5b66dbe890
flows: provider invalidation ( #5048 )
...
* add initial
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add web stage for session end
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* migrate saml and tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* group flow settings when providers have multiple flows
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* adjust name for default provider invalidation
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-make migrations
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add invalidation_flow to saml importer
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-do migrations again
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update web stuff to get rid of old libraries
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make unbind flow for ldap configurable
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated: fix flow inspector
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* handle invalidation_flow as optional, as it should be
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* also fix ldap outpost
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* don't generate URL in client
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* actually make it work???
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix migration breaking things...?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start fixing tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix fallback
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-migrate
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix duplicate flow setting
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add migration
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix race condition with brand
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix oauth test
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix SAML tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add to wizard, fix required
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make required, start release notes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-10-14 15:35:12 +02:00
dc1562a7de
internal: restore /ping behaviour for embedded outpost ( #11568 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-09-30 18:44:03 +02:00
975b6e53a6
release: 2024.8.3 ( #11542 )
2024-09-27 16:58:04 +02:00
ad3820c11c
providers/proxy: fix panic, keep session storages open ( #11439 )
...
* fix panic when redis connection fails
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-use session when refreshing apps
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-09-19 23:05:58 +02:00
5822653155
release: 2024.8.2 ( #11395 )
2024-09-16 15:02:51 +02:00
171d0f55cb
providers/proxy: fix URL path getting lost when partial URL is given to rd= ( #11354 )
...
* providers/proxy: fix URL path getting lost when partial URL is given to rd=
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* better fallback + tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-09-12 18:02:08 +02:00
b8ae028d4d
root: backport release 2024.8.1 ( #11273 )
...
release: 2024.8.1
2024-09-08 01:35:15 +02:00
5be49a8e80
internal: fix go paginator not setting page correctly ( #11253 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-09-06 18:38:00 +02:00
8886532ed6
providers/ldap: fix incorrect permission check for search access ( #11217 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-09-05 01:19:11 +02:00
02ae099bdf
root: version 2024.8 backport ( #11166 )
...
* schemas: fix XML Schema loading...for some reason?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* release: 2024.8.0-rc1
* release: 2024.8.0
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
# Conflicts:
# .bumpversion.cfg
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-09-03 14:41:40 +02:00
a6225ad7a7
root: backport version bump ( #11045 )
...
* fix outpost form not loading apps for correct type
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix bug from previous pr
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* release: 2024.6.4
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-08-23 16:33:07 +02:00
d75cdfeaf1
internal: Use loop instead of recursion in NewAPIController ( #10745 )
...
use loop instead of recursion
2024-08-16 15:04:07 +02:00
8f53d0b9f3
providers/ldap: Remove search group ( #10639 )
...
* remove search_group
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make api operations cleaerer
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix migration
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* actually use get
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use correct api client for ldap
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix migration
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated: fix migration warning
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated: fix styling issue in dark mode
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated-ish fix button order in wizard
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated: fix missing css import
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Optimised images with calibre/image-actions
* Update index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Jens L. <jens@beryju.org >
* Update index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Jens L. <jens@beryju.org >
* Apply suggestions from code review
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Jens L. <jens@beryju.org >
* update release notes based on new template
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens L. <jens@beryju.org >
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
2024-08-14 16:31:11 +02:00
bb9e679b9a
outposts: add better UI for showing mismatched versions ( #10885 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-08-12 23:17:15 +02:00
4363c899ac
release: 2024.6.3
2024-08-05 20:08:28 +02:00
e60c36b889
release: 2024.6.2
2024-08-01 01:13:29 +02:00
9b595b2031
outposts: ensure minimum refresh interval ( #10701 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-07-31 14:43:03 +02:00
1b285f85c0
outposts: implement general paginator for list API requests ( #10619 )
...
* outposts: implement general paginator
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* migrate LDAP
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* change main outpost refresh logic to use paginator everywhere
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add comments to understand anything
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* actually use paginator everywhere
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-07-29 22:14:18 +02:00
61c6887e82
providers/radius: Add support for custom attributes ( #10509 )
...
* unrelated: show logs for failed blueprints
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add dictionaries
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated: remove some unused api functions
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add initial api
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* placeholder backend
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* idk
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add proper mappings
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-07-25 19:08:33 +02:00
fd1d252d44
root: Make health checks compatible with cloud platform load balancers ( #10554 )
...
* Change health checks to return HTTP 200.
* Fix web.go check.
* Only update docs.
* update docs and add changelog entry
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2024-07-20 21:15:29 +02:00
8db1d86c6b
flows: remove stage challenge type ( #10476 )
...
* flows: remove stage challenge type
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* improve coverage
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-07-13 18:37:29 +02:00
f6a9773930
release: 2024.6.1
2024-07-11 22:50:33 +02:00
b8560f2a86
providers/proxy: bump go-oidc to v3 ( #10432 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-07-10 12:54:45 +02:00
bfc2fe7703
web/flows: Simplified flow executor ( #10296 )
...
