a575de21bc
update go version
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-06-04 18:24:55 +02:00
0d18c1d797
web: fix regression in subpath support ( #14646 )
...
* web: fix regression in subpath support, part 1
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix media path in subpath
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-05-27 18:42:47 +02:00
65517f3b7f
enterprise/stages: Add MTLS stage ( #14296 )
...
* prepare client auth with inbuilt server
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* introduce better IPC auth
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* init
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start stage
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* only allow trusted proxies to set MTLS headers
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more stage progress
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* dont fail if ipc_key doesn't exist
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* actually install app
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add some tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update API
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix unquote
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix int serial number not jsonable
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* init ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated: fix git pull in makefile
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix parse helper
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add test for outpost
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more tests and improvements
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* improve labels
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add support for multiple CAs on brand
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add support for multiple CAs to MTLS stage
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* dont log ipcuser secret views
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix go mod
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-05-19 22:48:17 +02:00
84b5992e55
ci: bump golangci/golangci-lint-action from 6 to 7 ( #13661 )
...
* ci: bump golangci/golangci-lint-action from 6 to 7
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action ) from 6 to 7.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases )
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v6...v7 )
---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
* fix lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix v2
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix v3
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: dependabot[bot] <support@github.com >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2025-03-26 18:03:20 +01:00
ffd5234396
web: only load version context when authenticated ( #12482 )
...
* only add version context for authz interface
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rename enterprise aware interface
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* dont log startup error
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-12-25 16:58:18 +01:00
1623885dc6
root: fix health status code ( #12255 )
2024-12-03 17:59:16 +02:00
5e72ec9c0c
root: support running authentik in subpath ( #8675 )
...
* initial subpath support
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make outpost compatible
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix static files somewhat
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix web interface
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix most static stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix most web links
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix websocket
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix URL for static files
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format web
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add root redirect for subpath
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* set cookie path
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Update internal/config/struct.go
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Signed-off-by: Jens L. <jens@beryju.org >
* fix sfe
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* bump required version
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix flow background
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix lint and some more links
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix impersonate
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens L. <jens@beryju.org >
Signed-off-by: Jens L. <jens@goauthentik.io >
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
2024-11-26 15:38:23 +01:00
5ea4580884
security: fix CVE 2024 52307 ( #12115 )
...
* security: fix CVE-2024-52307
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-11-21 14:24:28 +01:00
4189981995
internal: add CSP header to files in /media ( #12092 )
...
add CSP header to files in `/media`
This fixes a security issue of stored cross-site scripting via embedding
JavaScript in SVG files by a malicious user with `can_save_media`
capability.
This can be exploited if:
- the uploaded file is served from the same origin as authentik, and
- the user opens the uploaded file directly in their browser
Co-authored-by: Jens L. <jens@goauthentik.io >
2024-11-21 09:16:07 +01:00
d4bf3b7068
root: check remote IP for proxy protocol same as HTTP/etc ( #12094 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-11-20 21:33:35 +01:00
1b285f85c0
outposts: implement general paginator for list API requests ( #10619 )
...
* outposts: implement general paginator
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* migrate LDAP
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* change main outpost refresh logic to use paginator everywhere
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add comments to understand anything
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* actually use paginator everywhere
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-07-29 22:14:18 +02:00
fd1d252d44
root: Make health checks compatible with cloud platform load balancers ( #10554 )
...
* Change health checks to return HTTP 200.
* Fix web.go check.
* Only update docs.
* update docs and add changelog entry
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2024-07-20 21:15:29 +02:00
7ea721c487
root: move database calls from ready() to dedicated startup signal ( #9081 )
...
* root: move database calls from ready() to dedicated startup signal
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* optimise gunicorn startup to only do DB code in one worker
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* always use 2 workers in compose
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* send startup signals for test runner
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove k8s import that isn't really needed
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* ci: bump nested actions
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix @reconcile_app not triggering reconcile due to changed functions
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* connect startup with uid
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* adjust some log levels
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove internal healthcheck
we didn't really use it to do anything, and we shouldn't have to since the live/ready probes are handled by django anyways and so the container runtime will restart the server if needed
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add setproctitle for gunicorn and celery process titles
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* configure structlog early to use it
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Revert "configure structlog early to use it"
This reverts commit 16778fdbbca0f5c474d376c2f85c6f8032c06044.
