e7f49d97a8
security: fix CVE 2024 52307 ( #12115 )
...
* security: fix CVE-2024-52307
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
# Conflicts:
# website/docs/security/CVE-2024-52307.md
# website/sidebars.js
2024-11-21 14:29:55 +01:00
736240f60d
security: fix CVE 2024 52287 ( #12114 )
...
* security: CVE-2024-52287
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
# Conflicts:
# website/docs/security/CVE-2024-52287.md
# website/sidebars.js
2024-11-21 14:29:13 +01:00
e8b5e4c127
release: 2024.8.4
2024-10-30 20:05:23 +01:00
81ec98b198
providers/scim: handle no members in group in consistency check (cherry-pick #11801 ) ( #11812 )
...
providers/scim: handle no members in group in consistency check (#11801 )
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens L. <jens@goauthentik.io >
2024-10-25 14:39:52 +02:00
c46ab19e79
providers/scim: clamp batch size for patch requests (cherry-pick #11797 ) ( #11802 )
...
providers/scim: clamp batch size for patch requests (#11797 )
* providers/scim: clamp batch size for patch requests
* sanity check for empty patch request instead
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens L. <jens@goauthentik.io >
2024-10-25 01:52:57 +02:00
de9fc5de6b
providers/scim: add comparison with existing group on update and delta update users (cherry-pick #11414 ) ( #11796 )
...
providers/scim: add comparison with existing group on update and delta update users (#11414 )
* fix incorrect default group mapping
* providers/scim: add comparison with existing group on update and delta update users
* fix
* fix
* fix another exception when creating groups
* fix users to add check
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens L. <jens@goauthentik.io >
2024-10-24 18:28:06 +02:00
eab3d9b411
web/admin: fix sync single button throwing error (cherry-pick #11727 ) ( #11730 )
...
web/admin: fix sync single button throwing error (#11727 )
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens L. <jens@goauthentik.io >
2024-10-18 19:12:55 +02:00
7cb40d786f
policies/event_matcher: fix inconsistent behaviour (cherry-pick #11724 ) ( #11726 )
...
policies/event_matcher: fix inconsistent behaviour (#11724 )
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens L. <jens@goauthentik.io >
2024-10-18 19:11:57 +02:00
b4fce08bbc
web/admin: fix invalid create date shown for MFA registered before date was saved (cherry-pick #11728 ) ( #11729 )
...
web/admin: fix invalid create date shown for MFA registered before date was saved (#11728 )
web/admin: fix invalid create date shown for MFA registered before date was tracked
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens L. <jens@goauthentik.io >
2024-10-18 19:00:56 +02:00
8a2ba1c518
providers/oauth2: don't overwrite attributes when updating service acccount (cherry-pick #11709 ) ( #11723 )
...
providers/oauth2: don't overwrite attributes when updating service acccount (#11709 )
providers/oauth2: don't overwrite attributes when updating service account
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens L. <jens@goauthentik.io >
2024-10-18 13:37:48 +02:00
25b4306693
providers/saml: fix incorrect ds:Reference URI (cherry-pick #11699 ) ( #11701 )
...
providers/saml: fix incorrect ds:Reference URI (#11699 )
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens L. <jens@goauthentik.io >
2024-10-16 17:18:35 +02:00
1e279950f1
blueprints: fix validation error when using internal storage (cherry-pick #11654 ) ( #11656 )
...
blueprints: fix validation error when using internal storage (#11654 )
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens L. <jens@goauthentik.io >
2024-10-11 14:48:56 +02:00
960429355f
core: fix permission check for scoped impersonation (cherry-pick #11603 ) ( #11650 )
...
core: fix permission check for scoped impersonation (#11603 )
* fix: permission check for scoped impersonation
set global permission to have higher priority than the permission on a specific object
* add tests
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: walhallyus <walhallyus@gmail.com >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2024-10-10 17:27:21 +02:00
b4f3748353
internal: restore /ping behaviour for embedded outpost (cherry-pick #11568 ) ( #11570 )
...
internal: restore /ping behaviour for embedded outpost (#11568 )
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens L. <jens@goauthentik.io >
2024-09-30 18:44:39 +02:00
91d2445c61
release: 2024.8.3
2024-09-27 16:21:51 +02:00
dd8f809161
security: fix CVE-2024-47070 (cherry-pick #11536 ) ( #11539 )
...
security: fix CVE-2024-47070 (#11536 )
* security: fix CVE-2024-47070
* Update website/docs/security/CVE-2024-47070.md
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens L. <jens@beryju.org >
Co-authored-by: Jens L. <jens@goauthentik.io >
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
2024-09-27 16:20:41 +02:00
57a31b5dd1
security: fix CVE-2024-47077 (cherry-pick #11535 ) ( #11537 )
...
security: fix CVE-2024-47077 (#11535 )
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens L. <jens@goauthentik.io >
2024-09-27 16:19:24 +02:00
09125b6236
web: reformat package lock files
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-09-27 14:02:44 +02:00
832126c6fe
sources/ldap: fix ms_ad userAccountControl not checking for lockout (cherry-pick #11532 ) ( #11534 )
...
sources/ldap: fix ms_ad userAccountControl not checking for lockout (#11532 )
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens L. <jens@goauthentik.io >
2024-09-27 13:58:06 +02:00
25fe489b34
web: Fix missing integrity fields in package-lock.json ( #11509 )
...
