aa4f817856
admin: monitor worker version ( #12463 )
...
* root: include version in celery ping
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* check version in worker endpoint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* include worker version in prom metrics
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-12-23 22:13:38 +01:00
3eaaa35a4c
release: 2024.12.1 ( #12466 )
2024-12-23 20:51:05 +01:00
6b8782556c
blueprints: fix schema for meta models ( #12421 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-12-20 03:27:28 +01:00
3367ac0e08
root: backport version bump ( #12426 )
2024-12-19 21:27:13 +01:00
40a7135c0c
core: app entitlements ( #12090 )
...
* core: initial app entitlements
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* base off of pbm
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add tests and oauth2
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add to proxy
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rewrite to use bindings
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make policy bindings form and list more customizable
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* double fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* refine permissions
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add missing rbac modal to app entitlements
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* separate scope for app entitlements
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* include entitlements mapping in proxy
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add API validation to prevent policies from being bound to entitlements
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make preview
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add initial docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove duplicate docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-12-18 14:32:44 +01:00
1a1d499833
sources/oauth: allow creation of user connection objects with parameters ( #12195 )
...
* sources/oauth: allow creation of user connection objects with parameters
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix web
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* tix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add for all
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* align
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-12-18 13:28:22 +01:00
ff504a3b80
stages/redirect: create redirect stage ( #12275 )
...
* create redirect stage
* show "keep context" toggle in Flow mode only
* fix typos
* add docs
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
* simplify property pass
* simplify toggle
* remove `print` statements
whoops
* fix typo
* remove default from `RedirectStage.mode`
* remove migration
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* oops
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* adjust docs
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2024-12-12 18:00:09 +01:00
deacc17832
sources/kerberos: add kadmin type setting, provide additional context to property mappings ( #12286 )
2024-12-12 13:25:43 +01:00
e5dd923333
release: 2024.10.5 ( #12319 )
...
* release: 2024.10.5
* manually bump aws version
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-12-10 19:20:01 +01:00
19488b7b9e
providers/oauth2: Add provider federation between OAuth2 Providers ( #12083 )
...
* rename + add field
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* initial implementation
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* refactor
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rework source cc tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-migrate
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix a
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Apply suggestions from code review
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Jens L. <jens@beryju.org >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens L. <jens@beryju.org >
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
2024-12-03 11:57:10 +02:00
520148bba4
root: Backport version change ( #12146 )
...
* release: 2024.10.3
* release: 2024.10.4
2024-11-22 01:51:30 +01:00
85bb638243
security: fix CVE 2024 52289 ( #12113 )
...
* initial migration
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* migrate tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix loading
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start dynamic ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* initial ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add serialize
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add error message handling
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix/add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* prepare docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* migrate to new input
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-11-21 14:46:43 +01:00
6702f34b40
release: 2024.10.2 ( #12031 )
2024-11-15 00:53:40 +01:00
6b155621fe
blueprints: add default Password policy ( #11793 )
...
* add password policy to default password change flow
This change complies with the minimal compositional requirements by
NIST SP 800-63 Digital Identity Guidelines. See
https://pages.nist.gov/800-63-4/sp800-63b.html#password
More work is needed to comply with other parts of the Guidelines,
specifically
> If the chosen password is found on the blocklist, the CSP or verifier
> [...] SHALL provide the reason for rejection.
and
> Verifiers SHALL offer guidance to the subscriber to assist the user in
> choosing a strong password. This is particularly important following
> the rejection of a password on the blocklist as it discourages trivial
> modification of listed weak passwords.
* add docs for default Password policy
* remove HIBP from default Password policy
* add zxcvbn to default Password policy
* add fallback password error message to password policy, fix validation policy
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* reword docs
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com >
* add HIBP caveat
Co-authored-by: Jens L. <jens@goauthentik.io >
Signed-off-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com >
* separate policy into separate blueprint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use password policy for oobe flow
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* kiss
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
2024-11-11 13:31:30 +01:00
4f1ddc5779
stages/captcha: Run interactive captcha in Frame ( #11857 )
...
