6b155621fe
blueprints: add default Password policy ( #11793 )
...
* add password policy to default password change flow
This change complies with the minimal compositional requirements by
NIST SP 800-63 Digital Identity Guidelines. See
https://pages.nist.gov/800-63-4/sp800-63b.html#password
More work is needed to comply with other parts of the Guidelines,
specifically
> If the chosen password is found on the blocklist, the CSP or verifier
> [...] SHALL provide the reason for rejection.
and
> Verifiers SHALL offer guidance to the subscriber to assist the user in
> choosing a strong password. This is particularly important following
> the rejection of a password on the blocklist as it discourages trivial
> modification of listed weak passwords.
* add docs for default Password policy
* remove HIBP from default Password policy
* add zxcvbn to default Password policy
* add fallback password error message to password policy, fix validation policy
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* reword docs
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com >
* add HIBP caveat
Co-authored-by: Jens L. <jens@goauthentik.io >
Signed-off-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com >
* separate policy into separate blueprint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use password policy for oobe flow
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* kiss
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
2024-11-11 13:31:30 +01:00
d817c646bd
sources: add Kerberos ( #10815 )
...
* sources: introduce new property mappings per-user and group
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* sources/ldap: migrate to new property mappings
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint-fix and make gen
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* web changes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* update tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* remove flatten for generic implem
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* rework migration
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint-fix
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* wip
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix migrations
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* re-add field migration to property mappings
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix migrations
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* more migrations fixes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* easy fixes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* migrate to propertymappingmanager
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* ruff and small fixes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* move mapping things into a separate class
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* migrations: use using(db_alias)
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* migrations: use built-in variable
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add docs
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add release notes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* wip
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* wip
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* wip
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* wip
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* wip
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* wip
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* wip
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* wip
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix login reverse
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* wip
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* wip
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* refactor source flow manager matching
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* kerberos sync with mode matching
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fixup
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* wip
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* finish frontend
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Optimised images with calibre/image-actions
* make web
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add test for internal password update
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix sync tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix filter
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* switch to blueprints property mappings, improvements to frontend
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* some more small fixes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix reverse
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* properly deal with password changes signals
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* actually deal with it properly
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* update docs
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint-fix
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* blueprints: realm as group: make it non default
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* small fixes and improvements
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* wip
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix title
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add password backend to default flow
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* link docs page properly, add in admin interface, add suggestions for how to apply changes to a fleet of machines
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add troubleshooting
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix default flow pass backend
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix flaky spnego tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* properly convert gssapi name to python str
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix unpickable types
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* make sure the last server token is returned to the client
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/developer-docs/setup/full-dev-environment.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/browser.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/browser.md
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/browser.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/browser.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/browser.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/browser.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/browser.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/browser.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/browser.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/browser.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/browser.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/browser.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/browser.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* more docs review
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix missing library
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix missing library again
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix web import
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix sync
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix sync v2
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix sync v3
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
---------
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
2024-10-23 17:58:29 +02:00
5b66dbe890
flows: provider invalidation ( #5048 )
...
* add initial
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add web stage for session end
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* migrate saml and tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* group flow settings when providers have multiple flows
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* adjust name for default provider invalidation
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-make migrations
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add invalidation_flow to saml importer
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-do migrations again
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update web stuff to get rid of old libraries
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make unbind flow for ldap configurable
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated: fix flow inspector
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* handle invalidation_flow as optional, as it should be
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* also fix ldap outpost
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* don't generate URL in client
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* actually make it work???
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix migration breaking things...?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start fixing tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix fallback
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-migrate
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix duplicate flow setting
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add migration
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix race condition with brand
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix oauth test
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix SAML tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add to wizard, fix required
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make required, start release notes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-10-14 15:35:12 +02:00
ba28e6de41
security: fix CVE-2024-47070 ( #11536 )
...
* security: fix CVE-2024-47070
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Update website/docs/security/CVE-2024-47070.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Jens L. <jens@beryju.org >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens L. <jens@beryju.org >
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
2024-09-27 16:18:37 +02:00
d24e2abe7f
rbac: rework API for terraform, add blueprint support ( #10698 )
...
* rbac: rework API slightly to improve terraform compatibility
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* sigh https://www.django-rest-framework.org/api-guide/filtering/#filtering-and-object-lookups
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add permission support for users global permissions
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add role support to blueprints
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix yaml tags
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add generated read-only role
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix web
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make permissions optional
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add object permission support to blueprints
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests kinda
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add more tests and fix bugs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-08-02 16:34:30 +02:00
6abbe1dd4b
web: fix mismatched button labels for boundpolicy and boundstage list ( #10551 )
...
