6aaec08496
Revert "policies: buffered policy access view for concurrent authorization attempts when unauthenticated ( #13629 )" ( #14180 )
2025-04-22 15:45:45 +00:00
35ff418c42
policies: buffered policy access view for concurrent authorization attempts when unauthenticated ( #13629 )
...
* policies: buffered policy access view for concurrent authorization attempts when unauthenticated
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* better cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more polish
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix multiple redirects, add e2e test
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated: add sp initiated post test
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add SAML parallel test
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* optimise detection of when authentication is in progress
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* better backoff timing
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-03-30 19:56:03 +02:00
6549b303d5
enterprise/providers: SSF ( #12327 )
...
* init
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix some other stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more progress
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix missing format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make it work, send verification event
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* progress
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more progress
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* save iss
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add signals for MFA devices
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* refactor more
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-work auth
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add API to list ssf streams
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start rbac
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add ssf icon
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix web
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix bugs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make events expire, rewrite sending logic
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add oidc token test
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add stream list
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add jwks tests and fixes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update web ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix configuration endpoint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* replace port number correctly
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* better log what went wrong
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* linter has opinions
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix messages
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix set status
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more debug logging
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix issuer here too
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove port :443...removal
apparently apple's HTTP logic is wrong and includes the port in the Host header even if the default port is used (80 or 443), which then fails as the URL doesn't exactly match what the admin configured...so instead of trying to add magic about this we'll add it in the docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix error when no request in context
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add signal for admin session revoke
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* set txn based on request id
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* validate method and endpoint url
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix request ID detection
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add timestamp
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* temp migration
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix signal
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add signal tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* the final commit
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* ok actually the last commit
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-02-05 17:52:14 +01:00
baf8f18d54
events: make sure password set event has the correct IP ( #12585 )
...
* events: make sure password set event has the correct IP
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* wip
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
---------
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
2025-01-13 20:38:14 +01:00
629d5df763
flows/inspector: add button to open flow inspector ( #12656 )
...
* flows: differentiate between flow inspector being available and open
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add overlay button to open inspector
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Apply suggestions from code review
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Jens L. <jens@beryju.org >
* fix perm check
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rewrite docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens L. <jens@beryju.org >
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
2025-01-13 19:55:34 +01:00
4a8329649c
tests/e2e: manually remove containers for better debugging ( #11772 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-12-20 22:03:29 +01:00
40a7135c0c
core: app entitlements ( #12090 )
...
* core: initial app entitlements
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* base off of pbm
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add tests and oauth2
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add to proxy
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rewrite to use bindings
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make policy bindings form and list more customizable
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* double fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* refine permissions
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add missing rbac modal to app entitlements
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* separate scope for app entitlements
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* include entitlements mapping in proxy
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add API validation to prevent policies from being bound to entitlements
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make preview
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add initial docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove duplicate docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-12-18 14:32:44 +01:00
1a1d499833
sources/oauth: allow creation of user connection objects with parameters ( #12195 )
...
* sources/oauth: allow creation of user connection objects with parameters
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix web
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* tix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add for all
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* align
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-12-18 13:28:22 +01:00
3996bdac33
website: Bump prettier from 3.3.3 to 3.4.1 in /website ( #12205 )
...
* website: Bump prettier from 3.3.3 to 3.4.1 in /website
Bumps [prettier](https://github.com/prettier/prettier ) from 3.3.3 to 3.4.1.
- [Release notes](https://github.com/prettier/prettier/releases )
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md )
- [Commits](https://github.com/prettier/prettier/compare/3.3.3...3.4.1 )
---
updated-dependencies:
- dependency-name: prettier
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
* update formatting
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* sigh
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* disable flaky test
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: dependabot[bot] <support@github.com >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2024-11-27 15:14:19 +01:00
85bb638243
security: fix CVE 2024 52289 ( #12113 )
...
* initial migration
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* migrate tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix loading
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start dynamic ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* initial ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add serialize
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add error message handling
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix/add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* prepare docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* migrate to new input
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-11-21 14:46:43 +01:00
3bdb287b78
providers/oauth2: fix amr claim not set due to login event not associated ( #11780 )
...