* Revert "adjust some log levels"
This reverts commit a129f7ab6aecf27f1206aea1ad8384ce897b74ad.
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
# Conflicts:
# authentik/root/settings.py
* optimize startup to not spawn a bunch of one-off processes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* idk why this shows up
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-04-02 14:19:32 +02:00
50e493d692
internal: cleanup static file serving setup code ( #8965 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-03-20 12:06:24 +01:00
25e72558eb
core: optimise user list endpoint ( #8353 )
...
* unrelated changes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* optimization pass 1: reduce N tenant lookups by taking tenant from request, reduce get_anonymous calls
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make it easier to exclude anonymous user
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-01-30 01:55:26 +01:00
abc0c2d2a2
root: Multi-tenancy ( #7590 )
...
* tenants -> brands, init new tenant model, migrate some config to tenants
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* setup logging for tenants
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* configure celery and cache
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* small fixes, runs
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* task fixes, creation of tenant now works by cloning a template schema, some other small stuff
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix-tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* upstream fixes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix-pylint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix avatar tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* migrate config reputation_expiry as well
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix web rebase
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix migrations for template schema
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix migrations for template schema
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix migrations for template schema 3
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* revert reputation expiry migration
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix type
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix some more tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* website: tenants -> brands
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* try fixing e2e tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* start frontend :help:
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add ability to disable tenants api
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* delete embedded outpost if it is disabled
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* make sure embedded outpost is disabled when tenants are enabled
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* management commands: add --schema option where relevant
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* store files per-tenant
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix embedded outpost deletion
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix files migration
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add tenant api tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add domain tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add settings tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* make --schema-name default to public in mgmt commands
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* sources/ldap: make sure lock is per-tenant
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix stuff I broke
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix remaining failing tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* try fixing e2e tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* much better frontend, but save does not refresh form properly
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* update django-tenants with latest fixes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* i18n-extract
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* review comments
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* move event_retention from brands to tenants
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* wip
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* root: add support for storing media files in S3
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* use permissions for settings api
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* blueprints: disable tenants management
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix embedded outpost create/delete logic
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* make gen
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* make sure prometheus metrics are correctly served
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* makefile: don't delete the go api client when not regenerating it
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* tenants api: add recovery group and token creation endpoints
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix startup
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix prometheus metrics
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix web stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix migrations from stable
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix oauth source type import
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Revert "fix oauth source type import"
This reverts commit d015fd0244marc.schmitt@risson.space >
* try with connection_created signal
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix scim tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix web after merge
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix enterprise settings
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Revert "try with connection_created signal"
This reverts commit 764a999db832b40a3bbbmarc.schmitt@risson.space >
* fix django version
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix web after merge
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* relock poetry
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix reconcile
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* try running tenant save in a transaction
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* black
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* test: export postgres logs for debugging and use failfast
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* test: fix container name for logs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* do not copy tenant data
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Revert "try running tenant save in a transaction"
This reverts commit da6dec5a614bffb19704marc.schmitt@risson.space >
* why not
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* remove failfast
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove postgres query logging
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update reconcile logic to clearly differentiate between tenant and global
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix reconcile app decorator
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* enable django checks
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* actually nodata was unnecessary as we're cloning from template and not from public
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* pylint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* update django-tenants with sequence fix
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* actually update
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix e2e tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add tests for settings api
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add tests for recovery api
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* recovery tests: do them on a new tenant
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* web: fix system status being degraded when embedded outpost is disabled
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix recovery tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix tenants tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint-fix
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint-fix
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* update UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add management command to create a tenant
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add docs
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* release notes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* more docs
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* checklist
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* self review
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* spelling
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* make web after upgrading
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* remove extra xlif file
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* prettier
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Revert "add management command to create a tenant"
This reverts commit 39d13c0447jens@goauthentik.io >
* rewite some things on the release notes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* root: make sure install_id comes from public schema
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* require a license to use tenants
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix tenants tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix files migration
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* release notes: add warning about user sessions being invalidated
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* remove api disabled test, we can't test for it
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
---------
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2024-01-23 14:28:06 +01:00
240cf6dd94
enterprise/providers: Add RAC [AUTH-15] ( #7291 )
...
