0a5b8bea5d
stages/prompt: fix username field throwing error with existing user ( #9342 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-04-18 20:54:31 +02:00
7ef14eb86d
blueprints: only create default brand if no other default brand exists ( #9222 )
...
* blueprints: only create default brand if no other default brand exists
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix invalid blueprint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix flaky test, improve pytest output
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-04-12 14:59:48 +02:00
9f6dca1170
stages/authenticator_webauthn: add MDS support ( #9114 )
...
* web: align style to show current user for webauthn enroll
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* ask for aaguid
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* initial MDS import
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add API
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add restriction
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix api, add actual restriction
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* default authenticator name based on aaguid
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* connect device with device type
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix typo in webauthn stage name
this typo has been around for 3 years 8708e487ae (diff-bb4aee4a37f4b95c8daa7beb6bf6251d8d2b6deb8c16dce0cd7cb0d6cd71900aR16)jens@goauthentik.io >
* add fido2 dep
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add CI pipeline to automate updating blob
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests, include device type
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* exclude icon for now
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add passkeys aaguid
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make special unknown device type work, add docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-04-08 12:21:26 +02:00
852f6f2819
blueprints: fix default username field in user-settings flow ( #9136 )
...
should be username type not text
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-04-04 18:50:44 +02:00
5f19fa7c84
blueprints: fix tenant access error ( #8322 )
2024-01-26 11:52:10 +00:00
abc0c2d2a2
root: Multi-tenancy ( #7590 )
...
* tenants -> brands, init new tenant model, migrate some config to tenants
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* setup logging for tenants
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* configure celery and cache
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* small fixes, runs
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* task fixes, creation of tenant now works by cloning a template schema, some other small stuff
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix-tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* upstream fixes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix-pylint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix avatar tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* migrate config reputation_expiry as well
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix web rebase
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix migrations for template schema
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix migrations for template schema
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix migrations for template schema 3
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* revert reputation expiry migration
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix type
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix some more tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* website: tenants -> brands
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* try fixing e2e tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* start frontend :help:
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add ability to disable tenants api
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* delete embedded outpost if it is disabled
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* make sure embedded outpost is disabled when tenants are enabled
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* management commands: add --schema option where relevant
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* store files per-tenant
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix embedded outpost deletion
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix files migration
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add tenant api tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add domain tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add settings tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* make --schema-name default to public in mgmt commands
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* sources/ldap: make sure lock is per-tenant
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix stuff I broke
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix remaining failing tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* try fixing e2e tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* much better frontend, but save does not refresh form properly
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* update django-tenants with latest fixes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* i18n-extract
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* review comments
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* move event_retention from brands to tenants
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* wip
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* root: add support for storing media files in S3
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* use permissions for settings api
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* blueprints: disable tenants management
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix embedded outpost create/delete logic
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* make gen
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* make sure prometheus metrics are correctly served
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* makefile: don't delete the go api client when not regenerating it
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* tenants api: add recovery group and token creation endpoints
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix startup
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix prometheus metrics
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix web stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix migrations from stable
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix oauth source type import
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Revert "fix oauth source type import"
This reverts commit d015fd0244marc.schmitt@risson.space >
* try with connection_created signal
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix scim tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix web after merge
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix enterprise settings
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Revert "try with connection_created signal"
This reverts commit 764a999db832b40a3bbbmarc.schmitt@risson.space >
* fix django version
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix web after merge
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* relock poetry
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix reconcile
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* try running tenant save in a transaction
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* black
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* test: export postgres logs for debugging and use failfast
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* test: fix container name for logs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* do not copy tenant data
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Revert "try running tenant save in a transaction"
This reverts commit da6dec5a614bffb19704marc.schmitt@risson.space >
* why not
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* remove failfast
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove postgres query logging
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update reconcile logic to clearly differentiate between tenant and global
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix reconcile app decorator
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* enable django checks
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* actually nodata was unnecessary as we're cloning from template and not from public
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* pylint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* update django-tenants with sequence fix
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* actually update
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix e2e tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add tests for settings api
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add tests for recovery api
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* recovery tests: do them on a new tenant
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* web: fix system status being degraded when embedded outpost is disabled
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix recovery tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix tenants tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint-fix
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint-fix
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* update UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add management command to create a tenant
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add docs
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* release notes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* more docs
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* checklist
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* self review
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* spelling
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* make web after upgrading
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* remove extra xlif file
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* prettier
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Revert "add management command to create a tenant"
This reverts commit 39d13c0447jens@goauthentik.io >
* rewite some things on the release notes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* root: make sure install_id comes from public schema
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* require a license to use tenants
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix tenants tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix files migration
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* release notes: add warning about user sessions being invalidated
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* remove api disabled test, we can't test for it
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
---------
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2024-01-23 14:28:06 +01:00
b1c7c228c3
stages/authenticator_validate: use friendly_name for stage selector when enrolling ( #8255 )
...
* stages/authenticator_validate: use friendly_name for stage selector when enrolling
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-01-22 16:06:38 +01:00
261879022d
security: fix oobe-flow reuse when akadmin is deleted ( #7361 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-10-28 21:24:06 +02:00
1ffb7efed6
blueprints: fix policy exception causing password stage to be skipped after upgrade ( #6674 )
...
* blueprints: fix policy exception causing password stage to be skipped after upgrade
* make policy more fault tolerant
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-08-30 00:08:04 +02:00
10b0c84d97
root: migrate bootstrap to blueprints ( #6433 )
...
