|
|
65517f3b7f
|
enterprise/stages: Add MTLS stage (#14296)
* prepare client auth with inbuilt server
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* introduce better IPC auth
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* init
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start stage
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* only allow trusted proxies to set MTLS headers
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more stage progress
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* dont fail if ipc_key doesn't exist
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* actually install app
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add some tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update API
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix unquote
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix int serial number not jsonable
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* init ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* unrelated: fix git pull in makefile
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix parse helper
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add test for outpost
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more tests and improvements
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* improve labels
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add support for multiple CAs on brand
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add support for multiple CAs to MTLS stage
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* dont log ipcuser secret views
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix go mod
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2025-05-19 22:48:17 +02:00 |
|
|
|
84b5992e55
|
ci: bump golangci/golangci-lint-action from 6 to 7 (#13661)
* ci: bump golangci/golangci-lint-action from 6 to 7
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 6 to 7.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v6...v7)
---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* fix lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix v2
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix v3
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
|
2025-03-26 18:03:20 +01:00 |
|
|
|
5e72ec9c0c
|
root: support running authentik in subpath (#8675)
* initial subpath support
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make outpost compatible
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix static files somewhat
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix web interface
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix most static stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix most web links
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix websocket
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix URL for static files
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* format web
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add root redirect for subpath
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* set cookie path
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* Update internal/config/struct.go
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Signed-off-by: Jens L. <jens@beryju.org>
* fix sfe
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* bump required version
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix flow background
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix lint and some more links
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix impersonate
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Signed-off-by: Jens L. <jens@goauthentik.io>
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
|
2024-11-26 15:38:23 +01:00 |
|
|
|
5ea4580884
|
security: fix CVE 2024 52307 (#12115)
* security: fix CVE-2024-52307
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2024-11-21 14:24:28 +01:00 |
|
|
|
d4bf3b7068
|
root: check remote IP for proxy protocol same as HTTP/etc (#12094)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2024-11-20 21:33:35 +01:00 |
|
|
|
fd1d252d44
|
root: Make health checks compatible with cloud platform load balancers (#10554)
* Change health checks to return HTTP 200.
* Fix web.go check.
* Only update docs.
* update docs and add changelog entry
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
|
2024-07-20 21:15:29 +02:00 |
|
|
|
abc0c2d2a2
|
root: Multi-tenancy (#7590)
* tenants -> brands, init new tenant model, migrate some config to tenants
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* setup logging for tenants
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* configure celery and cache
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* small fixes, runs
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* task fixes, creation of tenant now works by cloning a template schema, some other small stuff
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix-tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* upstream fixes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix-pylint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix avatar tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* migrate config reputation_expiry as well
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix web rebase
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix migrations for template schema
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix migrations for template schema
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix migrations for template schema 3
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* revert reputation expiry migration
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix type
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix some more tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* website: tenants -> brands
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* try fixing e2e tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* start frontend :help:
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* add ability to disable tenants api
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* delete embedded outpost if it is disabled
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* make sure embedded outpost is disabled when tenants are enabled
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* management commands: add --schema option where relevant
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* store files per-tenant
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix embedded outpost deletion
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix files migration
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* add tenant api tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* add domain tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* add settings tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* make --schema-name default to public in mgmt commands
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* sources/ldap: make sure lock is per-tenant
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix stuff I broke
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix remaining failing tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* try fixing e2e tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* much better frontend, but save does not refresh form properly
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* update django-tenants with latest fixes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* i18n-extract
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* review comments
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* move event_retention from brands to tenants
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* wip
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* root: add support for storing media files in S3
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* use permissions for settings api
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* blueprints: disable tenants management
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix embedded outpost create/delete logic
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* make gen
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* make sure prometheus metrics are correctly served
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* makefile: don't delete the go api client when not regenerating it
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* tenants api: add recovery group and token creation endpoints
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix startup
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix prometheus metrics
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix web stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix migrations from stable
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix oauth source type import
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* Revert "fix oauth source type import"
This reverts commit d015fd0244.
