authentik

Author	SHA1	Message	Date
gcp-cherry-pick-bot[bot]	05f4e738a1	root: check remote IP for proxy protocol same as HTTP/etc (cherry-pick #12094 ) (#12097 ) root: check remote IP for proxy protocol same as HTTP/etc (#12094) Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens L. <jens@goauthentik.io>	2024-11-20 21:49:53 +01:00
gcp-cherry-pick-bot[bot]	feb13c8ee5	providers/proxy: fix Issuer when AUTHENTIK_HOST_BROWSER is set (cherry-pick #11968 ) (#12005 ) providers/proxy: fix Issuer when AUTHENTIK_HOST_BROWSER is set (#11968) correctly use host_browser's hostname as host header for token requests to ensure Issuer is identical Co-authored-by: Jens L. <jens@goauthentik.io>	2024-11-13 00:59:10 +01:00
Simon Erhardt	f482937474	providers/proxy: fix handling of AUTHENTIK_HOST_BROWSER (#11722 ) * providers/proxy: fix handling of AUTHENTIK_HOST_BROWSER (#9622/#4688/#6476) * chore: fix tests	2024-10-24 16:34:45 +02:00
Jens L.	dc1562a7de	internal: restore /ping behaviour for embedded outpost (#11568 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2024-09-30 18:44:03 +02:00
Jens L.	ad3820c11c	providers/proxy: fix panic, keep session storages open (#11439 ) * fix panic when redis connection fails Signed-off-by: Jens Langhammer <jens@goauthentik.io> * re-use session when refreshing apps Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2024-09-19 23:05:58 +02:00
Jens L.	171d0f55cb	providers/proxy: fix URL path getting lost when partial URL is given to rd= (#11354 ) * providers/proxy: fix URL path getting lost when partial URL is given to rd= Signed-off-by: Jens Langhammer <jens@goauthentik.io> * better fallback + tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2024-09-12 18:02:08 +02:00
Jens L.	1b285f85c0	outposts: implement general paginator for list API requests (#10619 ) * outposts: implement general paginator Signed-off-by: Jens Langhammer <jens@goauthentik.io> * migrate LDAP Signed-off-by: Jens Langhammer <jens@goauthentik.io> * change main outpost refresh logic to use paginator everywhere Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add comments to understand anything Signed-off-by: Jens Langhammer <jens@goauthentik.io> * actually use paginator everywhere Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2024-07-29 22:14:18 +02:00
Jens L	b8560f2a86	providers/proxy: bump go-oidc to v3 (#10432 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2024-07-10 12:54:45 +02:00
Jens L	bfc2fe7703	web/flows: Simplified flow executor (#10296 ) * initial sfe Signed-off-by: Jens Langhammer <jens@goauthentik.io> * build sfe Signed-off-by: Jens Langhammer <jens@goauthentik.io> * downgrade bootstrap Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix path Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make IE compatible Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix query string missing Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add autosubmit stage Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add background image Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add code support Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add support for combo ident/password Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix logo rendering Signed-off-by: Jens Langhammer <jens@goauthentik.io> * only use for edge 18 and before Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix lint Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add webauthn support Signed-off-by: Jens Langhammer <jens@goauthentik.io> * migrate to TS for some creature comforts Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix ci Signed-off-by: Jens Langhammer <jens@goauthentik.io> * dedupe dependabot Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use API client...kinda Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add more docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add more polyfills yay Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> * turn powered by into span prevent issues in restricted browsers where users might not be able to return Signed-off-by: Jens Langhammer <jens@goauthentik.io> * allow non-link footer entries Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tsc errors Signed-off-by: Jens Langhammer <jens@goauthentik.io> * Apply suggestions from code review Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Jens L. <jens@beryju.org> * auto switch for macos Signed-off-by: Jens Langhammer <jens@goauthentik.io> * reword Signed-off-by: Jens Langhammer <jens@goauthentik.io> * Update website/docs/flow/executors/if-flow.md Signed-off-by: Jens L. <jens@beryju.org> * format Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens L. <jens@beryju.org> Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>	2024-07-05 19:24:37 +02:00
Jens L	29f3e2789d	web: set noopener and noreferrer on all external links (#10304 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2024-07-02 00:29:32 +02:00
Jens L	c45bb8e985	providers/proxy: rework redirect mechanism (#8594 ) * providers/proxy: rework redirect mechanism Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add session id, don't tie to state in session Signed-off-by: Jens Langhammer <jens@goauthentik.io> * handle state failing to parse Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> * save session after creating state Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove debug Signed-off-by: Jens Langhammer <jens@goauthentik.io> * include task expiry in status Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix redirect URL detection Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2024-05-06 03:07:08 +02:00