* remove old bootstrap
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add meta model to set user password
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* ensure KeyOf works with objects in the state of created that already exist
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* migrate
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add support for shorter form !If tag
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* allow !Context to resolve other yaml tags
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* don't require serializer to be valid for deleting an object
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix check if a model is being created
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove duplicate way to set password
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* migrate token
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* only change what is required with migrations
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add description
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix admin status
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* expand tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* don't require bootstrap in events to fix ci?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-07-31 19:34:46 +02:00
5139656e95
blueprints: prevent duplicate password stage in default flow when using combined identification stage ( #6432 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-07-31 13:42:35 +02:00
2f469d2709
root: partial Live-updating config ( #5959 )
...
* stages/email: directly use email credentials from config
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use custom database backend that supports dynamic credentials
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add crude config reloader
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make method names for CONFIG clearer
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* replace config.set with environ
Not sure if this is the cleanest way, but it persists through a config reload
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-add set for @patch
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* even more crudeness
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* clean up some old stuff?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* somewhat rewrite config loader to keep track of a source of an attribute so we can refresh it
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* cleanup old things
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix flow e2e
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-07-19 23:13:22 +02:00
ee6edec1d8
stages/prompt: Add initial_data prompt field and ability to select a default choice for choice fields ( #5095 )
...
* Added initial_value to model
* Added initial_value to admin panel
* Added initial_value support to flows; updated tests
* Updated default blueprints
* update docs
* Fix test
* Fix another test
* Fix yet another test
* Add placeholder migration
* Remove unused import
2023-04-19 12:27:51 +02:00
80f4fccd35
providers/oauth2: OpenID conformance ( #4758 )
...
* don't open inspector by default when debug is enabled
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* encode error in fragment when using hybrid grant_type
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* require nonce for all response_types that get an id_token from the authorization endpoint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* don't set empty family_name
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* only set at_hash when response has token
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* cleaner way to get login time
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove authentication requirement from authentication flow
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use wrapper
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix auth_time not being handled correctly
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* minor cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add test files
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove USER_LOGIN_AUTHENTICATED
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rework prompt=login handling
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* also set last login uid for max_age check to prevent double login when max_age and prompt=login is set
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-02-23 15:26:41 +01:00
55782d3929
blueprints: don't update default tenant
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-01-31 15:17:05 +01:00
53b65a9d1a
stages/prompt: field name ( #4497 )
...
* add prompt field name
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove numerical prefix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix missing name
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use text field
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add description label
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add migrate blueprint to remove old stages
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add task to remove unretrievable blueprints
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix blueprint test paths
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* actually fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests even more
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix fixtures
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-01-24 12:23:22 +01:00
813f70b806
blueprints: fix OOB email field overwriting user settings email field
...
closes #4317
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-01-18 19:40:47 +01:00
f1b3598a0f
blueprints: don't set session_duration in default and example flows ( #4448 )
...
closes #3944
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-01-16 13:18:25 +01:00
a960ce9454
stages/user_write: add more user creation options ( #4367 )
...
* add more user creation options
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* update blueprints and docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2023-01-05 15:46:20 +01:00
84fbeb5721
security: fix CVE 2022 46172 ( #4275 )
...
* fallback to current user in user_write, add flag to disable user creation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* update api and web ui
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* update default flows
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add cve post to website
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-12-23 14:12:58 +01:00
3b973e12a4
blueprints: don't require auth on invalidation flow
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-12-19 10:33:54 +01:00
db95dfe38d
security: fix CVE 2022 46145 ( #4140 )
...
* add flow authentication requirement
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add website for cve
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* flows: handle FlowNonApplicableException without policy result
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-12-02 16:14:25 +01:00
5026cebf02
stages/consent: default to expiring consent instead of always_require
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-09-10 13:25:28 +02:00
54ba3e9616
blueprints: add meta model to apply blueprint within blueprint for dependencies ( #3486 )
...
* add meta model to apply blueprint within blueprint for dependencies
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* use custom registry
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix again
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* move ManagedAppConfig to apps.py
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* rename manager to registry
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* ci: use full tag in comment
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-08-29 21:20:58 +02:00
0ab8f4eed7
blueprints: add required password stage backends
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-08-19 15:59:41 +01:00
070714abe4
website/docs: add more blueprint docs
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-08-19 12:16:02 +01:00
89fef0ae72
blueprints: docs ( #3376 )
...
* further blueprint cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* more
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* make group users and parent optional
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix api client usage
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-08-06 00:52:12 +02:00
ec42d378ab
blueprints/cleanup ( #3369 )
2022-08-05 08:39:00 +02:00
d1004e3798
blueprints: webui ( #3356 )
2022-08-03 00:05:49 +02:00
a023eee9bf
blueprints: migrate from managed ( #3338 )
...
* test all bundled blueprints
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix empty title
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix default blueprints
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add script to generate dev config
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* migrate managed to blueprints
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add more to blueprint instance
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* migrated away from ObjectManager
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix lint errors
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* migrate things
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* migrate tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix some tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix a bit more
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix more tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* whops
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix missing name
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* *sigh*
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix more tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add tasks
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* scheduled
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* run discovery on start
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* oops this test should stay
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-08-01 23:05:58 +02:00
89c84f10d0
blueprints: v1 ( #1573 )
...
* managed: move flowexporter to managed
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* *: implement SerializerModel in all models
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* managed: add initial api
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* managed: start blueprint
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* managed: spec
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* version blueprint
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* yep
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* remove v2, improve v1
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* start custom tag, more rebrand
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add default flows
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* move blueprints out of website
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* try new things
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add !lookup, fix web
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* update and cleanup default
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix tags in lists
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* don't save field if its set to default value
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* more flow cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* format web
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix missing serializer for sms
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* ignore _set fields
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* remove custom file extension
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* migrate default flow to tenant
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* include blueprints
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-07-31 17:11:44 +02:00
