fix the tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* undo a couple things that need more time to cook
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove unused lockfile-lint dependency since we use a shell script and SFE does not have a lockfile
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix session id for ldap
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix missing createTimestamp and modifyTimestamp ldap attributes
closes  #10474 
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2025-06-10 12:11:21 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						dea2d67ceb 
					 
					
						
						
							
							internal/outpost: fix incorrect usage of golang SHA API ( #14981 )  
						
						... 
						
						
						
						Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2025-06-09 20:57:36 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						b7417e77c7 
					 
					
						
						
							
							outposts: remove duplicate startup/setup code, add pyroscope, make sentry not reconfigure every time ( #14724 )  
						
						... 
						
						
						
						Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2025-06-07 03:01:00 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						a306cecb73 
					 
					
						
						
							
							providers/proxy: add option to override host header with property mappings ( #14927 )  
						
						
						
						
					 
					
						2025-06-06 14:54:59 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						57f25a97c9 
					 
					
						
						
							
							providers/ldap: retain binder and update users instead of re-creating ( #14735 )  
						
						... 
						
						
						
						Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2025-05-28 13:43:35 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						65517f3b7f 
					 
					
						
						
							
							enterprise/stages: Add MTLS stage ( #14296 )  
						
						... 
						
						
						
						* prepare client auth with inbuilt server
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* introduce better IPC auth
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* init
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start stage
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* only allow trusted proxies to set MTLS headers
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more stage progress
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* dont fail if ipc_key doesn't exist
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* actually install app
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add some tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update API
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix unquote
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix int serial number not jsonable
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* init ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated: fix git pull in makefile
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix parse helper
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add test for outpost
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more tests and improvements
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* improve labels
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add support for multiple CAs on brand
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add support for multiple CAs to MTLS stage
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* dont log ipcuser secret views
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix go mod
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2025-05-19 22:48:17 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						7826e7a605 
					 
					
						
						
							
							core: bump oss/go/microsoft/golang from 1.23-fips-bookworm to 1.24-fips-bookworm ( #13027 )  
						
						... 
						
						
						
						* core: bump oss/go/microsoft/golang
Bumps oss/go/microsoft/golang from 1.23-fips-bookworm to 1.24-fips-bookworm.
---
updated-dependencies:
- dependency-name: oss/go/microsoft/golang
  dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com >
* upstream docker image, use native fips
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* bump go version
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: dependabot[bot] <support@github.com >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2025-03-30 03:26:30 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						5bcf501842 
					 
					
						
						
							
							outposts/ldap: fix paginator going into infinite loop ( #13677 )  
						
						... 
						
						
						
						Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2025-03-27 00:05:43 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						84b5992e55 
					 
					
						
						
							
							ci: bump golangci/golangci-lint-action from 6 to 7 ( #13661 )  
						
						... 
						
						
						
						* ci: bump golangci/golangci-lint-action from 6 to 7
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action ) from 6 to 7.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases )
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v6...v7 )
---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
* fix lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix v2
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix v3
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: dependabot[bot] <support@github.com >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2025-03-26 18:03:20 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						f37e1ca642 
					 
					
						
						
							
							brands: migrate custom CSS to brands ( #13172 )  
						
						... 
						
						
						
						* brands: migrate custom CSS to brands
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix missing default
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* simpler migration
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add css to brand form
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2025-03-19 22:52:38 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						94eff50306 
					 
					
						
						
							
							root: redis, make sure tlscacert isn't an empty string ( #12407 )  
						
						... 
						
						
						
						* root: redis, make sure tlscacert isn't an empty string
* make TLSCaCert a string instead of pointer
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2025-01-13 20:14:26 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						ee6fcdfbd8 
					 
					
						
						
							
							internal: fix missing trailing slash in outpost websocket ( #12470 )  
						
						... 
						
						
						
						Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2024-12-23 23:42:42 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						15be3f2461 
					 
					
						
						
							
							internal: fix URL generation for websocket connection ( #12439 )  
						
						... 
						
						
						
						Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2024-12-20 19:18:50 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						40a7135c0c 
					 
					
						
						
							
							core: app entitlements ( #12090 )  
						
						... 
						