* initial turnstile frame
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add interactive flag
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add interactive support for all
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix missing migration
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* don't hide in identification stage if interactive
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fixup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* require less hacky css
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-11-11 13:20:49 +01:00
0a862e4fff
root: backport version bump 2024.10.1 ( #11929 )
...
release: 2024.10.1
2024-11-05 20:29:31 +01:00
7352f37b05
enterprise/rac: fix API Schema for invalidation_flow ( #11907 )
...
* enterprise/rac: fix API Schema for invalidation_flow
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-11-04 19:33:31 +01:00
8245d08ddb
root: backport version bump 2024.10.0 ( #11868 )
...
* release: 2024.10.0-rc1
* root: `bumpversion` 2024.10 (#11865 )
release: 2024.10.0
2024-10-31 00:39:41 +01:00
c38adcf25a
sources/kerberos: add kiprop to ignored system principals ( #11852 )
2024-10-29 17:30:33 +01:00
9ee0ba141c
stages/identification: add captcha to identification stage ( #11711 )
...
* add captcha to identification stage
* simplify component invocations
* fail fast on `onTokenChange` default behavior
* reword docs
* rename `token` to `captcha_token` in Identification stage contexts
(In Captcha stage contexts the name `token` seems well-scoped.)
* use `nothing` instead of ``` html`` ```
* remove rendered Captcha component from document flow on Identification stages
Note: this doesn't remove the captcha itself, if interactive, only the loading
indicator.
* add invisible requirement to captcha on Identification stage
* stylize docs
* add friendlier error messages to Captcha stage
* fix tests
* make captcha error messages even friendlier
* add test case to retriable captcha
* use default
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2024-10-25 08:13:35 +02:00
3bdb287b78
providers/oauth2: fix amr claim not set due to login event not associated ( #11780 )
...
* providers/oauth2: fix amr claim not set due to login event not associated
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add sid claim
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* import engine only once
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove manual sid extraction from proxy, add test, make session key hashing more obvious
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated string fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-10-23 21:29:18 +02:00
d817c646bd
sources: add Kerberos ( #10815 )
...
* sources: introduce new property mappings per-user and group
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* sources/ldap: migrate to new property mappings
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint-fix and make gen
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* web changes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* update tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* remove flatten for generic implem
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* rework migration
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint-fix
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* wip
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix migrations
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* re-add field migration to property mappings
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix migrations
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* more migrations fixes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* easy fixes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* migrate to propertymappingmanager
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* ruff and small fixes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* move mapping things into a separate class
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* migrations: use using(db_alias)
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* migrations: use built-in variable
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add docs
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add release notes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* wip
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* wip
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* wip
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* wip
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* wip
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* wip
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* wip
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* wip
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix login reverse
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* wip
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* wip
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* refactor source flow manager matching
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* kerberos sync with mode matching
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fixup
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* wip
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* finish frontend
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Optimised images with calibre/image-actions
* make web
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add test for internal password update
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix sync tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix filter
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* switch to blueprints property mappings, improvements to frontend
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* some more small fixes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix reverse
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* properly deal with password changes signals
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* actually deal with it properly
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* update docs
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint-fix
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* blueprints: realm as group: make it non default
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* small fixes and improvements
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* wip
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix title
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add password backend to default flow
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* link docs page properly, add in admin interface, add suggestions for how to apply changes to a fleet of machines
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add troubleshooting
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix default flow pass backend
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix flaky spnego tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* properly convert gssapi name to python str
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix unpickable types
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* make sure the last server token is returned to the client
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/developer-docs/setup/full-dev-environment.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/browser.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/browser.md
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/browser.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/browser.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/browser.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/browser.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/browser.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/browser.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/browser.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/browser.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/browser.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/browser.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/browser.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* more docs review
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix missing library
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix missing library again
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix web import
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix sync
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix sync v2
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix sync v3
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
---------
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
2024-10-23 17:58:29 +02:00
cec3fdb612
stages: authenticator_endpoint_gdtc ( #10477 )
...
* rework
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add loading overlay for chrome
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Apply suggestions from code review
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Jens L. <jens@beryju.org >
* save data
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix web ui, prevent deletion
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* text fixes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens L. <jens@beryju.org >
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
2024-10-22 22:46:46 +02:00
47206d3328
providers/oauth2: add initial JWE support ( #11344 )
...