* remove wrong help text for multi select
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make labelling for create and and bind existing more consistent
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix oobe missing label
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix application library empty state not shown
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix missing formatting for title on access denied stage
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-07-19 17:51:28 +02:00
0a5b8bea5d
stages/prompt: fix username field throwing error with existing user ( #9342 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-04-18 20:54:31 +02:00
7ef14eb86d
blueprints: only create default brand if no other default brand exists ( #9222 )
...
* blueprints: only create default brand if no other default brand exists
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix invalid blueprint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix flaky test, improve pytest output
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-04-12 14:59:48 +02:00
9f6dca1170
stages/authenticator_webauthn: add MDS support ( #9114 )
...
* web: align style to show current user for webauthn enroll
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* ask for aaguid
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* initial MDS import
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add API
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add restriction
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix api, add actual restriction
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* default authenticator name based on aaguid
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* connect device with device type
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix typo in webauthn stage name
this typo has been around for 3 years 8708e487ae (diff-bb4aee4a37f4b95c8daa7beb6bf6251d8d2b6deb8c16dce0cd7cb0d6cd71900aR16)jens@goauthentik.io >
* add fido2 dep
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add CI pipeline to automate updating blob
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests, include device type
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* exclude icon for now
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add passkeys aaguid
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make special unknown device type work, add docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-04-08 12:21:26 +02:00
852f6f2819
blueprints: fix default username field in user-settings flow ( #9136 )
...
should be username type not text
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-04-04 18:50:44 +02:00
5f19fa7c84
blueprints: fix tenant access error ( #8322 )
2024-01-26 11:52:10 +00:00
abc0c2d2a2
root: Multi-tenancy ( #7590 )
...
* tenants -> brands, init new tenant model, migrate some config to tenants
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* setup logging for tenants
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* configure celery and cache
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* small fixes, runs
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* task fixes, creation of tenant now works by cloning a template schema, some other small stuff
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix-tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* upstream fixes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix-pylint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix avatar tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* migrate config reputation_expiry as well
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix web rebase
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix migrations for template schema
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix migrations for template schema
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix migrations for template schema 3
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* revert reputation expiry migration
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix type
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix some more tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* website: tenants -> brands
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* try fixing e2e tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* start frontend :help:
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add ability to disable tenants api
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* delete embedded outpost if it is disabled
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* make sure embedded outpost is disabled when tenants are enabled
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* management commands: add --schema option where relevant
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* store files per-tenant
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix embedded outpost deletion
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix files migration
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add tenant api tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add domain tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add settings tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* make --schema-name default to public in mgmt commands
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* sources/ldap: make sure lock is per-tenant
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix stuff I broke
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix remaining failing tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* try fixing e2e tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* much better frontend, but save does not refresh form properly
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* update django-tenants with latest fixes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* i18n-extract
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* review comments
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* move event_retention from brands to tenants
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* wip
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* root: add support for storing media files in S3
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* use permissions for settings api
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* blueprints: disable tenants management
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix embedded outpost create/delete logic
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* make gen
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* make sure prometheus metrics are correctly served
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* makefile: don't delete the go api client when not regenerating it
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* tenants api: add recovery group and token creation endpoints
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix startup
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix prometheus metrics
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix web stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix migrations from stable
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix oauth source type import
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Revert "fix oauth source type import"
This reverts commit d015fd0244marc.schmitt@risson.space >
* try with connection_created signal
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix scim tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix web after merge
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix enterprise settings
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Revert "try with connection_created signal"
This reverts commit 764a999db832b40a3bbbmarc.schmitt@risson.space >
* fix django version
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix web after merge
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* relock poetry
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix reconcile
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* try running tenant save in a transaction
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* black
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* test: export postgres logs for debugging and use failfast
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* test: fix container name for logs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* do not copy tenant data
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Revert "try running tenant save in a transaction"
This reverts commit da6dec5a614bffb19704marc.schmitt@risson.space >
* why not
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* remove failfast
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove postgres query logging
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update reconcile logic to clearly differentiate between tenant and global
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix reconcile app decorator
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* enable django checks
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* actually nodata was unnecessary as we're cloning from template and not from public
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* pylint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* update django-tenants with sequence fix
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* actually update
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix e2e tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add tests for settings api
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add tests for recovery api
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* recovery tests: do them on a new tenant
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* web: fix system status being degraded when embedded outpost is disabled
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix recovery tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix tenants tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint-fix
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint-fix
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* update UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add management command to create a tenant
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add docs
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* release notes
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* more docs
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* checklist
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* self review
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* spelling
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* make web after upgrading
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* remove extra xlif file
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* prettier
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* Revert "add management command to create a tenant"
This reverts commit 39d13c0447jens@goauthentik.io >
* rewite some things on the release notes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* root: make sure install_id comes from public schema
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* require a license to use tenants
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix tenants tests
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix files migration
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* release notes: add warning about user sessions being invalidated
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* remove api disabled test, we can't test for it
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
---------
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2024-01-23 14:28:06 +01:00
b1c7c228c3
stages/authenticator_validate: use friendly_name for stage selector when enrolling ( #8255 )
...
