habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,747 Commits 205 Branches 395 Tags
b51d8d0ba304511d85b42196b84552ffac11d916
Commit Graph

15747 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
gcp-cherry-pick-bot[bot]
b51d8d0ba3 web/flows: fix invisible captcha call (cherry-pick #12048) (#12049) 
web/flows: fix invisible captcha call (#12048)

* fix invisible captcha call

* fix invisible captcha DOM removal

Co-authored-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com>
 2024-11-15 18:50:57 +01:00
gcp-cherry-pick-bot[bot]
7e8891338f rbac: fix incorrect object_description for object-level permissions (cherry-pick #12029) (#12043) 
rbac: fix incorrect object_description for object-level permissions (#12029)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L. <jens@goauthentik.io>
 2024-11-15 14:22:22 +01:00
gcp-cherry-pick-bot[bot]
3ae0001bb5 providers/ldap: fix global search_full_directory permission not being sufficient (cherry-pick #12028) (#12030) 
providers/ldap: fix global search_full_directory permission not being sufficient (#12028)

* providers/ldap: fix global search_full_directory permission not being sufficient



* use full name of permission



---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L. <jens@goauthentik.io>
 2024-11-15 13:52:39 +01:00
Jens Langhammer
66a4970014 release: 2024.10.2 version/2024.10.2 2024-11-14 17:05:40 +01:00
gcp-cherry-pick-bot[bot]
7ab9300761 website/docs: 2024.10.2 release notes (cherry-pick #12025) (#12026) 
website/docs: 2024.10.2 release notes (#12025)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L. <jens@goauthentik.io>
 2024-11-14 17:00:32 +01:00
gcp-cherry-pick-bot[bot]
a2eccd5022 core: use versioned_script for path only (cherry-pick #12003) (#12023) 
core: use versioned_script for path only (#12003)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L. <jens@goauthentik.io>
 2024-11-14 14:03:03 +01:00
gcp-cherry-pick-bot[bot]
31aeaa247f providers/oauth2: fix manual device code entry (cherry-pick #12017) (#12019) 
providers/oauth2: fix manual device code entry (#12017)

* providers/oauth2: fix manual device code entry



* make code input a char field to prevent leading 0s from being cut off



---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L. <jens@goauthentik.io>
 2024-11-13 21:59:10 +01:00
gcp-cherry-pick-bot[bot]
f49008bbb6 crypto: validate that generated certificate's name is unique (cherry-pick #12015) (#12016) 
crypto: validate that generated certificate's name is unique (#12015)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L. <jens@goauthentik.io>
 2024-11-13 17:05:59 +01:00
gcp-cherry-pick-bot[bot]
feb13c8ee5 providers/proxy: fix Issuer when AUTHENTIK_HOST_BROWSER is set (cherry-pick #11968) (#12005) 
providers/proxy: fix Issuer when AUTHENTIK_HOST_BROWSER is set (#11968)

correctly use host_browser's hostname as host header for token requests to ensure Issuer is identical

Co-authored-by: Jens L. <jens@goauthentik.io>
 2024-11-13 00:59:10 +01:00
authentik-automation[bot]
d5ef831718 web: bump API Client version (#11992) 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
# Conflicts:
#	web/package-lock.json
#	web/package.json
 2024-11-11 14:30:24 +01:00
gcp-cherry-pick-bot[bot]
64676819ec blueprints: add default Password policy (cherry-pick #11793) (#11993) 
blueprints: add default Password policy (#11793)

* add password policy to default password change flow

This change complies with the minimal compositional requirements by
NIST SP 800-63 Digital Identity Guidelines. See
https://pages.nist.gov/800-63-4/sp800-63b.html#password

More work is needed to comply with other parts of the Guidelines,
specifically

> If the chosen password is found on the blocklist, the CSP or verifier
> [...] SHALL provide the reason for rejection.

and

> Verifiers SHALL offer guidance to the subscriber to assist the user in
> choosing a strong password. This is particularly important following
> the rejection of a password on the blocklist as it discourages trivial
> modification of listed weak passwords.