* providers/oauth2: add initial JWE support
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-migrate, only set id_token_encryption_* when encryption key is set
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add jwks test with encryption
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-10-17 14:04:19 +02:00
075944abba
providers/scim: add option to ignore SCIM server cert ( #11437 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-10-14 17:03:58 +02:00
5b66dbe890
flows: provider invalidation ( #5048 )
...
* add initial
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add web stage for session end
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* migrate saml and tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* group flow settings when providers have multiple flows
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* adjust name for default provider invalidation
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-make migrations
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add invalidation_flow to saml importer
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-do migrations again
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update web stuff to get rid of old libraries
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make unbind flow for ldap configurable
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated: fix flow inspector
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* handle invalidation_flow as optional, as it should be
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* also fix ldap outpost
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* don't generate URL in client
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* actually make it work???
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix migration breaking things...?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start fixing tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix fallback
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-migrate
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix duplicate flow setting
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add migration
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix race condition with brand
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix oauth test
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix SAML tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add to wizard, fix required
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make required, start release notes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-10-14 15:35:12 +02:00
77c595a0fd
sources/saml: fix NameIDFormat descriptor in metadata generation ( #11614 )
...
* source/saml - Changed namespace of X509SSubjectName NameIDFormat
Under the SAML2 Core spec
(http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf )
8.3.3 the URI of the 5.509 Subject Name contains SAML:1.1 and not
SAML:2.0
* source/saml - Change NameIDFormat descriptor build logic to only append chosen format for the source.
* Merge diff
2024-10-11 14:27:36 +02:00
975b6e53a6
release: 2024.8.3 ( #11542 )
2024-09-27 16:58:04 +02:00
ba28e6de41
security: fix CVE-2024-47070 ( #11536 )
...
* security: fix CVE-2024-47070
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Update website/docs/security/CVE-2024-47070.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Jens L. <jens@beryju.org >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens L. <jens@beryju.org >
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
2024-09-27 16:18:37 +02:00
5822653155
release: 2024.8.2 ( #11395 )
2024-09-16 15:02:51 +02:00
b8ae028d4d
root: backport release 2024.8.1 ( #11273 )
...
release: 2024.8.1
2024-09-08 01:35:15 +02:00
02ae099bdf
root: version 2024.8 backport ( #11166 )
...
* schemas: fix XML Schema loading...for some reason?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* release: 2024.8.0-rc1
* release: 2024.8.0
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
# Conflicts:
# .bumpversion.cfg
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-09-03 14:41:40 +02:00
a6225ad7a7
root: backport version bump ( #11045 )
...
* fix outpost form not loading apps for correct type
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix bug from previous pr
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* release: 2024.6.4
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-08-23 16:33:07 +02:00
eb5842fa5a
rbac: generate blueprint schema permissions from defined models not DB ( #10962 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-08-19 13:44:13 +02:00
d577152f83
providers/SAML: encryption support ( #10934 )
...
* providers/saml: add option to sign assertion and or response
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add encryption
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add form option
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add tests for API
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-08-17 21:10:28 +02:00
8f53d0b9f3
providers/ldap: Remove search group ( #10639 )
...
* remove search_group
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make api operations cleaerer
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix migration
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* actually use get
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use correct api client for ldap
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix migration
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated: fix migration warning
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated: fix styling issue in dark mode
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated-ish fix button order in wizard
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated: fix missing css import
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Optimised images with calibre/image-actions
* Update index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Jens L. <jens@beryju.org >
* Update index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Jens L. <jens@beryju.org >
* Apply suggestions from code review
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Jens L. <jens@beryju.org >
* update release notes based on new template
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens L. <jens@beryju.org >
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
2024-08-14 16:31:11 +02:00
a073b7a5b1
enterprise: add support for license flags ( #10842 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-08-09 22:20:01 +02:00
4b5bb77d99
enterprise: UI improvements, better handling of expiry ( #10828 )
...