Jens L	a742331484	root: make redis settings more consistent (#9335 ) * make redis settings more consistent Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add support to go Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rewrite url Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix redis connect in wait_for_db Signed-off-by: Jens Langhammer <jens@goauthentik.io> * censor password when logging error Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * reword docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add redis url generation helper Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2024-04-18 16:49:41 +02:00
Max	1b81973358	outposts/proxy: Fix invalid redirect on external hosts containing path components (#8915 ) * outposts/proxy: Fix invalid redirect on external hosts containing path components Signed-off-by: Max <github@germancoding.com> * outposts/proxy: Fix test for changed redirect logic Signed-off-by: Max <github@germancoding.com> --------- Signed-off-by: Max <github@germancoding.com>	2024-03-19 20:31:08 +01:00
Jens L	104e70c383	root: support redis username (#8935 )	2024-03-18 12:44:38 +01:00
Marc 'risson' Schmitt	d54b410429	outposts/proxy: better Redis error message (#8044 ) * outposts/proxy: better Redis error message Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update internal/outpost/proxyv2/application/session.go Co-authored-by: Jens L. <jens@goauthentik.io> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> --------- Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> Co-authored-by: Jens L. <jens@goauthentik.io>	2024-01-02 20:01:53 +00:00
Jens L	1ea3dae5ac	providers/proxy: use access token (#8022 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-12-30 16:36:43 +01:00
Jens L	9a261c52d1	providers/oauth2: remember session_id from initial token (#7976 ) * providers/oauth2: remember session_id original token was created with for future access/refresh tokens Signed-off-by: Jens Langhammer <jens@goauthentik.io> * providers/proxy: use hashed session as `sid` Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-12-23 00:53:05 +01:00
Jens L	b7532740ef	root: fix static templates (#7925 ) * root: fix static HTML templates to match flow executor Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove top margin on smaller viewports Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-12-19 13:59:53 +01:00
Jens L	729ef4d786	root: bump python deps (django 5) (#7862 ) * bump python deps Signed-off-by: Jens Langhammer <jens@goauthentik.io> * vendor pickle serializer for now Signed-off-by: Jens Langhammer <jens@goauthentik.io> #7761 * cleanup some things and re-build api scheme Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix web and go Signed-off-by: Jens Langhammer <jens@goauthentik.io> * actually fix go...? Signed-off-by: Jens Langhammer <jens@goauthentik.io> * better annotate json fields Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use jsondictfield wherever Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove all virtualenvs? Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ? Signed-off-by: Jens Langhammer <jens@goauthentik.io> * final version bump Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-12-18 22:07:59 +01:00
Jens L	dc7ffba8fa	internal: remove special route for /outpost.goauthentik.io (#7539 ) With this special route for outpost.goauthentik.io, misdirected requests to /outpost.goauthentik.io/auth/start will create a cookie for the domain authentik is accessed under, which will cause issues with the actual full auth flow. Requests to /outpost.goauthentik.io will still be routed to the outpost, but with this change only when the hostname matches Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-11-13 17:39:40 +01:00
thijs_a	695719540b	providers/proxy: Fix duplicate cookies when using file system store. (#7541 ) Fix duplicate cookies when using file system store.	2023-11-13 15:33:49 +01:00
Jens L	4080080acd	internal: remove deprecated metrics (#7540 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-11-13 14:48:37 +01:00
Jens L	dd4e9030b4	providers/proxy: fix closed redis client (#7385 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-11-03 15:19:21 +01:00
Jens L	7d91842e8a	providers/proxy: attempt to fix duplicate cookie (#7324 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-10-27 00:41:13 +02:00
Jens L	dd7d3bf738	providers/proxy: fix redis cookies missing strict path (#7135 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-10-10 12:17:35 +02:00
Jens L	4db365c947	providers/proxy: improve SLO by backchannel logging out sessions (#7099 ) * outposts: add support for provider-specific websocket messages Signed-off-by: Jens Langhammer <jens@goauthentik.io> * providers/proxy: add custom signal on logout to logout in provider Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-10-09 01:06:52 +02:00
Jens L	efb2823391	internal: fix redis session store (#7011 )	2023-09-28 21:06:27 +02:00
Jens L	c93c6ee6f9	root: replace boj/redistore with vendored version of rbcervilla/redisstore (#6988 ) * root: replace boj/redistore with vendored version of rbcervilla/redisstore Signed-off-by: Jens Langhammer <jens@goauthentik.io> * setup env for go tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-09-26 18:56:37 +02:00
Jens L	af200a6bf9	web: cleanup (#6664 ) * web: remove <p> used for padding and do it properly Signed-off-by: Jens Langhammer <jens@goauthentik.io> * web: remove .form-help-text as it didn't change anything Signed-off-by: Jens Langhammer <jens@goauthentik.io> * move data-list styling to correct scope Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove title from navbar for docs-only build Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-08-29 18:24:11 +02:00
Jens L	1410169af1	providers/proxy: fix JWKS url in embedded outpost (#6644 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-08-28 00:52:01 +02:00
Jens L	9e29789c09	root: fix config loading for outposts (#6640 ) * root: fix config loading for outposts Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix error handling Signed-off-by: Jens Langhammer <jens@goauthentik.io> * improve check to see if outpost is embedded or not Signed-off-by: Jens Langhammer <jens@goauthentik.io> * also fix oauth url fetching Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-08-26 19:40:48 +02:00