* add docs for default Password policy

* remove HIBP from default Password policy

* add zxcvbn to default Password policy

* add fallback password error message to password policy, fix validation policy



* reword docs




* add HIBP caveat




* separate policy into separate blueprint



* use password policy for oobe flow



* kiss



---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com>
Co-authored-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
 2024-11-11 13:54:44 +01:00
gcp-cherry-pick-bot[bot]
7ed268fef4 stages/captcha: Run interactive captcha in Frame (cherry-pick #11857) (#11991) 
stages/captcha: Run interactive captcha in Frame (#11857)

* initial turnstile frame



* add interactive flag



* add interactive support for all



* fix missing migration



* don't hide in identification stage if interactive



* fixup



* require less hacky css



* update docs



---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L. <jens@goauthentik.io>
 2024-11-11 13:31:01 +01:00
gcp-cherry-pick-bot[bot]
f6526d1be9 stages/password: use recovery flow from brand (cherry-pick #11953) (#11969) 
stages/password: use recovery flow from brand (#11953)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L. <jens@goauthentik.io>
 2024-11-08 16:56:16 +01:00
gcp-cherry-pick-bot[bot]
12f8b4566b website/docs: fix slug matching redirect URI causing broken refresh (cherry-pick #11950) (#11954) 
website/docs: fix slug matching redirect URI causing broken refresh (#11950)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L. <jens@goauthentik.io>
 2024-11-07 19:26:49 +01:00
Simonyi Gergő
665de8ef22 release: 2024.10.1 version/2024.10.1 2024-11-05 18:06:32 +01:00
gcp-cherry-pick-bot[bot]
9eaa723bf8 website/docs: 2024.10.1 Release Notes (cherry-pick #11926) (#11928) 
website/docs: `2024.10.1` Release Notes (#11926)

* fix API Changes in `2024.10` changelog

* add `2024.10.1` API Changes to changelog

* add changes in `2024.10.1` to changelog

* change `details` to `h3` in changelog

Co-authored-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com>
 2024-11-05 18:05:00 +01:00
gcp-cherry-pick-bot[bot]
b2ca9c8cbc website: remove RC disclaimer for version 2024.10 (cherry-pick #11871) (#11920) 
website: remove RC disclaimer for version 2024.10 (#11871)

Co-authored-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com>
 2024-11-05 12:13:11 +01:00
gcp-cherry-pick-bot[bot]
7927392100 website/docs: add info about invalidation flow, default flows in general (cherry-pick #11800) (#11921) 
website/docs: add info about invalidation flow, default flows in general (#11800)

* restructure

* tweak

* fix header

* added more definitions

* jens excellent idea

* restructure the Layouts content

* tweaks

* links fix

* links still

* fighting links and cache

* argh links

* ditto

* remove link

* anothe link

* Jens' edit

* listed default flows set by brand

* add links back

* tweaks

* used import for list

* tweak

* rewrite some stuff



* format



* mangled rebase, fixed

* bump

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Tana M Berry <tana@goauthentik.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
 2024-11-05 12:12:59 +01:00
gcp-cherry-pick-bot[bot]
d8d07e32cb website: fix docs redirect (cherry-pick #11873) (#11922) 
website: fix docs redirect (#11873)

fix docs redirect

Co-authored-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com>
 2024-11-05 12:12:46 +01:00
gcp-cherry-pick-bot[bot]
f7c5d329eb website/docs: fix release notes to say Federation (cherry-pick #11889) (#11923) 
website/docs: fix release notes to say Federation (#11889)

* fix Federation

* typo

* added back should

* slooooow down

---------

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Tana M Berry <tana@goauthentik.com>
 2024-11-05 12:12:27 +01:00
gcp-cherry-pick-bot[bot]
92dec32547 enterprise/rac: fix API Schema for invalidation_flow (cherry-pick #11907) (#11908) 
enterprise/rac: fix API Schema for invalidation_flow (#11907)

* enterprise/rac: fix API Schema for invalidation_flow



* fix tests



* add tests



---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L. <jens@goauthentik.io>
 2024-11-04 20:42:41 +01:00
gcp-cherry-pick-bot[bot]
510feccd31 core: add None check to a device's extra_description (cherry-pick #11904) (#11906) 
core: add `None` check to a device's `extra_description` (#11904)

Co-authored-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com>
 2024-11-04 18:12:34 +01:00
Jens L
364a9a1f02 web: fix missing status code on failed build (#11903) 
* fix missing status code on failed build

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix locale

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
# Conflicts:
#	web/xliff/tr.xlf
 2024-11-04 18:06:22 +01:00
gcp-cherry-pick-bot[bot]
40cbb7567b providers/oauth2: fix size limited index for tokens (cherry-pick #11879) (#11905) 
providers/oauth2: fix size limited index for tokens (#11879)

* providers/oauth2: fix size limited index for tokens

I preserved the migrations as comments so the index IDs and migration
IDs remain searchable without accessing git history.