						
						
						* core: initial app entitlements
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* base off of pbm
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add tests and oauth2
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add to proxy
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rewrite to use bindings
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make policy bindings form and list more customizable
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* double fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* refine permissions
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add missing rbac modal to app entitlements
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* separate scope for app entitlements
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* include entitlements mapping in proxy
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add API validation to prevent policies from being bound to entitlements
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make preview
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add initial docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove duplicate docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2024-12-18 14:32:44 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						5e72ec9c0c 
					 
					
						
						
							
							root: support running authentik in subpath ( #8675 )  
						
						... 
						
						
						
						* initial subpath support
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make outpost compatible
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix static files somewhat
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix web interface
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix most static stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix most web links
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix websocket
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix URL for static files
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format web
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add root redirect for subpath
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* set cookie path
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Update internal/config/struct.go
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Signed-off-by: Jens L. <jens@beryju.org >
* fix sfe
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* bump required version
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix flow background
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix lint and some more links
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix impersonate
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens L. <jens@beryju.org >
Signed-off-by: Jens L. <jens@goauthentik.io >
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space > 
						
						
					 
					
						2024-11-26 15:38:23 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						d4bf3b7068 
					 
					
						
						
							
							root: check remote IP for proxy protocol same as HTTP/etc ( #12094 )  
						
						... 
						
						
						
						Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2024-11-20 21:33:35 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						a892d4afd8 
					 
					
						
						
							
							providers/proxy: fix Issuer when AUTHENTIK_HOST_BROWSER is set ( #11968 )  
						
						... 
						
						
						
						correctly use host_browser's hostname as host header for token requests to ensure Issuer is identical 
						
						
					 
					
						2024-11-13 00:54:40 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						f482937474 
					 
					
						
						
							
							providers/proxy: fix handling of AUTHENTIK_HOST_BROWSER ( #11722 )  
						
						... 
						
						
						
						* providers/proxy: fix handling of AUTHENTIK_HOST_BROWSER (#9622/#4688/#6476)
* chore: fix tests 
						
						
					 
					
						2024-10-24 16:34:45 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						5b66dbe890 
					 
					
						
						
							
							flows: provider invalidation ( #5048 )  
						
						... 
						
						
						
						* add initial
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add web stage for session end
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* migrate saml and tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* group flow settings when providers have multiple flows
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* adjust name for default provider invalidation
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-make migrations
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add invalidation_flow to saml importer
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-do migrations again
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update web stuff to get rid of old libraries
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make unbind flow for ldap configurable
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated: fix flow inspector
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* handle invalidation_flow as optional, as it should be
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* also fix ldap outpost
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* don't generate URL in client
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* actually make it work???
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix migration breaking things...?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start fixing tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix fallback
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-migrate
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix duplicate flow setting
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add migration
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix race condition with brand
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix oauth test
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix SAML tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add to wizard, fix required
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make required, start release notes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2024-10-14 15:35:12 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						dc1562a7de 
					 
					
						
						
							
							internal: restore /ping behaviour for embedded outpost ( #11568 )  
						
						... 
						
						
						
						Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2024-09-30 18:44:03 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						ad3820c11c 
					 
					
						
						
							
							providers/proxy: fix panic, keep session storages open ( #11439 )  
						
						... 
						
						
						
						* fix panic when redis connection fails
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-use session when refreshing apps
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2024-09-19 23:05:58 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						171d0f55cb 
					 
					
						
						
							
							providers/proxy: fix URL path getting lost when partial URL is given to rd= ( #11354 )  
						
						... 
						
						
						
						* providers/proxy: fix URL path getting lost when partial URL is given to rd=
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* better fallback + tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2024-09-12 18:02:08 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						5be49a8e80 
					 
					
						
						
							
							internal: fix go paginator not setting page correctly ( #11253 )  
						
						... 
						
						
						
						Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2024-09-06 18:38:00 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						8886532ed6 
					 
					
						
						
							
							providers/ldap: fix incorrect permission check for search access ( #11217 )  
						
						... 
						
						
						
						Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2024-09-05 01:19:11 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						d75cdfeaf1 
					 
					
						
						
							
							internal: Use loop instead of recursion in NewAPIController ( #10745 )  
						
						... 
						
						
						
						use loop instead of recursion 
						
						
					 
					
						2024-08-16 15:04:07 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						8f53d0b9f3 
					 
					
						
						
							
							providers/ldap: Remove search group ( #10639 )  
						
						... 
						
