* main:
providers/ldap: fix global search_full_directory permission not being sufficient (#12028)
website/docs: 2024.10.2 release notes (#12025)
lifecycle: fix ak exit status not being passed (#12024)
core: use versioned_script for path only (#12003)
core, web: update translations (#12020)
core: bump google-api-python-client from 2.152.0 to 2.153.0 (#12021)
providers/oauth2: fix manual device code entry (#12017)
crypto: validate that generated certificate's name is unique (#12015)
core, web: update translations (#12006)
core: bump google-api-python-client from 2.151.0 to 2.152.0 (#12007)
translate: Updates for file locale/en/LC_MESSAGES/django.po in zh-Hans (#12011)
translate: Updates for file locale/en/LC_MESSAGES/django.po in zh_CN (#12010)
translate: Updates for file web/xliff/en.xlf in zh-Hans (#12012)
translate: Updates for file web/xliff/en.xlf in zh_CN (#12013)
providers/proxy: fix Issuer when AUTHENTIK_HOST_BROWSER is set (#11968)
website/docs: move S3 ad GeoIP to System Management/Operations (#11998)
website/integrations: nextcloud: add SSE warning (#11976)
* providers/ldap: fix global search_full_directory permission not being sufficient
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use full name of permission
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* lifecycle: fix ak exit status not being passed
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use waitstatus_to_exitcode
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* providers/oauth2: fix manual device code entry
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make code input a char field to prevent leading 0s from being cut off
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* main: (21 commits)
web: bump API Client version (#11997)
sources/kerberos: use new python-kadmin implementation (#11932)
core: add ability to provide reason for impersonation (#11951)
website/integrations: update vcenter integration docs (#11768)
core, web: update translations (#11995)
website: bump postcss from 8.4.48 to 8.4.49 in /website (#11996)
web: bump API Client version (#11992)
blueprints: add default Password policy (#11793)
stages/captcha: Run interactive captcha in Frame (#11857)
core, web: update translations (#11979)
core: bump packaging from 24.1 to 24.2 (#11985)
core: bump ruff from 0.7.2 to 0.7.3 (#11986)
core: bump msgraph-sdk from 1.11.0 to 1.12.0 (#11987)
website: bump the docusaurus group in /website with 9 updates (#11988)
website: bump postcss from 8.4.47 to 8.4.48 in /website (#11989)
stages/password: use recovery flow from brand (#11953)
core: bump golang.org/x/sync from 0.8.0 to 0.9.0 (#11962)
web: bump cookie, swagger-client and express in /web (#11966)
core, web: update translations (#11959)
core: bump debugpy from 1.8.7 to 1.8.8 (#11961)
...
* core: add ability to provide reason for impersonation
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* tenants api things
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* add missing implem
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* A tooltip needs a DOM object to determine the coordinates where it should render. A solitary string is not enough; a is needed here.
* web: user impersonation reason
To determine where to render the Tooltip content, the object associated with the Tooltip must be a DOM object with an HTML tag. A naked string is not enough; a `<span>` will do nicely here.
Also, fixed a build failure: PFSize was not defined in RelatedUserList.
* add and fix tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* avoid migration change
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* small fixes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
---------
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Co-authored-by: Ken Sternberg <ken@goauthentik.io>
* core: add prompt_data to auth flow (#11702)
I added the prompt_data and user_path to the auth flow. This allows us to more easily sync users details whenever they're logged in through a Source by using the Write stage, identical to an Enrolment flow.
This makes sure that mappings etc are automatically taken into consideration, and are passed to the Authentication flow.
While I was at it, I made the code consistent with the `handle_enroll` method.
Signed-off-by: Wouter van Os <wouter0100@gmail.com>
* updates
* and remove errant .py file that somwhow snuck into the PR! also removed errant api ref files remove old images
* tweak to bumb build
* tweaks
* more tweaks
* removed extraneous old settings
* Update website/integrations/services/vmware-vcenter/index.md
Co-authored-by: Jens L. <jens@goauthentik.io>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
* Update website/integrations/services/vmware-vcenter/index.md
Co-authored-by: Jens L. <jens@goauthentik.io>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
* Update website/integrations/services/vmware-vcenter/index.md
Co-authored-by: Jens L. <jens@goauthentik.io>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
* Update website/integrations/services/vmware-vcenter/index.md
Co-authored-by: Jens L. <jens@goauthentik.io>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
* Update website/integrations/services/vmware-vcenter/index.md
Co-authored-by: Jens L. <jens@goauthentik.io>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
* Update website/integrations/services/vmware-vcenter/index.md
Co-authored-by: Jens L. <jens@goauthentik.io>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
* Update website/integrations/services/vmware-vcenter/index.md
Co-authored-by: Jens L. <jens@goauthentik.io>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
* Update website/integrations/services/vmware-vcenter/index.md
Co-authored-by: Jens L. <jens@goauthentik.io>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
* Update website/integrations/services/vmware-vcenter/index.md
Co-authored-by: Jens L. <jens@goauthentik.io>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
* Update website/integrations/services/vmware-vcenter/index.md
Co-authored-by: Jens L. <jens@goauthentik.io>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
* formatting
* tweak
* why not saved before argh
---------
Signed-off-by: Wouter van Os <wouter0100@gmail.com>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Wouter van Os <wouter0100@gmail.com>
Co-authored-by: Tana M Berry <tana@goauthentik.com>
Co-authored-by: Jens L. <jens@goauthentik.io>
* add password policy to default password change flow
This change complies with the minimal compositional requirements by
NIST SP 800-63 Digital Identity Guidelines. See
https://pages.nist.gov/800-63-4/sp800-63b.html#password
More work is needed to comply with other parts of the Guidelines,
specifically
> If the chosen password is found on the blocklist, the CSP or verifier
> [...] SHALL provide the reason for rejection.
and
> Verifiers SHALL offer guidance to the subscriber to assist the user in
> choosing a strong password. This is particularly important following
> the rejection of a password on the blocklist as it discourages trivial
> modification of listed weak passwords.
* add docs for default Password policy
* remove HIBP from default Password policy
* add zxcvbn to default Password policy
* add fallback password error message to password policy, fix validation policy
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* reword docs
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com>
* add HIBP caveat
Co-authored-by: Jens L. <jens@goauthentik.io>
Signed-off-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com>
* separate policy into separate blueprint
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use password policy for oobe flow
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* kiss
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
