4f2ff6f065
root: insert daphne app in correct order ( #10725 )
...
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
2024-08-01 17:44:57 +00:00
9c1046be11
root: only load daphne django app in development ( #10723 )
2024-08-01 14:32:14 +00:00
51bf45e0a7
core: remove deprecated sentry-sdk method usage ( #10648 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-07-26 13:51:30 +02:00
fd1d252d44
root: Make health checks compatible with cloud platform load balancers ( #10554 )
...
* Change health checks to return HTTP 200.
* Fix web.go check.
* Only update docs.
* update docs and add changelog entry
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2024-07-20 21:15:29 +02:00
f83838003b
core: improve error handling on ASGI level ( #10547 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-07-19 17:17:42 +02:00
8db1d86c6b
flows: remove stage challenge type ( #10476 )
...
* flows: remove stage challenge type
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* improve coverage
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-07-13 18:37:29 +02:00
5c8a9abb33
api: use custom json renderer for speed ( #9977 )
...
* api: use custom json renderer for speed
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* switch to drf-orjson-renderer
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2024-07-08 17:27:29 +02:00
ff06214b0e
core: include version in built JS files ( #9558 )
...
* web: fix esbuild issue with style sheets
Getting ESBuild, Lit, and Storybook to all agree on how to read and parse stylesheets is a serious
pain. This fix better identifies the value types (instances) being passed from various sources in
the repo to the three *different* kinds of style processors we're using (the native one, the
polyfill one, and whatever the heck Storybook does internally).
Falling back to using older CSS instantiating techniques one era at a time seems to do the trick.
It's ugly, but in the face of the aggressive styling we use to avoid Flashes of Unstyled Content
(FLoUC), it's the logic with which we're left.
In standard mode, the following warning appears on the console when running a Flow:
```
Autofocus processing was blocked because a document already has a focused element.
```
In compatibility mode, the following **error** appears on the console when running a Flow:
```
crawler-inject.js:1106 Uncaught TypeError: Failed to execute 'observe' on 'MutationObserver': parameter 1 is not of type 'Node'.
at initDomMutationObservers (crawler-inject.js:1106:18)
at crawler-inject.js:1114:24
at Array.forEach (<anonymous>)
at initDomMutationObservers (crawler-inject.js:1114:10)
at crawler-inject.js:1549:1
initDomMutationObservers @ crawler-inject.js:1106
(anonymous) @ crawler-inject.js:1114
initDomMutationObservers @ crawler-inject.js:1114
(anonymous) @ crawler-inject.js:1549
```
Despite this error, nothing seems to be broken and flows work as anticipated.
* core: include version in built JS files
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add fallback
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* include build hash
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix stuff
why does this even work locally
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* idk man node
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* just not use import assertions
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* web: add no-console, use proper dirname path
* web: retarget to use the base package.json file.
* web: encode path to root package.json using git
This is the most authoritative way of finding the root of the git project.
* use full version to match frontend
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add fallback for missing .git folder
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Ken Sternberg <ken@goauthentik.io >
2024-06-18 17:05:28 +09:00
113d6cc45f
root: handle asgi exception ( #10085 )
2024-06-12 16:56:18 +09:00
c3445374c2
core: FIPS ( #9683 )
...
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
2024-05-23 17:34:52 +00:00
fbad02fac1
providers/scim, sources/ldap: switch to using postgres advisory locks instead of redis locks ( #9511 )
...
* providers/scim, sources/ldap: switch to using postgres advisory locks instead of redis locks
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* website/integrations: discord: fix typo
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix timeout logic
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* remove redis locks completely
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Apply suggestions from code review
Signed-off-by: Jens L. <jens@beryju.org >
---------
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Signed-off-by: Jens L. <jens@beryju.org >
Co-authored-by: Jens L <jens@goauthentik.io >
2024-05-23 13:41:42 +02:00
a5467c6e19
root: add primary-replica db router ( #9479 )
...