						
						
						* remove search_group
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make api operations cleaerer
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix migration
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* actually use get
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use correct api client for ldap
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix migration
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated: fix migration warning
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated: fix styling issue in dark mode
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated-ish fix button order in wizard
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated: fix missing css import
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Optimised images with calibre/image-actions
* Update index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Jens L. <jens@beryju.org >
* Update index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Jens L. <jens@beryju.org >
* Apply suggestions from code review
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Jens L. <jens@beryju.org >
* update release notes based on new template
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens L. <jens@beryju.org >
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com > 
						
						
					 
					
						2024-08-14 16:31:11 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						bb9e679b9a 
					 
					
						
						
							
							outposts: add better UI for showing mismatched versions ( #10885 )  
						
						... 
						
						
						
						Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2024-08-12 23:17:15 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						9b595b2031 
					 
					
						
						
							
							outposts: ensure minimum refresh interval ( #10701 )  
						
						... 
						
						
						
						Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2024-07-31 14:43:03 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						1b285f85c0 
					 
					
						
						
							
							outposts: implement general paginator for list API requests ( #10619 )  
						
						... 
						
						
						
						* outposts: implement general paginator
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* migrate LDAP
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* change main outpost refresh logic to use paginator everywhere
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add comments to understand anything
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* actually use paginator everywhere
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2024-07-29 22:14:18 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						61c6887e82 
					 
					
						
						
							
							providers/radius: Add support for custom attributes ( #10509 )  
						
						... 
						
						
						
						* unrelated: show logs for failed blueprints
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add dictionaries
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated: remove some unused api functions
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add initial api
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* placeholder backend
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* idk
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add proper mappings
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2024-07-25 19:08:33 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						8db1d86c6b 
					 
					
						
						
							
							flows: remove stage challenge type ( #10476 )  
						
						... 
						
						
						
						* flows: remove stage challenge type
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* improve coverage
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2024-07-13 18:37:29 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						b8560f2a86 
					 
					
						
						
							
							providers/proxy: bump go-oidc to v3 ( #10432 )  
						
						... 
						
						
						
						Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2024-07-10 12:54:45 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						bfc2fe7703 
					 
					
						
						
							
							web/flows: Simplified flow executor ( #10296 )  
						
						... 
						
						
						
						* initial sfe
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* build sfe
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* downgrade bootstrap
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix path
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make IE compatible
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix query string missing
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add autosubmit stage
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add background image
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add code support
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add support for combo ident/password
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix logo rendering
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* only use for edge 18 and before
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add webauthn support
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* migrate to TS for some creature comforts
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix ci
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* dedupe dependabot
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use API client...kinda
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add more docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add more polyfills yay
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* turn powered by into span
prevent issues in restricted browsers where users might not be able to return
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* allow non-link footer entries
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tsc errors
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Apply suggestions from code review
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Jens L. <jens@beryju.org >
* auto switch for macos
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* reword
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Update website/docs/flow/executors/if-flow.md
Signed-off-by: Jens L. <jens@beryju.org >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens L. <jens@beryju.org >
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com > 
						
						
					 
					
						2024-07-05 19:24:37 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						0fe751269e 
					 
					
						
						
							
							outposts: make refresh interval configurable ( #10138 )  
						
						... 
						
						
						
						* outposts: make refresh interval configurable
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* frontend
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* black again
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* switch to using config attribute
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
---------
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space > 
						
						
					 
					
						2024-07-05 13:14:28 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						29f3e2789d 
					 
					
						
						
							
							web: set noopener and noreferrer on all external links ( #10304 )  
						
						... 
						
						
						
						Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2024-07-02 00:29:32 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						4f40b1e27c 
					 
					
						
						
							
							crypto: update fingerprint at same time as certificate ( #10036 )  
						
						... 
						
						
						
						Previously the fingerprint was only set when initially adding a key, if it
changed for any reason (like a renewed certificate) then every execution of
`Get` would lead to a full update. The certificate itself got cached, but the
fingerprint remained stale for next time.
This increased the chance of a fatal race during the cache update.
closes  #9907  
						
						
					 
					
						2024-06-10 20:16:35 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						c3445374c2 
					 
					
						
						
							
							core: FIPS ( #9683 )  
						
						... 
						
						
						
						Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space > 
						
						
					 
					
						2024-05-23 17:34:52 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						c45bb8e985 
					 
					
						
						
							
							providers/proxy: rework redirect mechanism ( #8594 )  
						
						... 
						
