e1a6dede54
*: backport CVE-2022-46145 fix
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-12-01 10:41:26 +02:00
3a13d19695
release: 2022.11.1
2022-11-22 21:42:10 +01:00
20c1770ec4
release: 2022.11.0
2022-11-21 20:12:02 +01:00
a2e512c36c
stages/authenticator_validate: add flag to configure user_verification for webauthn devices
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-11-21 17:52:37 +01:00
9f5fb692ba
sources: add custom icon support ( #4022 )
...
* add source icon
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add to oauth form
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add to other browser sources
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add migration, return icon in UI challenges
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* deduplicate file upload
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-11-16 14:10:10 +01:00
276af8457d
root: make sentry DSN configurable ( #4016 )
...
* make sentry DSN configurable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* make proxy smarter
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix typo in config struct
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-11-15 16:05:29 +01:00
55aa1897af
root: use single redis db ( #4009 )
...
* use single redis db
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* cleanup prefixes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* ensure __str__ always returns string
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix remaining old prefixes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-11-15 14:31:29 +01:00
88594075b2
policies/password: merge hibp add zxcvbn ( #4001 )
...
* initial zxcvbn
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add api and port tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* more tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add ui
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* update docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add api diff
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-11-14 14:42:43 +01:00
ffe6f65af5
outposts/kubernetes: ingress class ( #4002 )
...
* add support for ingressClassName
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add option to disable ssl verification for k8s controller
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* update website
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-11-14 14:24:11 +01:00
85c790728f
core: simplify group serializer for user API endpoint ( #3899 )
...
* core/api: Adding simple group serializer to improve user retrieval performance
Due to the exhaustive use of the user_obj the performance suffers
greatly if the users are assigned to large groups. This simple fix adds
a new serializer that does not expose the user_obj within a group.
* core/api: Update schema
Update to the schema based on the new SimpleGroupSerializer
* core/api: Fix black and pylint
* make naming consistent, remove unnecessary fields
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-11-09 11:19:40 +01:00
47132faffb
root: relicense and launch blog post
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-11-03 16:00:00 +01:00
400751ed3c
api: fix missing scheme in securitySchemes
...
closes #3883
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-10-29 18:50:34 +02:00
f3a72761c0
release: 2022.10.1
2022-10-29 17:24:55 +02:00
89dc46a7ff
release: 2022.10.0
2022-10-21 19:42:38 +02:00
782fec0eb9
flows: use stripped down flow serializer for flow_set to optimise loading time
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-10-20 09:56:08 +02:00
b06a3a8f9f
admin: add authorisations metric ( #3811 )
...
add authorizations metric
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-10-19 00:06:45 +02:00
0efee2a660
flows: improved import ( #3807 )
...
* return logs when importing flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* improve error handling, show logs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-10-18 22:01:42 +02:00
363872715d
sources/saml: revamp SAML Source ( #3785 )
...
* update saml source to use user connections, add all attributes to flow context
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* check for SAML Status in response, add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* package apple icon
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add webui for connections
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-10-14 17:04:47 +02:00
79e8b72569
flows: always show flow inspector in debug mode, don't require admin in debug ( #3786 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-10-14 15:44:59 +02:00
217e145d23
stages/authenticator_sms: make sms stage payload customisable ( #3780 )
...
* make sms stage payload customisable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* update phrasing for webhook mapping
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-10-14 11:53:01 +02:00
8ed2f7fe9e
providers/oauth2: add device flow ( #3334 )
...
* start device flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* web: fix inconsistent app filtering
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add tenant device code flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add throttling to device code view
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* somewhat unrelated changes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add initial device code entry flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add finish stage
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* it works
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add support for verification_uri_complete
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add some tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add more tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-10-11 12:42:10 +02:00
3ecc715e91
sources/oauth: add Twitch OAuth source ( #3746 )
...
* sources/oauth: add Twitch OAuth source
Signed-off-by: Lukas Vögl <lukas@voegl.org >
* website/integrations: add Twitch OAuth source documentation
Signed-off-by: Lukas Vögl <lukas@voegl.org >
Signed-off-by: Lukas Vögl <lukas@voegl.org >
2022-10-10 10:59:07 +02:00
44e4f2e561
crypto: make certificate parsing optional for crypto api ( #3711 )
2022-10-01 00:06:00 +02:00
2cfba36cb7
release: 2022.9.0
2022-09-23 12:33:01 +02:00
be64296494
stages/authenticator_duo: improved import ( #3601 )
...
* prepare for duo admin integration
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* make duo import params required
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add UI to import devices
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* rework form, automatic import
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* limit amount of concurrent tasks on worker
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* load tasks
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix API codes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix tests and such
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* sigh
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* make stage better
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* basic stage test
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-09-17 12:10:47 +02:00
359da6db81
Revert "flows: always mark component field as required in Challenge and ChallengeResponses"
...