* web: Fix missing integrity fields in lockfile
* website: revert lockfile lint, re-add integrity
* web,website: Require integrity also for subpackages
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
# Conflicts:
# web/package-lock.json
# website/package-lock.json
# website/package.json
2024-09-27 13:38:42 +02:00
18078fd68f
sources/ldap: fix mapping check, fix debug endpoint (cherry-pick #11442 ) ( #11498 )
...
sources/ldap: fix mapping check, fix debug endpoint (#11442 )
* run connectivity check always
* don't run sync if either sync_ option is enabled and no mappings are set
* misc label fix
* misc writing changse
* add api validation
* fix debug endpoint
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens L. <jens@goauthentik.io >
2024-09-24 19:02:02 +02:00
4fa71d995d
web/admin: fix Authentication flow being required (cherry-pick #11496 ) ( #11497 )
...
web/admin: fix Authentication flow being required (#11496 )
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens L. <jens@goauthentik.io >
2024-09-24 18:32:44 +02:00
22cec64234
providers/proxy: fix traefik label generation (cherry-pick #11460 ) ( #11480 )
...
fix: proxy provider - docker traefik label (#11460 )
Signed-off-by: Diogo Andrade <143538553+dandrade-wave@users.noreply.github.com >
Co-authored-by: Diogo Andrade <143538553+dandrade-wave@users.noreply.github.com >
2024-09-23 13:32:29 +02:00
a87cc27366
events: always use expiry from current tenant for events, not only when creating from HTTP request (cherry-pick #11415 ) ( #11416 )
...
events: always use expiry from current tenant for events, not only when creating from HTTP request (#11415 )
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens L. <jens@goauthentik.io >
2024-09-17 18:44:06 +02:00
ad7ad1fa78
release: 2024.8.2
2024-09-16 14:13:04 +02:00
c70e609e50
website/docs: prepare release notes for 2024.8.2 ( #11394 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
# Conflicts:
# website/docs/releases/2024/v2024.8.md
2024-09-16 14:12:28 +02:00
5f08485fff
web: revert lockfile lint, re-add integrity ( #11380 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
# Conflicts:
# web/package-lock.json
2024-09-14 23:16:56 +02:00
3a2ed11821
providers/proxy: fix URL path getting lost when partial URL is given to rd= (cherry-pick #11354 ) ( #11355 )
...
providers/proxy: fix URL path getting lost when partial URL is given to rd= (#11354 )
* providers/proxy: fix URL path getting lost when partial URL is given to rd=
* better fallback + tests
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens L. <jens@goauthentik.io >
2024-09-12 18:58:47 +02:00
ee04f39e28
enterprise: fix API mixin license validity check (cherry-pick #11331 ) ( #11342 )
...
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Co-authored-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
fix API mixin license validity check (#11331 )
2024-09-11 13:22:01 +00:00
2c6aa72f3c
sources/ldap: fix missing search attribute (cherry-pick #11125 ) ( #11340 )
...
sources/ldap: fix missing search attribute (#11125 )
* unrelated
* sources/ldap: fix ldap sync not requesting uniqueness attribute
* check object_uniqueness_field for none
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens L. <jens@goauthentik.io >
2024-09-11 14:03:12 +02:00
bd0afef790
enterprise: show specific error if Install ID is invalid in license (cherry-pick #11317 ) ( #11319 )
...
enterprise: show specific error if Install ID is invalid in license (#11317 )
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens L. <jens@goauthentik.io >
2024-09-10 19:38:45 +02:00
fc11cc0a1a
core: fix permission check for scoped impersonation (cherry-pick #11315 ) ( #11316 )
...
core: fix permission check for scoped impersonation (#11315 )
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens L. <jens@goauthentik.io >
2024-09-10 14:19:30 +02:00
fb78303e8f
web/admin: fix notification property mapping forms (cherry-pick #11298 ) ( #11300 )
...
web/admin: fix notification property mapping forms (#11298 )
* fix incorrect base class
* fix doclink url
closes #11276
* fix sidebar order in website
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens L. <jens@goauthentik.io >
2024-09-09 19:27:29 +02:00
2ea04440db
events: optimise marking events as seen (cherry-pick #11297 ) ( #11299 )
...
events: optimise marking events as seen (#11297 )
* events: optimise marking events as seen
* add tests
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens L. <jens@goauthentik.io >
2024-09-09 19:26:43 +02:00
96e1636be3
core: ensure all providers have correct priority (cherry-pick #11280 ) ( #11281 )
...
core: ensure all providers have correct priority (#11280 )
follow up to #11267 which broke SAML lookup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens L. <jens@goauthentik.io >
2024-09-08 16:09:09 +02:00
c546451a73
root: fix ensure `outpost_connection_discovery runs on worker startup (cherry-pick #11260 ) ( #11270 )
...