* root: add primary-replica db router
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* copy all settings for database replicas
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* refresh read replicas config, switch to using a dict instead of a list for easier refresh
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add test for get_keys
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix getting override
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* nosec
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* small fixes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix replica settings
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* generate config: add a dummy read replica
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add doc
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add healthchecks for replicas
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add note about hot reloading
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
2024-05-21 20:15:49 +02:00
f28209548b
root: include task_id in events and logs ( #9749 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-05-16 13:33:00 +02:00
99ad492951
enterprise/providers/microsoft_entra: initial account sync to microsoft entra ( #9632 )
...
* initial
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add entra mappings
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix some stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make API endpoints more consistent
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* implement more things
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add user tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix most group tests + fix bugs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more group tests, fix bugs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix missing __init__
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add ui for provisioned users
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix a bunch of bugs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add `creating` to property mapping env
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* always sync group members
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix group membership
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix some types
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add group member add test
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* create sync status component to dedupe
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix discovery tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* get rid of more code and fix more issues
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add error handling for auth and transient
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make sure autoretry is on
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format web
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* wait for task in signal
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add squashed google migration
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-05-09 15:41:23 +02:00
aeb1b450eb
enterprise/providers/google: initial account sync to google workspace ( #9384 )
...
* providers/google: initial account sync to google workspace
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start separating scim sync client
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* generalize more...ish
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* set dispatch_uid
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start generalizing task
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fully separate tasks
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix more
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix signals...?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start google dedupe
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* drawing the rest of the owl
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* juse use a whole lot less magic
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* member sync, better implement conflict/retry-able exceptions
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* max wizards taller
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* gen api, basic UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix some bugs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix a bunch more bugs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* generalize sync status API
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rework sync chart
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add slugify to evaluator
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add test property mappings
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rename to google workspace
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* handle existing objects
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix credential render
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* verify email has correct domain before syncing user
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix missing docstring
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix lock not being used
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* abstract more common stuff away
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* backport time limit fix
https://github.com/goauthentik/authentik/pull/9546
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start discovery
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* implement discover for google
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* prevent same issue as with https://github.com/goauthentik/authentik/pull/9557
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix sync status
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make group name unique in API
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix reference to old wrapper
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start adding tests
man this api client is awful
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add SkipObject
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* dont use weak ref
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add group tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add user and group delete options
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* set user agent
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* if the api's testing tools are awful, let's just make our own
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add more tests and already fix some more bugs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add discover
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add preview banner
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add group import test
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* only import users/groups in the correct parent group
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix conflicting args
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix missing schedule
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix web ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add default_group_email_domain
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-05-07 19:52:20 +02:00
06d1062423
tenants: fix scheduled tasks not running on default tenant ( #9583 )
...
* tenants: fix scheduled tasks not running on default tenant
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add some extra time to keep system task around
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make sure we actually send it to all tenants
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-05-06 03:16:30 +02:00
183d036f3c
core: bump ruff from 0.4.1 to 0.4.2 ( #9448 )
...
* core: bump ruff from 0.4.1 to 0.4.2
Bumps [ruff](https://github.com/astral-sh/ruff ) from 0.4.1 to 0.4.2.
- [Release notes](https://github.com/astral-sh/ruff/releases )
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md )
- [Commits](https://github.com/astral-sh/ruff/compare/v0.4.1...v0.4.2 )
---
updated-dependencies:
- dependency-name: ruff
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
* fix formatting
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: dependabot[bot] <support@github.com >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2024-04-26 13:24:46 +02:00
64d4a19ccf
root: expose session storage configuration ( #9337 )
...
* root: expose session storage configuration
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-04-18 20:53:27 +02:00
a742331484
root: make redis settings more consistent ( #9335 )
...
* make redis settings more consistent
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add support to go
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rewrite url
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix redis connect in wait_for_db
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* censor password when logging error
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* reword docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add redis url generation helper
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-04-18 16:49:41 +02:00
3c28cf1909
sources: add SCIM source ( #3051 )
...