* providers/oauth2: fix amr claim not set due to login event not associated
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add sid claim
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* import engine only once
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove manual sid extraction from proxy, add test, make session key hashing more obvious
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated string fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-10-23 21:29:18 +02:00
2fa50de470
tests/e2e: fix dex tests failing ( #11761 )
...
* tests/e2e: fix dex tests failing
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* force no special chars
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-10-22 01:52:16 +02:00
89f251d559
tests/e2e: add forward auth e2e test ( #11374 )
...
* add nginx forward_auth e2e tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add envoy
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove even more duplicate code
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* cleanup more
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add traefik static config
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more cleanup, don't generate dex config cause they support env variables
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use default dex entrypoint to use templating
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove options that are always set as default
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix compose flag
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add caddy
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* merge python files
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use whoami api to check better
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix envoy config
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* set invalidation flow
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix logout checks
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-10-16 18:01:59 +02:00
5b66dbe890
flows: provider invalidation ( #5048 )
...
* add initial
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add web stage for session end
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* migrate saml and tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* group flow settings when providers have multiple flows
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* adjust name for default provider invalidation
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-make migrations
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add invalidation_flow to saml importer
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-do migrations again
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update web stuff to get rid of old libraries
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make unbind flow for ldap configurable
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated: fix flow inspector
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* handle invalidation_flow as optional, as it should be
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* also fix ldap outpost
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* don't generate URL in client
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* actually make it work???
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix migration breaking things...?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start fixing tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix fallback
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-migrate
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix duplicate flow setting
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add migration
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix race condition with brand
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix oauth test
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix SAML tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add to wizard, fix required
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make required, start release notes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-10-14 15:35:12 +02:00
8886532ed6
providers/ldap: fix incorrect permission check for search access ( #11217 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-09-05 01:19:11 +02:00
8f53d0b9f3
providers/ldap: Remove search group ( #10639 )
...
* remove search_group
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make api operations cleaerer
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix migration
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* actually use get
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use correct api client for ldap
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix migration
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated: fix migration warning
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated: fix styling issue in dark mode
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated-ish fix button order in wizard
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated: fix missing css import
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Optimised images with calibre/image-actions
* Update index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Jens L. <jens@beryju.org >
* Update index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Jens L. <jens@beryju.org >
* Apply suggestions from code review
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Jens L. <jens@beryju.org >
* update release notes based on new template
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens L. <jens@beryju.org >
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
2024-08-14 16:31:11 +02:00
83b02a17d5
sources: add property mappings for all oauth and saml sources ( #8771 )
...
Co-authored-by: Jens L. <jens@goauthentik.io >
2024-08-07 19:14:22 +02:00
61c6887e82
providers/radius: Add support for custom attributes ( #10509 )
...
* unrelated: show logs for failed blueprints
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add dictionaries
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated: remove some unused api functions
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add initial api
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* placeholder backend
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* idk
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add proper mappings
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-07-25 19:08:33 +02:00
ced4533890
sources/ldap: rename ldappropertymapping to ldapsourcepropertymapping ( #10606 )
2024-07-25 16:09:36 +02:00
5a8d580c86
core: b2c improvements p1 ( #9257 )
...
* add default app and restrict
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* also pass raw email token for custom email templates
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* revoke access token when user logs out
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remigrate
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add command to change user types
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add some docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* blankable
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* actually fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-07-23 11:10:38 +02:00
1a6ac4740d
sources: introduce new property mappings per user and group ( #8750 )
...
* sources: introduce new property mappings per-user and group
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* sources/ldap: migrate to new property mappings
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint-fix and make gen
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* web changes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* update tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* remove flatten for generic implem
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* rework migration
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint-fix
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* wip
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix migrations
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* re-add field migration to property mappings
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix migrations
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* more migrations fixes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* easy fixes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* migrate to propertymappingmanager
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* ruff and small fixes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* move mapping things into a separate class
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* migrations: use using(db_alias)
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* migrations: use built-in variable
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add docs
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add release notes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
---------
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
2024-07-22 15:26:22 +02:00
3338a79ef0
sources/oauth: fix link not being saved ( #10374 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-07-04 16:31:33 +02:00
8bd514e17d
sources/saml: fix pickle error, add saml auth tests ( #10348 )
...