* web/admin: show enterprise banner on the very top
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rework license
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix a bunch of things
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add some more tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add more tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix middleware
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* better api
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add tests for and fix read only mode
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* field name consistency
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-08-09 14:26:38 +02:00
68af5b0572
sources/plex: add property mappings ( #10772 )
2024-08-08 11:36:24 +02:00
19c3f7dd80
sources/saml: Basic support for EncryptedAssertion element. ( #10099 )
...
* source/saml: Updated backend for encrypted assertion support
* source/saml: all lint-fix checks passed
* source/saml: Used Optional type instead of union, on enc_key_descriptor type hint
* source/saml: request_encrypted_assertion model field migration
* source/saml: Added 'noqa' comment to type hint on encryption key descriptor
* small fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add to UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add some error handling
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* sources/saml: Pivot to encryption_kp model field, instead of request_encryption bool
* sources/saml: Typo fix
* re-create migrations
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update web
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add to release notes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add improve error handling, add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* test metadata with encryption and remove WantAssertionsEncrypted since it's not in the schema
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated fix to radius path
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix unrelated fix...sigh
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-migrate
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2024-08-07 19:58:28 +02:00
83b02a17d5
sources: add property mappings for all oauth and saml sources ( #8771 )
...
Co-authored-by: Jens L. <jens@goauthentik.io >
2024-08-07 19:14:22 +02:00
f7b16ed723
policies: add GeoIP policy ( #10454 )
...
* add GeoIP policy
* handle empty lists of ASNs and countries
* handle missing GeoIP database or missing IP from the database
The exceptions raised here are `PolicyException`s to let admins bypass
an execution failure.
* fix translations
whoops
* remove `GeoIPPolicyMode`
Use the policy binding's `negate` option instead
* fix `DataProvision` typing
`ak-dual-select-provider` can handle unpaginated data
* use `django-countries` instead of a static list of countries for ISO-3166
* simplify `GeoIPPolicyForm`
* pass `GeoIPPolicy` on empty policy
* add backend tests to `GeoIPPolicy`
* revise translations
* move `iso-3166/` to `policies/geoip_iso3166/`
* add client-side caching to ISO3166 API call
* fix `GeoIPPolicy` creation
The automatically generated APIs can't seem to handle `CountryField`,
so I'll have to do this by hand too.
* add docs for GeoIP Policy
* docs: stylize
add review suggestions from @tanberry
* refactor `GeoIPPolicy` API
It is now as declarative as I could make it.
* clean up `api.py` and `views.py`
2024-08-06 10:37:29 +00:00
4363c899ac
release: 2024.6.3
2024-08-05 20:08:28 +02:00
d24e2abe7f
rbac: rework API for terraform, add blueprint support ( #10698 )
...
* rbac: rework API slightly to improve terraform compatibility
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* sigh https://www.django-rest-framework.org/api-guide/filtering/#filtering-and-object-lookups
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add permission support for users global permissions
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add role support to blueprints
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix yaml tags
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add generated read-only role
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix web
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make permissions optional
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add object permission support to blueprints
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests kinda
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add more tests and fix bugs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-08-02 16:34:30 +02:00
e60c36b889
release: 2024.6.2
2024-08-01 01:13:29 +02:00
3b1c42776b
sources/scim: add property mappings ( #10650 )
...
* sources/scim: add property mappings
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix filterset
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix doc link
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
---------
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
2024-07-29 22:32:51 +02:00
61c6887e82
providers/radius: Add support for custom attributes ( #10509 )
...
* unrelated: show logs for failed blueprints
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add dictionaries
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated: remove some unused api functions
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add initial api
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* placeholder backend
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* idk
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add proper mappings
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-07-25 19:08:33 +02:00
ced4533890
sources/ldap: rename ldappropertymapping to ldapsourcepropertymapping ( #10606 )
2024-07-25 16:09:36 +02:00
e65b905301
sources: refactor user connection api ( #10607 )
2024-07-25 14:16:50 +02:00
5a8d580c86
core: b2c improvements p1 ( #9257 )
...
* add default app and restrict
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* also pass raw email token for custom email templates
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* revoke access token when user logs out
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remigrate
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add command to change user types
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add some docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* blankable
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* actually fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-07-23 11:10:38 +02:00