* add basic guacamole
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make everything mostly work
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add rac build to CI
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix resize, fix web lint, sendSize correctly
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* pre-send connection from client, format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* improve throughput
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rework TokenOutpostConsumer into middleware
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix some layout issues
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add outpost controllers
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start testing audio things
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix a bunch of things
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add deps
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix to work with outpost group
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add simple loadbalancing
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add simple reconnect
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* show reconnecting text
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix error when checking ports
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* move to providers
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add flow check to interface
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix go lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix rac app label
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix audio
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add logging
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* allow overriding all settings
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix duplicate keyboard, debug high DPI
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-add deps
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix missing __init__.py breaking model loading
I love python
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* bump successful ws connection to info
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* hide cursor since guac draws that
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add clipboard support (bidirectional)
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make codespell not want to break the code
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* run pr comment in separate task
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start endpoint and property mapping stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more endpoint things
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated: fix event model_pk filtering with ints
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated: improve event display for changelog
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rebuild endpoint stuff again
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* idk special url
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more stuff, connect token with session
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add disconnect
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rework disconnect
cleanly disconnect from guacd instead of just letting the connection timeout
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* clear cache when creating outpost
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* support host:port and fix protocol
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* center smaller viewport
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rework connection to wait more and stop after some time
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add policy control to endpoints
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove provider protocol
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* don't switch to different outpost connection when already chosen
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start using property mappings, add static settings
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add some RAC mapping settings
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start adding tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add tests for event changes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add tests and fix issues found by said tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add preview banner, move endpoints to main page
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add locale
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* auto-select endpoint if only one is available
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* backport https://github.com/goauthentik/authentik/pull/7831 to rac
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* dont select property mappings on endpoints
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make table modal only load when opened
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* only auto-redirect when open
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix web deps
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* check for token expiry and terminate session
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-add endpoint name to title
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* disconnect connection when token is manually deleted
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add initial RAC docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add connection expiry setting to provider
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix flaky tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-12-30 21:33:14 +01:00
729ef4d786
root: bump python deps (django 5) ( #7862 )
...
* bump python deps
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* vendor pickle serializer for now
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
#7761
* cleanup some things and re-build api scheme
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix web and go
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* actually fix go...?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* better annotate json fields
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use jsondictfield wherever
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove all virtualenvs?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* ?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* final version bump
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-12-18 22:07:59 +01:00
dc7ffba8fa
internal: remove special route for /outpost.goauthentik.io ( #7539 )
...
With this special route for outpost.goauthentik.io, misdirected requests to /outpost.goauthentik.io/auth/start will create a cookie for the domain authentik is accessed under, which will cause issues with the actual full auth flow. Requests to /outpost.goauthentik.io will still be routed to the outpost, but with this change only when the hostname matches
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-11-13 17:39:40 +01:00
4080080acd
internal: remove deprecated metrics ( #7540 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-11-13 14:48:37 +01:00
4a434d581d
root: handle SIGHUP and SIGUSR2, healthcheck gunicorn ( #6630 )
...
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2023-09-27 11:34:29 +00:00
fd561ac802
root: connect to backend via socket ( #6720 )
...
* root: connect to gunicorn via socket
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* put socket in temp folder
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use non-socket connection for debug
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* don't hardcode local url
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix dev_server missing websocket
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* dedupe logging config between gunicorn and main app
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* slight refactor for proxy errors
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-09-02 17:58:37 +02:00
a2714ab1f1
outposts: make metrics compliant with Prometheus best-practices ( #6398 )
...
web/outpost: make metrics compliant with Prometheus best-practices
Today, all NewHistogramVec store values in nanoseconds without changing
the default histogram bucket, which are made for seconds, making them
a bit useless. In addition, some metrics names are not self-explanatoryand
and do not comply with Prometheus best practices.