* test with persistent nameid
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix pickle
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* user_write: dont attempt to write to read only property
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add test for enroll + auth
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unwrap lazy user
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-07-03 18:28:31 +02:00
8915904cc7
tests/e2e: fix ldap tests following #10270 ( #10288 )
2024-06-28 11:02:14 +00:00
b1050e8825
tests/e2e: docker-compose.yml: remove version element forgotten last time ( #10067 )
2024-06-11 16:16:24 +02:00
49ac0eb662
sources/scim: cleanup service account when source is deleted ( #9319 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-04-17 22:57:05 +02:00
3c28cf1909
sources: add SCIM source ( #3051 )
...
* initial
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* rebuild migration
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* include root URL in API
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add UI base URL
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* only allow SCIM basic auth for testing and debug
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* start user tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* antlr for scim filter parsing, why
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix url mountpoint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* ...turns out we don't need antlr
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start to revive this PR
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Apply suggestions from code review
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Jens L. <jens@beryju.org >
* don't put doc structure changes into this
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix web ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make mostly work
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add filter support
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add e2e tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix helper
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-add codecov oidc
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove unused fields from API
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix group membership
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated: fix backchannel helper text size
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* test against authentik as SCIM server I guess?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix scim provider task render
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add preview banner
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Revert "re-add codecov oidc"
This reverts commit fdeeb391afba710645e77608e0ab2e97485c48d1.
* add API for connection objects
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix preview banner
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add UI for users and groups
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens L. <jens@beryju.org >
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
2024-04-15 14:23:43 +02:00
bc9984f516
web/admin: rework captcha stage ( #9256 )
...
* web/admin: rework captcha stage
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* idk man selenium is an enigma to me
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-04-15 12:38:01 +02:00
06af8e3a35
sources/ldap: add ability to disable password write on login ( #8377 )
...
* sources/ldap: add ability to disable password write on login
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* reword docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2024-03-25 12:22:21 +00:00
9cd94f639c
tests: fix e2e flow tests ( #8835 )
...
* maybe fix e2e
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* actually fix e2e
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-03-07 17:57:54 +01:00
b225b0200e
root: early spring clean for linting ( #8498 )
...
* remove pyright
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove pylint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* replace pylint with ruff
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* ruff fix
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix UP038
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix DJ012
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix default arg
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix UP031
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rename stage type to view
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix DJ008
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix remaining upgrade
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix PLR2004
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix B904
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix PLW2901
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix remaining issues
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* prevent ruff from breaking the code
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* stages/prompt: refactor field building
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fully remove isort
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
2024-02-24 18:13:35 +01:00
8949464294
root: reformat with latest black version and fix tests ( #8376 )
...
* format files
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix pyright
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* revert #8367
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* sigh
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-01-31 15:24:45 +01:00
25e72558eb
core: optimise user list endpoint ( #8353 )
...
* unrelated changes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* optimization pass 1: reduce N tenant lookups by taking tenant from request, reduce get_anonymous calls
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make it easier to exclude anonymous user
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-01-30 01:55:26 +01:00
96b2a1a9ba
events: migrate SystemTasks to DB ( #8159 )
...
* events: migrate system tasks to save in DB
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* prefill in app startup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* cleanup api
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update web
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use string for status
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix enum
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* save start and end directly in timestamp from default_timer()
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* improve metrics
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rename globally to system task
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* recreate migrations, better denote anonymous user
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* events: lookup actual django app instead of using module path, fallback to module path
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix logger call
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-01-24 17:23:03 +01:00
abc0c2d2a2
root: Multi-tenancy ( #7590 )
...