* rename migration file to more descriptive

Co-authored-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com>
 2024-11-04 18:05:55 +01:00
gcp-cherry-pick-bot[bot]
8ad0f63994 website: update supported versions (cherry-pick #11841) (#11872) 
website: update supported versions (#11841)

update supported versions

Co-authored-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com>
 2024-10-31 12:59:54 +01:00
Simonyi Gergő
6ce33ab912 root: bumpversion 2024.10 (#11865) 
release: 2024.10.0
version/2024.10.0 		2024-10-30 22:45:48 +01:00
gcp-cherry-pick-bot[bot]
d96b577abd web/admin: fix code-based MFA toggle not working in wizard (cherry-pick #11854) (#11855) 
web/admin: fix code-based MFA toggle not working in wizard (#11854)

closes #11834

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L. <jens@goauthentik.io>
 2024-10-29 20:19:54 +01:00
gcp-cherry-pick-bot[bot]
8c547589f6 sources/kerberos: add kiprop to ignored system principals (cherry-pick #11852) (#11853) 
sources/kerberos: add kiprop to ignored system principals (#11852)

Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
 2024-10-29 17:31:32 +01:00
gcp-cherry-pick-bot[bot]
3775e5b84f website: 2024.10 Release Notes (cherry-pick #11839) (#11840) 
website: 2024.10 Release Notes (#11839)

* generate diffs and changelog

* add 2024.10 release notes

* reorder release note highlights

* lint website

* reorder release note new features

* reword Kerberos




* extend JWE description




---------

Signed-off-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com>
Co-authored-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com>
Co-authored-by: Jens L. <jens@goauthentik.io>
 2024-10-28 17:27:59 +01:00
gcp-cherry-pick-bot[bot]
fa30339f65 website/docs: remove � (cherry-pick #11823) (#11835) 
website/docs: remove � (#11823)

remove 

Signed-off-by: Tobias <5702338+T0biii@users.noreply.github.com>
Co-authored-by: Tobias <5702338+T0biii@users.noreply.github.com>
 2024-10-28 13:21:02 +01:00
gcp-cherry-pick-bot[bot]
e825eda106 website/docs: Update social-logins github (cherry-pick #11822) (#11836) 
website/docs: Update social-logins github (#11822)

Update index.md

Signed-off-by: Tobias <5702338+T0biii@users.noreply.github.com>
Co-authored-by: Tobias <5702338+T0biii@users.noreply.github.com>
 2024-10-28 13:20:38 +01:00
gcp-cherry-pick-bot[bot]
246cae3dfa lifecycle: fix kdc5-config missing (cherry-pick #11826) (#11829) 
lifecycle: fix kdc5-config missing (#11826)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L. <jens@goauthentik.io>
version/2024.10.0-rc1 		2024-10-28 01:15:50 +01:00
gcp-cherry-pick-bot[bot]
6cfd2bd1af website/docs: update preview status of different features (cherry-pick #11817) (#11818) 
website/docs: update preview status of different features (#11817)

* remove preview from RAC



* add preview page instead of info box



* remove preview from rbac



* add preview to gdtc



* add preview to kerberos source



---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L. <jens@goauthentik.io>
 2024-10-25 21:42:45 +02:00
gcp-cherry-pick-bot[bot]
f0e4f93fe6 lifecycle: fix missing krb5 deps for full testing in image (cherry-pick #11815) (#11816) 
lifecycle: fix missing krb5 deps for full testing in image (#11815)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L. <jens@goauthentik.io>
 2024-10-25 18:46:55 +02:00
Simonyi Gergő
434aa57ba7 release: 2024.10.0-rc1 2024-10-25 17:26:39 +02:00
transifex-integration[bot]
31014ba1e5 translate: Updates for file web/xliff/en.xlf in zh-Hans (#11810) 
* Translate web/xliff/en.xlf in zh-Hans

100% translated source file: 'web/xliff/en.xlf'
on 'zh-Hans'.

* Removing web/xliff/en.xlf in zh-Hans

99% of minimum 100% translated source file: 'web/xliff/en.xlf'
on 'zh-Hans'.