* try with setting_changed signal
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* try with connection_created signal
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix scim tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix web after merge
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix enterprise settings
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* Revert "try with connection_created signal"
This reverts commit 764a999db8.
* Revert "try with setting_changed signal"
This reverts commit 32b40a3bbb.
* lib/expression: refactor expression compilation
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix django version
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix web after merge
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* relock poetry
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix reconcile
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* try running tenant save in a transaction
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* black
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* test: export postgres logs for debugging and use failfast
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* test: fix container name for logs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* do not copy tenant data
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* Revert "try running tenant save in a transaction"
This reverts commit da6dec5a61.
* Revert "do not copy tenant data"
This reverts commit d07ae9423672f068b0bd8be409ff9b58452a80f2.
* Revert "Revert "do not copy tenant data""
This reverts commit 4bffb19704.
* fix clone with nodata
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* why not
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* remove failfast
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove postgres query logging
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update reconcile logic to clearly differentiate between tenant and global
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix reconcile app decorator
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* enable django checks
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* actually nodata was unnecessary as we're cloning from template and not from public
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* pylint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* update django-tenants with sequence fix
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* actually update
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix e2e tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* add tests for settings api
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* add tests for recovery api
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* recovery tests: do them on a new tenant
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* web: fix system status being degraded when embedded outpost is disabled
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix recovery tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix tenants tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* lint-fix
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* lint-fix
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* update UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add management command to create a tenant
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add docs
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* release notes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* more docs
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* checklist
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* self review
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* spelling
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* make web after upgrading
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* remove extra xlif file
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* prettier
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* Revert "add management command to create a tenant"
This reverts commit 39d13c0447.
* split api into smaller files, only import urls when tenants is enabled
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* rewite some things on the release notes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* root: make sure install_id comes from public schema
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* require a license to use tenants
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix tenants tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix files migration
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* release notes: add warning about user sessions being invalidated
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* remove api disabled test, we can't test for it
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
---------
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
|
2024-01-23 14:28:06 +01:00 |
|
|
|
4a434d581d
|
root: handle SIGHUP and SIGUSR2, healthcheck gunicorn (#6630)
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
|
2023-09-27 11:34:29 +00:00 |
|
|
|
fd561ac802
|
root: connect to backend via socket (#6720)
* root: connect to gunicorn via socket
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* put socket in temp folder
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use non-socket connection for debug
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* don't hardcode local url
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix dev_server missing websocket
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* dedupe logging config between gunicorn and main app
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* slight refactor for proxy errors
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-09-02 17:58:37 +02:00 |
|
|
|
d22d147c8e
|
security: fix CVE-2023-36456 (#6171)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-07-06 18:16:26 +02:00 |
|
|
|
41d17dc543
|
internal: fix crash when port 9000 is in use (#4863)
fix crash when port 9000 is in use
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
2023-03-07 13:27:46 +01:00 |
|
|
|
bacf2afed1
|
internal: remove sentry proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-12-19 17:52:07 +01:00 |
|
|
|
276af8457d
|
root: make sentry DSN configurable (#4016)
* make sentry DSN configurable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* make proxy smarter
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix typo in config struct
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-11-15 16:05:29 +01:00 |
|
|
|
242423cf3c
|
internal: remove sentryhttp from main server mux to prevent double traces
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-09-03 16:41:47 +02:00 |
|
|
|
2ce8e18bab
|
internal: centralise config for listeners to use same config system everywhere (#3367)
* centralise config for listeners to use same config system everywhere
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#3360
* add docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-08-03 21:33:27 +02:00 |
|
|
|
393d7ec486
|
providers/proxy: no exposed urls (#3151)
* test any callback
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* dont detect callback in per-server handler
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use full redirect uri with both path and query param
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* correctly route to embedded outpost for callback signature
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix allowed redirects