* initial
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* rebuild migration
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* include root URL in API
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add UI base URL
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* only allow SCIM basic auth for testing and debug
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* start user tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* antlr for scim filter parsing, why
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix url mountpoint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* ...turns out we don't need antlr
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start to revive this PR
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Apply suggestions from code review
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Jens L. <jens@beryju.org >
* don't put doc structure changes into this
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix web ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make mostly work
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add filter support
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add e2e tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix helper
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-add codecov oidc
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove unused fields from API
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix group membership
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated: fix backchannel helper text size
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* test against authentik as SCIM server I guess?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix scim provider task render
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add preview banner
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Revert "re-add codecov oidc"
This reverts commit fdeeb391afba710645e77608e0ab2e97485c48d1.
* add API for connection objects
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix preview banner
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add UI for users and groups
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens L. <jens@beryju.org >
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
2024-04-15 14:23:43 +02:00
7ef14eb86d
blueprints: only create default brand if no other default brand exists ( #9222 )
...
* blueprints: only create default brand if no other default brand exists
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix invalid blueprint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix flaky test, improve pytest output
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-04-12 14:59:48 +02:00
bb1f18d973
root: generate python client ( #9107 )
...
* generate api client
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
# Conflicts:
# authentik/lib/expression/evaluator.py
# poetry.lock
* don't attempt to pr upgrade api client
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
# Conflicts:
# poetry.lock
# pyproject.toml
* use new generator
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* t
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use upstream generator since that one is v2 already 🤦
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add missing help to makefile
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-04-04 15:39:42 +02:00
7ea721c487
root: move database calls from ready() to dedicated startup signal ( #9081 )
...
* root: move database calls from ready() to dedicated startup signal
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* optimise gunicorn startup to only do DB code in one worker
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* always use 2 workers in compose
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* send startup signals for test runner
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove k8s import that isn't really needed
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* ci: bump nested actions
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix @reconcile_app not triggering reconcile due to changed functions
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* connect startup with uid
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* adjust some log levels
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove internal healthcheck
we didn't really use it to do anything, and we shouldn't have to since the live/ready probes are handled by django anyways and so the container runtime will restart the server if needed
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add setproctitle for gunicorn and celery process titles
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* configure structlog early to use it
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Revert "configure structlog early to use it"
This reverts commit 16778fdbbca0f5c474d376c2f85c6f8032c06044.
* Revert "adjust some log levels"
This reverts commit a129f7ab6aecf27f1206aea1ad8384ce897b74ad.
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
# Conflicts:
# authentik/root/settings.py
* optimize startup to not spawn a bunch of one-off processes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* idk why this shows up
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-04-02 14:19:32 +02:00
104e70c383
root: support redis username ( #8935 )
2024-03-18 12:44:38 +01:00
d9cb82ca6c
root: ensure consistent install_id ( #8775 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-03-01 18:03:54 +01:00
b225b0200e
root: early spring clean for linting ( #8498 )
...
* remove pyright
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove pylint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* replace pylint with ruff
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* ruff fix
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix UP038
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix DJ012
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix default arg
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix UP031
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rename stage type to view
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix DJ008
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix remaining upgrade
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix PLR2004
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix B904
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix PLW2901
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix remaining issues
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* prevent ruff from breaking the code
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* stages/prompt: refactor field building
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fully remove isort
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
2024-02-24 18:13:35 +01:00
d8536ed78e
root: fix app settings load order ( #8569 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-02-19 10:30:32 +00:00
ebd05be2c4
root: simplify task signal imports ( #8454 )
...
* *: deduplicate boilerplate for importing related models
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* also auto-import .checks
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix error during prometheus metrics from #8435
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-02-08 12:44:33 +00:00
84fdd4d737
events: fix SystemTask timestamps and scheduling ( #8435 )
...