* tenants -> brands, init new tenant model, migrate some config to tenants
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* setup logging for tenants
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* configure celery and cache
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* small fixes, runs
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* task fixes, creation of tenant now works by cloning a template schema, some other small stuff
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix-tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* upstream fixes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix-pylint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix avatar tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* migrate config reputation_expiry as well
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix web rebase
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix migrations for template schema
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix migrations for template schema
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix migrations for template schema 3
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* revert reputation expiry migration
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix type
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix some more tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* website: tenants -> brands
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* try fixing e2e tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* start frontend :help:
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add ability to disable tenants api
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* delete embedded outpost if it is disabled
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* make sure embedded outpost is disabled when tenants are enabled
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* management commands: add --schema option where relevant
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* store files per-tenant
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix embedded outpost deletion
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix files migration
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add tenant api tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add domain tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add settings tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* make --schema-name default to public in mgmt commands
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* sources/ldap: make sure lock is per-tenant
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix stuff I broke
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix remaining failing tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* try fixing e2e tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* much better frontend, but save does not refresh form properly
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* update django-tenants with latest fixes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* i18n-extract
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* review comments
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* move event_retention from brands to tenants
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* wip
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* root: add support for storing media files in S3
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* use permissions for settings api
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* blueprints: disable tenants management
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix embedded outpost create/delete logic
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* make gen
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* make sure prometheus metrics are correctly served
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* makefile: don't delete the go api client when not regenerating it
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* tenants api: add recovery group and token creation endpoints
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix startup
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix prometheus metrics
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix web stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix migrations from stable
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix oauth source type import
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Revert "fix oauth source type import"
This reverts commit d015fd0244marc.schmitt@risson.space >
* try with connection_created signal
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix scim tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix web after merge
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix enterprise settings
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Revert "try with connection_created signal"
This reverts commit 764a999db832b40a3bbbmarc.schmitt@risson.space >
* fix django version
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix web after merge
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* relock poetry
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix reconcile
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* try running tenant save in a transaction
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* black
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* test: export postgres logs for debugging and use failfast
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* test: fix container name for logs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* do not copy tenant data
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Revert "try running tenant save in a transaction"
This reverts commit da6dec5a614bffb19704marc.schmitt@risson.space >
* why not
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* remove failfast
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove postgres query logging
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update reconcile logic to clearly differentiate between tenant and global
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix reconcile app decorator
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* enable django checks
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* actually nodata was unnecessary as we're cloning from template and not from public
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* pylint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* update django-tenants with sequence fix
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* actually update
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix e2e tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add tests for settings api
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add tests for recovery api
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* recovery tests: do them on a new tenant
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* web: fix system status being degraded when embedded outpost is disabled
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix recovery tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix tenants tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint-fix
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint-fix
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* update UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add management command to create a tenant
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add docs
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* release notes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* more docs
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* checklist
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* self review
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* spelling
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* make web after upgrading
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* remove extra xlif file
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* prettier
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Revert "add management command to create a tenant"
This reverts commit 39d13c0447jens@goauthentik.io >
* rewite some things on the release notes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* root: make sure install_id comes from public schema
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* require a license to use tenants
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix tenants tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix files migration
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* release notes: add warning about user sessions being invalidated
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* remove api disabled test, we can't test for it
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
---------
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2024-01-23 14:28:06 +01:00
509b502d3c
providers/oauth2: offline access ( #8026 )
...
* improve scope check (log when application requests non-configured scopes)
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add offline_access special scope
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* ensure scope is set
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update tests for refresh tokens
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* special handling of scopes for github compat
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix spec
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* attempt to fix oidc tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove hardcoded slug
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* check scope from authorization code instead of request
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix injection for consent stage checking incorrectly
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-01-04 19:57:11 +01:00
b84facb9fc
tests/e2e: fix tests to work without docker network_mode host ( #8035 )
...
* tests/e2e: start fixing tests to work without docker network_mode host
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* migrate saml and oauth source
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update deps (mainly to update lxml which was causing a segfault on macos)
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* migrate saml source
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix sentry env in testing
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make oauth types name and slug make more sense
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* migrate ldap
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make tests run with --keepdb? partially?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* migrate radius
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix proxy provider first half
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* install libxml2-dev to work around seg fault?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* actually that doesn't change anything since use latest libxml2
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* refactor did not refactor the code
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-01-01 21:08:40 +01:00
6f8d21620b
tests: fix flaky tests ( #7676 )
...
* tests: fix flaky tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make test-from-stable use actual latest version
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix checkout
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove hardcoded seed
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* ignore tests for now i guess idk
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-11-21 23:50:43 +01:00
abab635a01
tests: fix potential infinite wait in tests spinning up a container ( #7153 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-10-12 13:57:29 +02:00
a22bc5a261
lifecycle: fix install_id migration not running ( #7116 )
...