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-07-30 17:51:01 +02:00 |
|
|
|
10b48b27b0
|
internal: walk config in go, check, parse and load from scheme like in python
closes #2719
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-07-26 11:33:37 +02:00 |
|
|
|
34b11524f1
|
tenants: add web certificate field, make authentik's core certificate configurable based on keypair
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-12-22 11:43:45 +01:00 |
|
|
|
b3ba083ff0
|
internal: cleanup logging, remove duplicate code
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-12-22 10:33:21 +01:00 |
|
|
|
f8aab40e3e
|
internal: cleanup duplicate and redundant code, properly set sentry SDK scope settings
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-12-16 11:00:19 +01:00 |
|
|
|
2ac9f5426d
|
outposts: don't panic when listening for metrics fails
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-11-19 10:37:13 +01:00 |
|
|
|
74382c6287
|
cmd/server: improve cleanup on shutdown
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-11-07 18:03:29 +01:00 |
|
|
|
0d02dbf55c
|
api: replace django sentry proxy with go proxy to prevent login issues
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-11-02 14:44:37 +01:00 |
|
|
|
aef9d27706
|
stages/authenticator_sms: Add SMS Authenticator Stage (#1577)
* stages/authenticator_sms: initial implementation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/admin: add initial stage UI
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/elements: clear invalid state when old input was invalid but new input is correct
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* stages/authenticator_sms: add more logic
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/user: add basic SMS settings
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* stages/authenticator_sms: initial working version
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* stages/authenticator_sms: add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/flows: optimise totp password manager entry on authenticator_validation stage
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/elements: add grouping support for table
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/admin: allow sms class in authenticator stage
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/admin: add grouping to more pages
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* stages/authenticator_validate: add SMS support
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* api: add throttling for flow executor based on session key and pending user
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web: fix style issues
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* ci: add workflow to compile backend translations
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-10-11 17:51:49 +02:00 |
|
|
|
6c603cdf80
|
internal: add internal healthchecking to prevent websocket errors
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-10-05 22:21:14 +02:00 |
|
|
|
3c1b70c355
|
outposts/proxyv2 (#1365)
* outposts/proxyv2: initial commit
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add rs256
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
more stuff
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add forward auth an sign_out
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
match cookie name
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
re-add support for rs256 for backwards compat
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add error handler
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
ensure unique user-agent is used
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
set cookie duration based on id_token expiry
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
build proxy v2
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add ssl
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add basic auth and custom header support
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add application cert loading
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
implement whitelist
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add redis
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
migrate embedded outpost to v2
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
remove old proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
providers/proxy: make token expiration configurable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add metrics
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* providers/proxy: only allow one redirect URI
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix docker build for proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* remove default port offset
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add AUTHENTIK_HOST_BROWSER
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* tests: fix e2e/integration tests not using proper tags
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* remove references of old port
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix user_attributes not being loaded correctly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup dependencies
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-08 18:04:56 +00:00 |
|
|
|
75476217a0
|
internal: fix web requests not having a logger set
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-04 13:52:47 +02:00 |
|
|
|
f01bc20d44
|
Embedded outpost (#1193)
* api: allow API requests as managed outpost's account when using secret_key
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* root: load secret key from env
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outposts: make listener IP configurable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outpost/proxy: run outpost in background and pass requests conditionally
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outpost: unify branding to embedded
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/admin: fix embedded outpost not being editable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web: fix mismatched host detection
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* tests/e2e: fix LDAP test not including user for embedded outpost
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* tests/e2e: fix user matching
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* api: add tests for secret_key auth
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* root: load environment variables using github.com/Netflix/go-env
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-07-29 11:30:30 +02:00 |
|
|
|
d678d33756
|
root: add support for PROXY protocol on listeners
closes #1161
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-07-20 11:03:09 +02:00 |
|
|
|
6ddd6bfa72
|
root: fix linting errors
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-07-18 20:54:34 +02:00 |
|
|
|
ff42663d3c
|
root: more code merging
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-06-29 16:21:00 +02:00 |
|
|
|
1005f341e4
|
Merge branch 'master' into inbuilt-proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
# Conflicts:
# internal/constants/constants.go
# outpost/pkg/version.go
|
2021-06-23 20:41:06 +02:00 |
|
|
|
5d26fa0403
|
gproxy: add sentry integration
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-05-04 14:28:48 +02:00 |
|
|
|
6725569ba8
|
gproxy: listen on tls
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-05-03 23:19:22 +02:00 |
|
|
|
988cf15b71
|
root: initial go proxy, update compose and helm
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-05-03 09:39:09 +02:00 |
|