---------

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
 2024-10-25 14:54:51 +02:00
transifex-integration[bot]
5c76145d10 translate: Updates for file locale/en/LC_MESSAGES/django.po in zh-Hans (#11809) 
Translate django.po in zh-Hans

100% translated source file: 'django.po'
on 'zh-Hans'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
 2024-10-25 14:39:58 +02:00
transifex-integration[bot]
cdfe4ccf71 translate: Updates for file locale/en/LC_MESSAGES/django.po in zh_CN (#11808) 
Translate locale/en/LC_MESSAGES/django.po in zh_CN

100% translated source file: 'locale/en/LC_MESSAGES/django.po'
on 'zh_CN'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
 2024-10-25 14:39:42 +02:00
authentik-automation[bot]
bd21431c53 web: bump API Client version (#11807) 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
 2024-10-25 14:39:23 +02:00
dependabot[bot]
1c4d4ff5f2 core: bump goauthentik.io/api/v3 from 3.2024083.12 to 3.2024083.13 (#11806) 
Bumps [goauthentik.io/api/v3](https://github.com/goauthentik/client-go) from 3.2024083.12 to 3.2024083.13.
- [Release notes](https://github.com/goauthentik/client-go/releases)
- [Changelog](https://github.com/goauthentik/client-go/blob/main/model_version_history.go)
- [Commits](https://github.com/goauthentik/client-go/compare/v3.2024083.12...v3.2024083.13)

---
updated-dependencies:
- dependency-name: goauthentik.io/api/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-25 14:39:01 +02:00
dependabot[bot]
5efeae0f39 core: bump ruff from 0.7.0 to 0.7.1 (#11805) 
Bumps [ruff](https://github.com/astral-sh/ruff) from 0.7.0 to 0.7.1.
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/0.7.0...0.7.1)

---
updated-dependencies:
- dependency-name: ruff
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-25 14:38:54 +02:00
dependabot[bot]
4253d7e115 core: bump twilio from 9.3.4 to 9.3.5 (#11804) 
Bumps [twilio](https://github.com/twilio/twilio-python) from 9.3.4 to 9.3.5.
- [Release notes](https://github.com/twilio/twilio-python/releases)
- [Changelog](https://github.com/twilio/twilio-python/blob/main/CHANGES.md)
- [Commits](https://github.com/twilio/twilio-python/compare/9.3.4...9.3.5)

---
updated-dependencies:
- dependency-name: twilio
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-25 14:38:41 +02:00
authentik-automation[bot]
0a9d88e49a core, web: update translations (#11803) 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: rissson <18313093+rissson@users.noreply.github.com>
 2024-10-25 14:38:26 +02:00
Jens L.
97e7736448 providers/scim: handle no members in group in consistency check (#11801) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2024-10-25 12:48:52 +02:00
Simonyi Gergő
9ee0ba141c stages/identification: add captcha to identification stage (#11711) 
* add captcha to identification stage

* simplify component invocations

* fail fast on `onTokenChange` default behavior

* reword docs

* rename `token` to `captcha_token` in Identification stage contexts

(In Captcha stage contexts the name `token` seems well-scoped.)

* use `nothing` instead of ``` html`` ```

* remove rendered Captcha component from document flow on Identification stages

Note: this doesn't remove the captcha itself, if interactive, only the loading
indicator.

* add invisible requirement to captcha on Identification stage

* stylize docs

* add friendlier error messages to Captcha stage

* fix tests

* make captcha error messages even friendlier

* add test case to retriable captcha

* use default

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
 2024-10-25 08:13:35 +02:00
Jens L.
b7cccf5ad2 website/docs: improve root page and redirect (#11798) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2024-10-25 00:42:59 +02:00
Jens L.
3b6d93dc2a providers/scim: clamp batch size for patch requests (#11797) 
* providers/scim: clamp batch size for patch requests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* sanity check for empty patch request instead

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2024-10-24 22:01:10 +02:00
Jens L.
3fc0904425 web/admin: fix missing div in wizard forms (#11794) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2024-10-24 17:56:20 +02:00
Simon Erhardt
f482937474 providers/proxy: fix handling of AUTHENTIK_HOST_BROWSER (#11722) 
* providers/proxy: fix handling of AUTHENTIK_HOST_BROWSER (#9622/#4688/#6476)

* chore: fix tests
 2024-10-24 16:34:45 +02:00
authentik-automation[bot]
238a396309 core, web: update translations (#11789) 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: rissson <18313093+rissson@users.noreply.github.com>
 2024-10-24 13:05:33 +02:00