						
						
						* providers/proxy: rework redirect mechanism
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add session id, don't tie to state in session
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* handle state failing to parse
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* save session after creating state
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove debug
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* include task expiry in status
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix redirect URL detection
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2024-05-06 03:07:08 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						a742331484 
					 
					
						
						
							
							root: make redis settings more consistent ( #9335 )  
						
						... 
						
						
						
						* make redis settings more consistent
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add support to go
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rewrite url
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix redis connect in wait_for_db
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* censor password when logging error
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* reword docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add redis url generation helper
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2024-04-18 16:49:41 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						85fedec2f6 
					 
					
						
						
							
							core: optionally don't return groups' users and users' groups by default ( #9179 )  
						
						... 
						
						
						
						* core: don't return groups' users and users' groups by default
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* explicitly fetch users and groups in LDAP
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add indicies
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2024-04-15 13:27:44 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						97bc679cbb 
					 
					
						
						
							
							internal: add tests to go flow executor ( #9219 )  
						
						... 
						
						
						
						Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2024-04-12 01:42:31 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						1b81973358 
					 
					
						
						
							
							outposts/proxy: Fix invalid redirect on external hosts containing path components ( #8915 )  
						
						... 
						
						
						
						* outposts/proxy: Fix invalid redirect on external hosts containing path components
Signed-off-by: Max <github@germancoding.com >
* outposts/proxy: Fix test for changed redirect logic
Signed-off-by: Max <github@germancoding.com >
---------
Signed-off-by: Max <github@germancoding.com > 
						
						
					 
					
						2024-03-19 20:31:08 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						104e70c383 
					 
					
						
						
							
							root: support redis username ( #8935 )  
						
						
						
						
					 
					
						2024-03-18 12:44:38 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						3f43ff22a8 
					 
					
						
						
							
							outpost: improved set secret answers for flow execution ( #8013 )  
						
						... 
						
						
						
						* outpost/radius: set mfa answer for noncode-based mfa
* refactor CheckPasswordInlineMFA to SetSecrets
* small style changes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2024-03-15 18:05:44 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						25e72558eb 
					 
					
						
						
							
							core: optimise user list endpoint ( #8353 )  
						
						... 
						
						
						
						* unrelated changes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* optimization pass 1: reduce N tenant lookups by taking tenant from request, reduce get_anonymous calls
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make it easier to exclude anonymous user
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2024-01-30 01:55:26 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						abc0c2d2a2 
					 
					
						
						
							
							root: Multi-tenancy ( #7590 )  
						
						... 
						
						
						
						* tenants -> brands, init new tenant model, migrate some config to tenants
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* setup logging for tenants
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* configure celery and cache
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* small fixes, runs
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* task fixes, creation of tenant now works by cloning a template schema, some other small stuff
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix-tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* upstream fixes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix-pylint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix avatar tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* migrate config reputation_expiry as well
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix web rebase
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix migrations for template schema
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix migrations for template schema
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix migrations for template schema 3
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* revert reputation expiry migration
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix type
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix some more tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* website: tenants -> brands
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* try fixing e2e tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* start frontend :help:
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add ability to disable tenants api
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* delete embedded outpost if it is disabled
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* make sure embedded outpost is disabled when tenants are enabled
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* management commands: add --schema option where relevant
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* store files per-tenant
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix embedded outpost deletion
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix files migration
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add tenant api tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add domain tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add settings tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* make --schema-name default to public in mgmt commands
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* sources/ldap: make sure lock is per-tenant
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix stuff I broke
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix remaining failing tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* try fixing e2e tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* much better frontend, but save does not refresh form properly
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* update django-tenants with latest fixes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* i18n-extract
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* review comments
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* move event_retention from brands to tenants
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* wip
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* root: add support for storing media files in S3
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* use permissions for settings api
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* blueprints: disable tenants management
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix embedded outpost create/delete logic
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* make gen
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* make sure prometheus metrics are correctly served
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* makefile: don't delete the go api client when not regenerating it
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* tenants api: add recovery group and token creation endpoints
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix startup
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix prometheus metrics
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix web stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix migrations from stable
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix oauth source type import
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Revert "fix oauth source type import"
This reverts commit d015fd0244marc.schmitt@risson.space >
* try with connection_created signal
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix scim tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix web after merge
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix enterprise settings
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Revert "try with connection_created signal"
This reverts commit 764a999db832b40a3bbbmarc.schmitt@risson.space >
* fix django version
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix web after merge
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* relock poetry
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix reconcile
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* try running tenant save in a transaction
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* black
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* test: export postgres logs for debugging and use failfast
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* test: fix container name for logs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* do not copy tenant data
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Revert "try running tenant save in a transaction"
This reverts commit da6dec5a614bffb19704marc.schmitt@risson.space >
* why not
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* remove failfast
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove postgres query logging
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update reconcile logic to clearly differentiate between tenant and global
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix reconcile app decorator
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* enable django checks
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* actually nodata was unnecessary as we're cloning from template and not from public
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* pylint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* update django-tenants with sequence fix
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* actually update
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix e2e tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add tests for settings api
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add tests for recovery api
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* recovery tests: do them on a new tenant
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* web: fix system status being degraded when embedded outpost is disabled
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix recovery tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix tenants tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint-fix
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint-fix
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* update UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add management command to create a tenant
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add docs
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* release notes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* more docs
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* checklist
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* self review
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* spelling
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* make web after upgrading
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* remove extra xlif file
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* prettier
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Revert "add management command to create a tenant"
This reverts commit 39d13c0447jens@goauthentik.io >
* rewite some things on the release notes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* root: make sure install_id comes from public schema
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* require a license to use tenants
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix tenants tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix files migration
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* release notes: add warning about user sessions being invalidated
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* remove api disabled test, we can't test for it
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
---------
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2024-01-23 14:28:06 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						d54b410429 
					 