This commit tries to fix all of this "issues".
NOTE: I kept old metrics in order to avoid breaking changes with
existing dashboards and metrics.
Signed-off-by: Alexandre NICOLAIE <xunleii@users.noreply.github.com >
2023-07-27 18:51:08 +02:00
d22d147c8e
security: fix CVE-2023-36456 ( #6171 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-07-06 18:16:26 +02:00
ab795e6642
internal: ignore insecure TLS certs ( #5483 )
...
* servers: ignore insecure TLS certs
* slight refactor to have a single place for tls config
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2023-05-05 15:57:52 +03:00
41d17dc543
internal: fix crash when port 9000 is in use ( #4863 )
...
fix crash when port 9000 is in use
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-03-07 13:27:46 +01:00
0874574e5c
*: add additional prometheus metrics, remove unusable high entropy metrics
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-02-19 17:08:40 +01:00
5ea9595c9c
internal: fix cache-control header
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
#4525
2023-01-25 21:18:20 +01:00
06f67c738c
internal: check certificate value and not IsSet
...
closes #4369
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2023-01-05 18:30:11 +01:00
bacf2afed1
internal: remove sentry proxy
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-12-19 17:52:07 +01:00
276af8457d
root: make sentry DSN configurable ( #4016 )
...
* make sentry DSN configurable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* make proxy smarter
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix typo in config struct
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-11-15 16:05:29 +01:00
56181a45a1
internal: limit body size
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-10-17 18:52:16 +02:00
53f224300b
internal: set ETag header on static resources to reduce cache issues
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
#3456
2022-09-11 23:18:34 +02:00
242423cf3c
internal: remove sentryhttp from main server mux to prevent double traces
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-09-03 16:41:47 +02:00
514c48a986
internal: fix routing for requests with querystring signature to embedded outpost
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-08-18 20:43:01 +02:00
846b63a17b
*: remove some very verbose logging messages
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-08-17 13:36:56 +02:00
4c9878313c
sources/oauth: correctly concatenate URLs to allow custom parameters to be included
...
closes #3374
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-08-08 21:17:32 +02:00
6356ddd9f3
internal: replace ioutils
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-08-08 21:00:45 +02:00
201bea6d30
internal: add X-authentik-logout signature to trigger logouts when URLs are not exposed
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-08-07 18:50:24 +02:00
2ce8e18bab
internal: centralise config for listeners to use same config system everywhere ( #3367 )
...
* centralise config for listeners to use same config system everywhere
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
#3360
* add docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-08-03 21:33:27 +02:00
393d7ec486
providers/proxy: no exposed urls ( #3151 )
...
* test any callback
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* dont detect callback in per-server handler
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* use full redirect uri with both path and query param
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* update tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* correctly route to embedded outpost for callback signature
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix allowed redirects
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-07-30 17:51:01 +02:00
10b48b27b0
internal: walk config in go, check, parse and load from scheme like in python
...
closes #2719
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-07-26 11:33:37 +02:00
ece0429ea8
internal: failback with self-signed cert if cert for tenant fails to load
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-06-20 21:26:34 +02:00
0a83b04419
internal: fix routing to embedded outpost
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-06-16 17:05:27 +02:00
2d48fe42f4
internal: dont sample gunicorn proxied requests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-06-16 11:32:21 +02:00
bdf76bb4b7
internal: skip tracing for go healthcheck and metrics endpoints
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-06-10 22:21:11 +02:00
62a939b91d
internal: bump api client to v3
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-03-03 10:40:07 +01:00
e194715c3e
internal: fix CSRF error caused by Host header
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-02-09 14:34:55 +01:00
02ba493759
internal: trace headers and url for backend requests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-02-09 12:48:17 +01:00
a7fea5434d
internal: remove uvicorn server header
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-02-09 12:38:47 +01:00