* events: fix SystemTask timestamps
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix error during prefill
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix prefill not running per tenants
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* run scheduled tasks on startup when needed
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove some explicit startup tasks
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix unrelated crypto warning
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix import loop on reputation policy
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* pass correct task params
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make enterprise task monitored
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* slightly different formatting for task list
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* also pre-squash migrations
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-02-07 15:58:33 +00:00
8949464294
root: reformat with latest black version and fix tests ( #8376 )
...
* format files
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix pyright
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* revert #8367
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* sigh
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-01-31 15:24:45 +01:00
9ed2b74661
root: fix system check warnings ( #8277 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-01-24 12:10:55 +01:00
4184f8a770
enterprise: add full audit log [AUTH-458] ( #8177 )
...
* enterprise: add full audit log
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* delegate enabled check to apps
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* move audit middleware to separate app
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* cleanse before diff
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make cleanse include a hash of the values
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix sentry error during lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* only use start of hash
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* don't use deepdiff
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add diff ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix info for dict
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update release notes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* enable audit logging for tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix startup with tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* include first 4 chars of raw value?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* only log asterisks
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fixup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-01-24 11:36:06 +01:00
abc0c2d2a2
root: Multi-tenancy ( #7590 )
...
* tenants -> brands, init new tenant model, migrate some config to tenants
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* setup logging for tenants
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* configure celery and cache
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* small fixes, runs
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* task fixes, creation of tenant now works by cloning a template schema, some other small stuff
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix-tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* upstream fixes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix-pylint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix avatar tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* migrate config reputation_expiry as well
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix web rebase
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix migrations for template schema
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix migrations for template schema
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix migrations for template schema 3
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* revert reputation expiry migration
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix type
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix some more tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* website: tenants -> brands
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* try fixing e2e tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* start frontend :help:
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add ability to disable tenants api
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* delete embedded outpost if it is disabled
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* make sure embedded outpost is disabled when tenants are enabled
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* management commands: add --schema option where relevant
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* store files per-tenant
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix embedded outpost deletion
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix files migration
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add tenant api tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add domain tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add settings tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* make --schema-name default to public in mgmt commands
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* sources/ldap: make sure lock is per-tenant
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix stuff I broke
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix remaining failing tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* try fixing e2e tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* much better frontend, but save does not refresh form properly
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* update django-tenants with latest fixes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* i18n-extract
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* review comments
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* move event_retention from brands to tenants
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* wip
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* root: add support for storing media files in S3
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* use permissions for settings api
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* blueprints: disable tenants management
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix embedded outpost create/delete logic
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* make gen
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* make sure prometheus metrics are correctly served
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* makefile: don't delete the go api client when not regenerating it
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* tenants api: add recovery group and token creation endpoints
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix startup
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix prometheus metrics
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix web stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix migrations from stable
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix oauth source type import
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Revert "fix oauth source type import"
This reverts commit d015fd0244marc.schmitt@risson.space >
* try with connection_created signal
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix scim tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix web after merge
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix enterprise settings
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Revert "try with connection_created signal"
This reverts commit 764a999db832b40a3bbbmarc.schmitt@risson.space >
* fix django version
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix web after merge
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* relock poetry
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix reconcile
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* try running tenant save in a transaction
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* black
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* test: export postgres logs for debugging and use failfast
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* test: fix container name for logs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* do not copy tenant data
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Revert "try running tenant save in a transaction"
This reverts commit da6dec5a614bffb19704marc.schmitt@risson.space >
* why not
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* remove failfast
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove postgres query logging
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update reconcile logic to clearly differentiate between tenant and global
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix reconcile app decorator
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* enable django checks
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* actually nodata was unnecessary as we're cloning from template and not from public
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* pylint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* update django-tenants with sequence fix
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* actually update
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix e2e tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add tests for settings api
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add tests for recovery api
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* recovery tests: do them on a new tenant
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* web: fix system status being degraded when embedded outpost is disabled
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix recovery tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix tenants tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint-fix
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint-fix
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* update UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add management command to create a tenant
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add docs
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* release notes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* more docs
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* checklist
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* self review
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* spelling
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* make web after upgrading
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* remove extra xlif file
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* prettier
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Revert "add management command to create a tenant"
This reverts commit 39d13c0447jens@goauthentik.io >
* rewite some things on the release notes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* root: make sure install_id comes from public schema
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* require a license to use tenants
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix tenants tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix files migration
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* release notes: add warning about user sessions being invalidated
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* remove api disabled test, we can't test for it
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
---------
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2024-01-23 14:28:06 +01:00
38e1ad5ade
root: replace django-silk with Spotlight ( #7828 )
...