* initial sfe
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* build sfe
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* downgrade bootstrap
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix path
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make IE compatible
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix query string missing
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add autosubmit stage
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add background image
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add code support
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add support for combo ident/password
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix logo rendering
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* only use for edge 18 and before
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add webauthn support
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* migrate to TS for some creature comforts
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix ci
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* dedupe dependabot
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use API client...kinda
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add more docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add more polyfills yay
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* turn powered by into span
prevent issues in restricted browsers where users might not be able to return
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* allow non-link footer entries
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tsc errors
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Apply suggestions from code review
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Jens L. <jens@beryju.org >
* auto switch for macos
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* reword
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Update website/docs/flow/executors/if-flow.md
Signed-off-by: Jens L. <jens@beryju.org >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens L. <jens@beryju.org >
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
2024-07-05 19:24:37 +02:00
0fe751269e
outposts: make refresh interval configurable ( #10138 )
...
* outposts: make refresh interval configurable
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* frontend
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* black again
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* switch to using config attribute
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
---------
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
2024-07-05 13:14:28 +02:00
29f3e2789d
web: set noopener and noreferrer on all external links ( #10304 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-07-02 00:29:32 +02:00
35cd126406
release: 2024.6.0-rc1
2024-06-14 18:42:26 +02:00
4f40b1e27c
crypto: update fingerprint at same time as certificate ( #10036 )
...
Previously the fingerprint was only set when initially adding a key, if it
changed for any reason (like a renewed certificate) then every execution of
`Get` would lead to a full update. The certificate itself got cached, but the
fingerprint remained stale for next time.
This increased the chance of a fatal race during the cache update.
closes #9907
2024-06-10 20:16:35 +09:00
c3445374c2
core: FIPS ( #9683 )
...
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
2024-05-23 17:34:52 +00:00
6802614fbf
release: 2024.4.2
2024-05-07 18:45:37 +02:00
c45bb8e985
providers/proxy: rework redirect mechanism ( #8594 )
...
* providers/proxy: rework redirect mechanism
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add session id, don't tie to state in session
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* handle state failing to parse
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* save session after creating state
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove debug
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* include task expiry in status
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix redirect URL detection
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-05-06 03:07:08 +02:00
8f8c3e4944
release: 2024.4.1
2024-04-26 18:43:33 +02:00
6b6d88b81b
release: 2024.4.0-rc1
2024-04-24 19:12:47 +02:00
a742331484
root: make redis settings more consistent ( #9335 )
...
* make redis settings more consistent
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add support to go
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rewrite url
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix redis connect in wait_for_db
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* censor password when logging error
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* reword docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add redis url generation helper
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-04-18 16:49:41 +02:00
58a374d1f1
release: 2024.2.3
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
# Conflicts:
# pyproject.toml
2024-04-17 15:17:14 +02:00
85fedec2f6
core: optionally don't return groups' users and users' groups by default ( #9179 )
...
* core: don't return groups' users and users' groups by default
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* explicitly fetch users and groups in LDAP
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add indicies
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-04-15 13:27:44 +02:00
97bc679cbb
internal: add tests to go flow executor ( #9219 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-04-12 01:42:31 +02:00
7ea721c487
root: move database calls from ready() to dedicated startup signal ( #9081 )
...
* root: move database calls from ready() to dedicated startup signal
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* optimise gunicorn startup to only do DB code in one worker
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* always use 2 workers in compose
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* send startup signals for test runner
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove k8s import that isn't really needed
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* ci: bump nested actions
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix @reconcile_app not triggering reconcile due to changed functions
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* connect startup with uid
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* adjust some log levels
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove internal healthcheck
we didn't really use it to do anything, and we shouldn't have to since the live/ready probes are handled by django anyways and so the container runtime will restart the server if needed
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add setproctitle for gunicorn and celery process titles
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* configure structlog early to use it
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Revert "configure structlog early to use it"
This reverts commit 16778fdbbca0f5c474d376c2f85c6f8032c06044.
* Revert "adjust some log levels"
This reverts commit a129f7ab6aecf27f1206aea1ad8384ce897b74ad.
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
# Conflicts:
# authentik/root/settings.py
* optimize startup to not spawn a bunch of one-off processes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* idk why this shows up
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-04-02 14:19:32 +02:00
50e493d692
internal: cleanup static file serving setup code ( #8965 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-03-20 12:06:24 +01:00
1b81973358
outposts/proxy: Fix invalid redirect on external hosts containing path components ( #8915 )
...