root: fix ensure `outpost_connection_discovery runs on worker startup (#11260 )
* root: fix ensure outpost_connection_discovery runs on worker startup
Make outpost_connection_discovery a startup task for default_tenant to ensure it's ran during worker startup. Without this waiting for the 8 hour schedule to fire is required.
fixes: https://github.com/goauthentik/authentik/issues/10933
* format
---------
Signed-off-by: Anthony Rabbito <arabbito@coreweave.com >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Anthony Rabbito <hello@anthonyrabbito.com >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2024-09-07 21:54:30 +02:00
61778053b4
core: ensure proxy provider is correctly looked up (cherry-pick #11267 ) ( #11269 )
...
core: ensure proxy provider is correctly looked up (#11267 )
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens L. <jens@goauthentik.io >
2024-09-07 21:53:30 +02:00
f5580d311d
release: 2024.8.1
2024-09-07 16:14:54 +02:00
99d292bce0
web/users: show - if device was registered before we started saving the time (cherry-pick #11256 ) ( #11257 )
...
web/users: show - if device was registered before we started saving the time (#11256 )
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens L. <jens@goauthentik.io >
2024-09-06 21:13:03 +02:00
b2801641bc
internal: fix go paginator not setting page correctly (cherry-pick #11253 ) ( #11255 )
...
internal: fix go paginator not setting page correctly (#11253 )
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens L. <jens@goauthentik.io >
2024-09-06 18:46:18 +02:00
bfaa1046b2
core: fix missing argument name escaping for property mapping (cherry-pick #11231 ) ( #11252 )
...
core: fix missing argument name escaping for property mapping (#11231 )
* escape property mapping args
* improve display of error
* fix error handling, missing dry_run argument
* use different sanitisation
* update docs
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens L. <jens@goauthentik.io >
2024-09-06 16:47:27 +02:00
95c30400cc
providers/ldap: rework search_group migration to work with read replicas (cherry-pick #11228 ) ( #11229 )
...
providers/ldap: rework search_group migration to work with read replicas (#11228 )
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens L. <jens@goauthentik.io >
2024-09-05 15:57:01 +02:00
e77480ee1d
web/admin: improve error handling (cherry-pick #11212 ) ( #11219 )
...
web/admin: improve error handling (#11212 )
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens L. <jens@goauthentik.io >
2024-09-05 13:48:28 +02:00
905800e535
providers/ldap: fix incorrect permission check for search access (cherry-pick #11217 ) ( #11218 )
...
providers/ldap: fix incorrect permission check for search access (#11217 )
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens L. <jens@goauthentik.io >
2024-09-05 01:30:48 +02:00
fadeaef4c6
web/admin: fix missing Sync object button SCIM Provider (cherry-pick #11211 ) ( #11213 )
...
web/admin: fix missing Sync object button SCIM Provider (#11211 )
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens L. <jens@goauthentik.io >
2024-09-04 21:34:34 +02:00
437efda649
website/docs: add note about terraform provider (cherry-pick #11206 ) ( #11208 )
...
website/docs: add note about terraform provider (#11206 )
* website/docs: add note about terraform provider
* Update website/docs/releases/2024/v2024.8.md
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com >
Co-authored-by: Jens L. <jens@goauthentik.io >
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
2024-09-04 19:50:00 +02:00
dd75d5f54b
web/admin: fix misc dual select on different forms ( #11203 )
...
* fix prompt stage
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix identification stage
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix OAuth JWKS sources
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix oauth provider default scopes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix outpost form
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix webauthn
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix transport form
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
# Conflicts:
# web/src/admin/applications/wizard/methods/oauth/ak-application-wizard-authentication-by-oauth.ts
# web/src/admin/applications/wizard/methods/proxy/AuthenticationByProxyPage.ts
2024-09-04 13:46:45 +02:00
392a2e582e
core: bump cryptography from 43.0.0 to 43.0.1 (cherry-pick #11185 ) ( #11202 )
...
core: bump cryptography from 43.0.0 to 43.0.1 (#11185 )
Bumps [cryptography](https://github.com/pyca/cryptography ) from 43.0.0 to 43.0.1.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/43.0.0...43.0.1 )
---
updated-dependencies:
- dependency-name: cryptography
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-04 12:27:54 +02:00
a1da183721
root: backport s3 storage changes (cherry-pick #11181 ) ( #11183 )
...
root: backport s3 storage changes (#11181 )
re-add _strip_signing_parameters
removed in https://github.com/jschneier/django-storages/pull/1402
could probably be re-factored to use the same approach that PR uses
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens L. <jens@goauthentik.io >
2024-09-03 22:08:55 +02:00
feea2df0b1
core: fix change_user_type always requiring usernames (cherry-pick #11177 ) ( #11178 )
...
core: fix change_user_type always requiring usernames (#11177 )
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens L. <jens@goauthentik.io >
2024-09-03 19:09:53 +02:00