* root: replace django-silk with Spotlight
https://spotlightjs.com/
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use containerized spotlight
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix lock
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update spotlight version
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove platform
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-01-11 12:33:31 +01:00
b84facb9fc
tests/e2e: fix tests to work without docker network_mode host ( #8035 )
...
* tests/e2e: start fixing tests to work without docker network_mode host
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* migrate saml and oauth source
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update deps (mainly to update lxml which was causing a segfault on macos)
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* migrate saml source
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix sentry env in testing
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make oauth types name and slug make more sense
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* migrate ldap
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make tests run with --keepdb? partially?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* migrate radius
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix proxy provider first half
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* install libxml2-dev to work around seg fault?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* actually that doesn't change anything since use latest libxml2
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* refactor did not refactor the code
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-01-01 21:08:40 +01:00
02869d8173
stages/user_login: session binding ( #7881 )
...
* start with user_login stage
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
# Conflicts:
# authentik/root/settings.py
* fix and improve logout event
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* lint pass
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update authenticated session when IP changes and binding doesn't break
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update docs, always keep old and new IP in event
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-gen api schema
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-12-23 01:20:23 +01:00
50860d7ffe
events: add ASN Database reader ( #7793 )
...
* events: add ASN Database reader
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix test config generator
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* de-duplicate code
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add enrich_context
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rename to context processors?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix cache
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use config deprecation system, update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update more docs and tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add test asn db
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-build schema with latest versions
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-12-20 22:16:50 +01:00
3e530cf1b5
flows: add "require outpost" authentication_requirement ( #7921 )
...
* migrate get_client_ip to middleware
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use middleware directly without wrapper
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add require_outpost setting for flows
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update schema
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update web ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fixup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* improve fallback
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-12-19 13:32:10 +01:00
2ec979d490
root: make test database name configurable ( #7591 )
...
* test
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* idk attempt to fix flaky test
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* oops
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-12-18 23:00:24 +01:00
729ef4d786
root: bump python deps (django 5) ( #7862 )
...
* bump python deps
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* vendor pickle serializer for now
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
#7761
* cleanup some things and re-build api scheme
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix web and go
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* actually fix go...?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* better annotate json fields
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use jsondictfield wherever
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove all virtualenvs?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* ?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* final version bump
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-12-18 22:07:59 +01:00
a07fbf5c02
root: disable django-silk profiler ( #7715 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-11-28 12:23:19 +02:00
9db9ad3d66
root: Restructure broker / cache / channel / result configuration ( #7097 )
...
* Initial commit
* Remove any remaining mentions of Redis URL
This is handled in https://github.com/goauthentik/authentik/pull/5395
* Allow setting broker transport options
This enables usage of other brokers that require additional settings
* Remove remaining reference to Redis URL
This functionality is not part of this PR
* Reset default TLS requirements to none
* Fix linter errors
* Move dict from base64 encoded json to config.py
Additionally add tests
* Replace ast.literal_eval with json.loads
* Use default channel and cache backend configuration
If more customization is desired users shall look at goauthentik.io/docs/installation/configuration#custom-python-settings
* Send config deprecation notification to all superusers
* Remove duplicate method
* Add configuration explanation
For channel layer settings
* Use Event for deprecation warning
* Fix remove duplicated method
* Add missing comma
* Update authentik/lib/config.py
Signed-off-by: Jens L. <jens@beryju.org >
* Fix Event deprecation handling
---------
Signed-off-by: Jens L. <jens@beryju.org >
Co-authored-by: Jens L <jens@beryju.org >
2023-11-10 15:44:37 +01:00
e28babb0b8
core: Initial RBAC ( #6806 )
...