* lifecycle: fix install_id migration not running
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix ldap test?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* idk if this works
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-10-09 19:52:06 +02:00
6612f729ec
stages/authenticator: vendor otp ( #6741 )
...
* initial import
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update imports
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove email and hotp for now
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove things we don't need and clean up
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* initial merge static
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* initial merge totp
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more fixes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix migrations
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update webui
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add system migration
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more cleanup, add doctests to test_runner
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fixup more lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* cleanup last tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update docstrings
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* implement SerializerModel
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix web format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-09-04 11:45:14 +02:00
2f469d2709
root: partial Live-updating config ( #5959 )
...
* stages/email: directly use email credentials from config
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use custom database backend that supports dynamic credentials
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add crude config reloader
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make method names for CONFIG clearer
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* replace config.set with environ
Not sure if this is the cleanest way, but it persists through a config reload
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-add set for @patch
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* even more crudeness
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* clean up some old stuff?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* somewhat rewrite config loader to keep track of a source of an attribute so we can refresh it
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* cleanup old things
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix flow e2e
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-07-19 23:13:22 +02:00
41af486006
enterprise: initial enterprise ( #5721 )
...
* initial
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add user type
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add external users
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add ui, add more logic, add public JWT validation key
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* revert to not use install_id as session jwt signing key
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix more
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* switch to PKI
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add more licensing stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add install ID to form
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix bugs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start adding tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fixes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use x5c correctly
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* license checks
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use production CA
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more UI stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rename to summary
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update locale, improve ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add direct button
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update link
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format and such
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove old attributes from ldap
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove is_enterprise_licensed
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix admin interface styling issue
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Update authentik/core/models.py
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Jens L. <jens@beryju.org >
* fix default case
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens L. <jens@beryju.org >
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
2023-07-17 17:57:08 +02:00
db4f61549d
tests/e2e: improve assertCountEqual diff ( #6261 )
...
* tests/e2e: improve assertCountEqual diff
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-07-17 11:47:28 +02:00
fcdf165dfe
outposts/ldap: add test for attribute filtering ( #6189 )
...
add failing test case
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-07-08 21:16:43 +02:00
ae7ea4dd11
outposts/ldap: add more tests ( #6188 )
...
* outposts/ldap: add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix missing posixAccount
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* attempt to expand attributes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix routing without base DN
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more logging
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove our custom attribute filtering since this is done by the ldap library
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add test for schema
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-07-08 20:51:05 +02:00
e712225ced
sources/ldap: improve scalability ( #6056 )
...
* sources/ldap: improve scalability
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use cache instead of call signature for page data
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-06-28 17:13:42 +02:00
54ef88a6fa
providers/ldap: rework Schema and DSE ( #5838 )
...
* rework Root DSE
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* always parse filter objectClass
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start adding LDAP Schema
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add more schema
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update schema more
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix cn for schema
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* only include main DN in namingContexts
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use schema from gh
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add description
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add response filtering
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix response filtering
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* don't return rootDSE entry when searching for singleLevel
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove currentTime
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix attribute filtering
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* set SINGLE-VALUE
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix numbers
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-06-08 15:16:40 +02:00
0ce41a1b2d
providers/ldap: add StartTLS support ( #5861 )
...
* providers/ldap: add StartTLS support
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add starttls test
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update form and docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-add tls server name
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update release notes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-06-06 21:40:19 +02:00
d53d212377
core: bump coverage from 7.2.5 to 7.2.6 ( #5738 )
...
* core: bump coverage from 7.2.5 to 7.2.6
Bumps [coverage](https://github.com/nedbat/coveragepy ) from 7.2.5 to 7.2.6.
- [Release notes](https://github.com/nedbat/coveragepy/releases )
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst )
- [Commits](https://github.com/nedbat/coveragepy/compare/7.2.5...7.2.6 )
---
updated-dependencies:
- dependency-name: coverage
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
* use tagged oauth1 server
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: dependabot[bot] <support@github.com >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2023-05-24 11:03:26 +02:00