* outposts/proxy: Fix invalid redirect on external hosts containing path components
Signed-off-by: Max <github@germancoding.com >
* outposts/proxy: Fix test for changed redirect logic
Signed-off-by: Max <github@germancoding.com >
---------
Signed-off-by: Max <github@germancoding.com >
2024-03-19 20:31:08 +01:00
104e70c383
root: support redis username ( #8935 )
2024-03-18 12:44:38 +01:00
3f43ff22a8
outpost: improved set secret answers for flow execution ( #8013 )
...
* outpost/radius: set mfa answer for noncode-based mfa
* refactor CheckPasswordInlineMFA to SetSecrets
* small style changes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2024-03-15 18:05:44 +01:00
62e58f2fe9
release: 2024.2.2
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
# Conflicts:
# pyproject.toml
2024-03-04 21:25:25 +01:00
05fb11b1f0
website/docs: s3: fix environment variables ( #8722 )
2024-02-28 12:27:19 +01:00
5ca929417b
release: 2024.2.1
2024-02-22 17:02:54 +01:00
a21683555a
root: cherry-pick version bump
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-02-21 15:56:45 +01:00
25e72558eb
core: optimise user list endpoint ( #8353 )
...
* unrelated changes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* optimization pass 1: reduce N tenant lookups by taking tenant from request, reduce get_anonymous calls
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make it easier to exclude anonymous user
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-01-30 01:55:26 +01:00
50e7336720
release: 2023.10.7
2024-01-29 18:48:56 +01:00
abc0c2d2a2
root: Multi-tenancy ( #7590 )
...
* tenants -> brands, init new tenant model, migrate some config to tenants
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* setup logging for tenants
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* configure celery and cache
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* small fixes, runs
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* task fixes, creation of tenant now works by cloning a template schema, some other small stuff
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix-tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* upstream fixes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix-pylint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix avatar tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* migrate config reputation_expiry as well
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix web rebase
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix migrations for template schema
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix migrations for template schema
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix migrations for template schema 3
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* revert reputation expiry migration
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix type
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix some more tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* website: tenants -> brands
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* try fixing e2e tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* start frontend :help:
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add ability to disable tenants api
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* delete embedded outpost if it is disabled
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* make sure embedded outpost is disabled when tenants are enabled
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* management commands: add --schema option where relevant
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* store files per-tenant
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix embedded outpost deletion
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix files migration
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add tenant api tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add domain tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add settings tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* make --schema-name default to public in mgmt commands
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* sources/ldap: make sure lock is per-tenant
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix stuff I broke
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix remaining failing tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* try fixing e2e tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* much better frontend, but save does not refresh form properly
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* update django-tenants with latest fixes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* i18n-extract
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* review comments
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* move event_retention from brands to tenants
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* wip
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* root: add support for storing media files in S3
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* use permissions for settings api
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* blueprints: disable tenants management
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix embedded outpost create/delete logic
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* make gen
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* make sure prometheus metrics are correctly served
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* makefile: don't delete the go api client when not regenerating it
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* tenants api: add recovery group and token creation endpoints
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix startup
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix prometheus metrics
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix web stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix migrations from stable
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix oauth source type import
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Revert "fix oauth source type import"
This reverts commit d015fd0244marc.schmitt@risson.space >
* try with connection_created signal
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix scim tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix web after merge
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix enterprise settings
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Revert "try with connection_created signal"
This reverts commit 764a999db832b40a3bbbmarc.schmitt@risson.space >
* fix django version
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix web after merge
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* relock poetry
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix reconcile
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* try running tenant save in a transaction
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* black
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* test: export postgres logs for debugging and use failfast
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* test: fix container name for logs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* do not copy tenant data
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Revert "try running tenant save in a transaction"
This reverts commit da6dec5a614bffb19704marc.schmitt@risson.space >
* why not
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* remove failfast
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove postgres query logging
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update reconcile logic to clearly differentiate between tenant and global
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix reconcile app decorator
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* enable django checks
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* actually nodata was unnecessary as we're cloning from template and not from public
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* pylint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* update django-tenants with sequence fix
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* actually update
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix e2e tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add tests for settings api
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add tests for recovery api
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* recovery tests: do them on a new tenant
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* web: fix system status being degraded when embedded outpost is disabled
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix recovery tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix tenants tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint-fix
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint-fix
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* update UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add management command to create a tenant
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add docs
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* release notes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* more docs
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* checklist
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* self review
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* spelling
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* make web after upgrading
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* remove extra xlif file
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* prettier
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Revert "add management command to create a tenant"
This reverts commit 39d13c0447jens@goauthentik.io >
* rewite some things on the release notes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* root: make sure install_id comes from public schema
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* require a license to use tenants
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix tenants tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix files migration
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* release notes: add warning about user sessions being invalidated
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* remove api disabled test, we can't test for it
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
---------
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2024-01-23 14:28:06 +01:00
b0e74d348a
root: fix listen trusted_proxy_cidrs config loading from environment ( #8075 )
...
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2024-01-10 22:39:27 +00:00