* rename consent permission
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* the user version
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
t
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* initial role
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start form
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* some minor table refactoring
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix user, add assign
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add roles ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix backend
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add assign API for roles
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start adding toggle buttons
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start view page
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* exclude add_ permission for per-object perms
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* small cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add permission list for roles
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make sidebar update
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix page header not re-rendering?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fixup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add search
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* show first category in table groupBy except when its empty
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make model and object PK optional but required together
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* allow for setting global perms
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* exclude non-authentik permissions
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* exclude models which aren't allowed (base models etc)
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* ensure all models have verbose_name set, exclude some more internal objects
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* lint fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix role perm assign
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add unasign for global perms
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add meta changes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* clear modal state after submit
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add roles to our group
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix duplicate url names
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make recursive group query more usable
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add name field to role itself and move group creation to signal
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start sync
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* move rbac stuff to separate django app
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix lint and such
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix go
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start API changes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add more API tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make admin interface not require superuser for now, improve error handling
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* replace some IsAdminUser where applicable
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* migrate flow inspector perms to actual permission
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix license not being a serializermodel
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add permission modal to models without view page
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add additional permissions to assign/unassign permissions
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add action to unassign user permissions
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add permissions tab to remaining view pages
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix flow inspector permission check
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix codecov config?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add more API tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* ensure viewsets have an order set
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* hopefully the last api name change
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make perm modal less confusing
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start user view permission page
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* only make delete bulk form expandable if usedBy is set
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* expand permission tables
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add more things
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add user global permission table
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests' url names
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add tests for assign perms
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add unassign tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rebuild permissions
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* prevent assigning/unassigning permissions to internal service accounts
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* only enable default api browser in debug
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix role object permissions showing duplicate
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix role link on role object permissions table
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix object permission modal having duplicate close buttons
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* return error if user has no global perm and no object perms
also improve error display on table
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* small optimisation
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* optimise even more
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update locale
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add system permission for non-object permissions
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* allow access to admin interface based on perm
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* clean
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* don't exclude base models
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-10-16 17:31:50 +02:00
25d4905d6c
outposts: use channel groups instead of saving channel names ( #7183 )
...
* outposts: use channel groups instead of saving channel names
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use pubsub
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* support storing other args with state
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-10-16 17:01:44 +02:00
abab635a01
tests: fix potential infinite wait in tests spinning up a container ( #7153 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-10-12 13:57:29 +02:00
205d3d10e3
root: Support PyCharm's test runner ( #7074 )
...
* Initial commit.
* Use Django's test runner as basis
* Skip already correctly formatted test labels
2023-10-05 20:13:38 +02:00
e55e27d060
root: disable APPEND_SLASH ( #6928 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-09-26 18:59:28 +02:00
0e5952650b
root: make Celery worker concurrency configurable ( #6837 )
...
* root: made Celery worker concurrency configurable
* core: fixed Celery worker command to set autoscaling options to account for worker concurrency setting
* Update website/docs/installation/configuration.md
Signed-off-by: Jens L. <jens@beryju.org >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens L. <jens@beryju.org >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens L <jens@beryju.org >
2023-09-26 10:37:22 +00:00
a32755b6c8
root: Add setting to adjust database config for pgpool ( #6949 )
2023-09-21 12:54:18 +02:00
6612f729ec
stages/authenticator: vendor otp ( #6741 )
...
* initial import
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update imports
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove email and hotp for now
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove things we don't need and clean up
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* initial merge static
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* initial merge totp
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more fixes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix migrations
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update webui
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add system migration
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more cleanup, add doctests to test_runner
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fixup more lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* cleanup last tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update docstrings
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* implement SerializerModel
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix web format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-09-04 11:45:14 +02:00