					
						
						
							
							outposts/proxy: better Redis error message ( #8044 )  
						
						... 
						
						
						
						* outposts/proxy: better Redis error message
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update internal/outpost/proxyv2/application/session.go
Co-authored-by: Jens L. <jens@goauthentik.io >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
---------
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Co-authored-by: Jens L. <jens@goauthentik.io > 
						
						
					 
					
						2024-01-02 20:01:53 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						240cf6dd94 
					 
					
						
						
							
							enterprise/providers: Add RAC [AUTH-15] ( #7291 )  
						
						... 
						
						
						
						* add basic guacamole
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make everything mostly work
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add rac build to CI
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix resize, fix web lint, sendSize correctly
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* pre-send connection from client, format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* improve throughput
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rework TokenOutpostConsumer into middleware
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix some layout issues
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add outpost controllers
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start testing audio things
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix a bunch of things
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add deps
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix to work with outpost group
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add simple loadbalancing
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add simple reconnect
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* show reconnecting text
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix error when checking ports
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* move to providers
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add flow check to interface
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix go lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix rac app label
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix audio
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add logging
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* allow overriding all settings
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix duplicate keyboard, debug high DPI
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-add deps
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix missing __init__.py breaking model loading
I love python
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* bump successful ws connection to info
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* hide cursor since guac draws that
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add clipboard support (bidirectional)
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make codespell not want to break the code
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* run pr comment in separate task
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start endpoint and property mapping stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more endpoint things
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated: fix event model_pk filtering with ints
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated: improve event display for changelog
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rebuild endpoint stuff again
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* idk special url
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more stuff, connect token with session
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add disconnect
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rework disconnect
cleanly disconnect from guacd instead of just letting the connection timeout
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* clear cache when creating outpost
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* support host:port and fix protocol
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* center smaller viewport
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rework connection to wait more and stop after some time
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add policy control to endpoints
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove provider protocol
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* don't switch to different outpost connection when already chosen
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start using property mappings, add static settings
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add some RAC mapping settings
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start adding tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add tests for event changes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add tests and fix issues found by said tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add preview banner, move endpoints to main page
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add locale
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* auto-select endpoint if only one is available
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* backport https://github.com/goauthentik/authentik/pull/7831  to rac
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* dont select property mappings on endpoints
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make table modal only load when opened
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* only auto-redirect when open
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix web deps
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* check for token expiry and terminate session
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-add endpoint name to title
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* disconnect connection when token is manually deleted
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add initial RAC docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add connection expiry setting to provider
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix flaky tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-12-30 21:33:14 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						1ea3dae5ac 
					 
					
						
						
							
							providers/proxy: use access token ( #8022 )  
						
						... 
						
						
						
						Signed-off-by: Jens Langhammer <jens@goauthentik.io > 
						
						
					 
					
						2023-12-30 16:36:43 +01:00