Jens L	f6b144a0fa	providers/proxy: only intercept auth header when a value is set (#6488 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-08-06 01:18:20 +02:00
Jens L	0782b3b0fa	providers/proxy: set outpost session cookie to httponly and secure wh… (#6482 ) * providers/proxy: set outpost session cookie to httponly and secure when possible Signed-off-by: Jens Langhammer <jens@goauthentik.io> * set samesite too Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-08-05 22:09:27 +02:00
Alexandre NICOLAIE	a2714ab1f1	outposts: make metrics compliant with Prometheus best-practices (#6398 ) web/outpost: make metrics compliant with Prometheus best-practices Today, all NewHistogramVec store values in nanoseconds without changing the default histogram bucket, which are made for seconds, making them a bit useless. In addition, some metrics names are not self-explanatoryand and do not comply with Prometheus best practices. This commit tries to fix all of this "issues". NOTE: I kept old metrics in order to avoid breaking changes with existing dashboards and metrics. Signed-off-by: Alexandre NICOLAIE <xunleii@users.noreply.github.com>	2023-07-27 18:51:08 +02:00
Jens L	906faf9cce	providers/proxy: fix panic when claims in session were nil (#5569 ) * providers/proxy: fix panic when claims in session were nil Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add new options Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-05-10 20:58:44 +02:00
authentik-db-cooper	ab795e6642	internal: ignore insecure TLS certs (#5483 ) * servers: ignore insecure TLS certs * slight refactor to have a single place for tls config Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2023-05-05 15:57:52 +03:00
Jens L	fd2677af1f	root: bump api generator (#5139 ) * root: bump api generator Signed-off-by: Jens Langhammer <jens@goauthentik.io> * bump api diff too Signed-off-by: Jens Langhammer <jens@goauthentik.io> * bump go api client Signed-off-by: Jens Langhammer <jens@goauthentik.io> * simplify go api generation Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-04-01 18:10:52 +02:00
Jens L	ef028af7d1	providers/proxy: rework endpoints logic (#4993 ) * providers/proxy: rework endpoints logic again...this time with tests and better logic Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-18 18:51:20 +01:00
Jens L	41d17dc543	internal: fix crash when port 9000 is in use (#4863 ) fix crash when port 9000 is in use Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-07 13:27:46 +01:00
Jens Langhammer	f70be86ddc	providers/proxy: strip scheme when comparing redirect URL Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-20 21:22:26 +01:00
Jens Langhammer	9f431396c0	providers/proxy: ensure issuer is correct when browser url override is set Signed-off-by: Jens Langhammer <jens@goauthentik.io> #4715	2023-02-19 17:35:29 +01:00
Jens Langhammer	d945d30cda	providers/proxy: fix value is too long with filesystem sessions closes #4693 Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-15 10:50:01 +01:00
Jens Langhammer	b6c120f555	providers/proxy: fix client credential flows not using http interceptor Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-15 00:22:56 +01:00
Jens L	ec42b597ab	providers/proxy: send token request internally, with overwritten host header (#4675 ) * send token request internally, with overwritten host header Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-13 16:34:47 +01:00
Jens Langhammer	8f70354e3c	internal: remove debug remnant from cookie testing Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-12 17:29:18 +01:00
Jens L	21e29744c2	providers/proxy: different cookie name based on hashed client id (#4666 )	2023-02-12 16:34:57 +01:00
Jens L	af43330fd6	providers/oauth2: rework OAuth2 Provider (#4652 ) * always treat flow as openid flow Signed-off-by: Jens Langhammer <jens@goauthentik.io> * improve issuer URL generation Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more refactoring Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update introspection Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more refinement Signed-off-by: Jens Langhammer <jens@goauthentik.io> * migrate more Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix more things, update api Signed-off-by: Jens Langhammer <jens@goauthentik.io> * regen migrations Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix a bunch of things Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start updating tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix implicit flow, auto set exp Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix timeozone not used correctly Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix revoke Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more timezone shenanigans Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix userinfo tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update web Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix proxy outpost Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix api tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix missing at_hash for implicit flows Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * re-include at_hash in implicit auth flow Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use folder context for outpost build Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-09 20:19:48 +01:00
Jens Langhammer	3170b2f92c	providers/proxy: add token support for basic auth Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-07 22:50:49 +01:00
Jens Langhammer	61b06eff06	providers/proxy: better log outpost token errors Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-06 20:26:43 +01:00
Jens Langhammer	388367785d	*/saml: disable pretty_print, add signature tests closes #4536 Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-03 15:42:09 +01:00

1 2 3 4 5

212 Commits