This reverts commit b35b225453
2022-09-11 23:13:51 +02:00
b35b225453
flows: always mark component field as required in Challenge and ChallengeResponses
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-09-11 23:01:59 +02:00
0ff2ac7dc2
api: fix schema not referencing errors correctly
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-09-11 23:01:26 +02:00
60266b3345
flows: migrate FlowExecutor error handler to native challenge instead of shell
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-09-06 18:48:15 +02:00
eed958b132
stages/authenticator_duo: fix schema not declaring request body correctly
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-09-05 22:00:02 +02:00
15c34c6f1f
release: 2022.8.2
2022-08-19 15:59:53 +01:00
435d126a1c
release: 2022.8.1
2022-08-16 16:23:36 +02:00
54c16129ea
stages/authenticator_duo: revamp duo enroll status API
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
#3288
2022-08-08 20:38:06 +02:00
89fef0ae72
blueprints: docs ( #3376 )
...
* further blueprint cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* more
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* make group users and parent optional
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix api client usage
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-08-06 00:52:12 +02:00
d1004e3798
blueprints: webui ( #3356 )
2022-08-03 00:05:49 +02:00
a023eee9bf
blueprints: migrate from managed ( #3338 )
...
* test all bundled blueprints
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix empty title
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix default blueprints
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add script to generate dev config
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* migrate managed to blueprints
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add more to blueprint instance
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* migrated away from ObjectManager
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix lint errors
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* migrate things
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* migrate tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix some tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix a bit more
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix more tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* whops
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix missing name
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* *sigh*
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix more tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add tasks
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* scheduled
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* run discovery on start
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* oops this test should stay
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-08-01 23:05:58 +02:00
553989d17f
flows/stages/consent: fix for post requests ( #3339 )
...
add unique token to consent stage to ensure it is shown
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-07-31 23:47:40 +02:00
89c84f10d0
blueprints: v1 ( #1573 )
...
* managed: move flowexporter to managed
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* *: implement SerializerModel in all models
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* managed: add initial api
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* managed: start blueprint
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* managed: spec
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* version blueprint
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* yep
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* remove v2, improve v1
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* start custom tag, more rebrand
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add default flows
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* move blueprints out of website
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* try new things
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add !lookup, fix web
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* update and cleanup default
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix tags in lists
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* don't save field if its set to default value
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* more flow cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* format web
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix missing serializer for sms
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* ignore _set fields
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* remove custom file extension
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* migrate default flow to tenant
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* include blueprints
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-07-31 17:11:44 +02:00
83eba36f8d
core: add API Endpoint to get all MFA devices, add web ui to delete MFA devices of any user
...
closes #3237
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-07-28 23:50:25 +02:00
dae6493a3e
release: 2022.7.3
2022-07-20 09:37:43 +02:00
8e19fb3a8c
release: 2022.7.2
2022-07-06 20:31:48 +02:00
49cce6a968
stages/prompt: add basic file field ( #3156 )
...
add basic file field
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-07-05 23:09:41 +02:00
0a73e7ac9f
tenants: add default_locale read only field, pre-hydrate in flows and read in autodetect as first choice
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-07-05 23:04:25 +02:00
f316a3000b
release: 2022.7.1
2022-07-04 21:10:20 +02:00
6a497b32f6
core: use Exception for fallback case in flow_manager
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-07-04 20:05:03 +02:00
17d33f4b19
flows: denied action ( #3194 )
2022-07-02 17:37:57 +02:00
ea60c389be
providers/saml: include SSO Binding URLs in Provider API
...
closes #3179
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-06-30 22:18:21 +02:00
c5a2831665
api: add basic jwt support with required scope ( #2624 )
...
* api: add basic jwt support with required scope
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* api: only set auth_via when actually authenticating via token
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* save consented permissions in user consent, re-prompt when new permissions are required
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* update locale
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* translate special scope map
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* more api auth tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* build web api in e2e tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* link generated client instead of copying
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-06-26 17:51:15 +02:00
504338ea66
web/admin: application wizard (part 1) ( #2745 )
...
* initial
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* remove log
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* start oauth
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* use form for all type wizard pages
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* more oauth
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* basic wizard actions
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* make resets work
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add hint in provider wizard
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* render correct icon in empty state in table page
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* improve empty state
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* more
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add more pages
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add group PK to service account creation response
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* use wizard-level isValid prop
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* re-add old buttons
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-06-26 00:46:40 +02:00
1f0fc0a6a2
Merge branch 'version-2022.6'
2022-06-20 10:19:25 +02:00