* stages/authenticator_validate: use friendly_name for stage selector when enrolling
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-01-22 16:06:38 +01:00
261879022d
security: fix oobe-flow reuse when akadmin is deleted ( #7361 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-10-28 21:24:06 +02:00
1ffb7efed6
blueprints: fix policy exception causing password stage to be skipped after upgrade ( #6674 )
...
* blueprints: fix policy exception causing password stage to be skipped after upgrade
* make policy more fault tolerant
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-08-30 00:08:04 +02:00
10b0c84d97
root: migrate bootstrap to blueprints ( #6433 )
...
* remove old bootstrap
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add meta model to set user password
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* ensure KeyOf works with objects in the state of created that already exist
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* migrate
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add support for shorter form !If tag
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* allow !Context to resolve other yaml tags
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* don't require serializer to be valid for deleting an object
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix check if a model is being created
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove duplicate way to set password
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* migrate token
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* only change what is required with migrations
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add description
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix admin status
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* expand tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* don't require bootstrap in events to fix ci?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-07-31 19:34:46 +02:00
5139656e95
blueprints: prevent duplicate password stage in default flow when using combined identification stage ( #6432 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-07-31 13:42:35 +02:00
2f469d2709
root: partial Live-updating config ( #5959 )
...
* stages/email: directly use email credentials from config
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use custom database backend that supports dynamic credentials
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add crude config reloader
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make method names for CONFIG clearer
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* replace config.set with environ
Not sure if this is the cleanest way, but it persists through a config reload
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-add set for @patch
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* even more crudeness
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* clean up some old stuff?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* somewhat rewrite config loader to keep track of a source of an attribute so we can refresh it
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* cleanup old things
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix flow e2e
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-07-19 23:13:22 +02:00
ee6edec1d8
stages/prompt: Add initial_data prompt field and ability to select a default choice for choice fields ( #5095 )
...
* Added initial_value to model
* Added initial_value to admin panel
* Added initial_value support to flows; updated tests
* Updated default blueprints
* update docs
* Fix test
* Fix another test
* Fix yet another test
* Add placeholder migration
* Remove unused import
2023-04-19 12:27:51 +02:00
80f4fccd35
providers/oauth2: OpenID conformance ( #4758 )
...
* don't open inspector by default when debug is enabled
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* encode error in fragment when using hybrid grant_type
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* require nonce for all response_types that get an id_token from the authorization endpoint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* don't set empty family_name
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* only set at_hash when response has token
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* cleaner way to get login time
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove authentication requirement from authentication flow
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use wrapper
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix auth_time not being handled correctly
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* minor cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add test files
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove USER_LOGIN_AUTHENTICATED
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rework prompt=login handling
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* also set last login uid for max_age check to prevent double login when max_age and prompt=login is set
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-02-23 15:26:41 +01:00
55782d3929
blueprints: don't update default tenant
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-01-31 15:17:05 +01:00
53b65a9d1a
stages/prompt: field name ( #4497 )
...
* add prompt field name
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove numerical prefix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix missing name
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use text field
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add description label
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add migrate blueprint to remove old stages
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add task to remove unretrievable blueprints
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix blueprint test paths
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* actually fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests even more
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix fixtures
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-01-24 12:23:22 +01:00
813f70b806
blueprints: fix OOB email field overwriting user settings email field
...
closes #4317
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-01-18 19:40:47 +01:00
f1b3598a0f
blueprints: don't set session_duration in default and example flows ( #4448 )
...
closes #3944
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2023-01-16 13:18:25 +01:00
a960ce9454
stages/user_write: add more user creation options ( #4367 )
...
* add more user creation options
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* update blueprints and docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2023-01-05 15:46:20 +01:00
84fbeb5721
security: fix CVE 2022 46172 ( #4275 )
...
* fallback to current user in user_write, add flag to disable user creation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* update api and web ui
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* update default flows
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add cve post to website
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-12-23 14:12:58 +01:00
3b973e12a4
blueprints: don't require auth on invalidation flow
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-12-19 10:33:54 +01:00
db95dfe38d
security: fix CVE 2022 46145 ( #4140 )
...
* add flow authentication requirement
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add website for cve
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* flows: handle FlowNonApplicableException without policy result
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-12-02 16:14:25 +01:00
5026cebf02
stages/consent: default to expiring consent instead of always_require
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-09-10 13:25:28 +02:00
54ba3e9616
blueprints: add meta model to apply blueprint within blueprint for dependencies ( #3486 )
...
* add meta model to apply blueprint within blueprint for dependencies
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* use custom registry
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix again
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* move ManagedAppConfig to apps.py
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* rename manager to registry
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* ci: use full tag in comment
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-08-29 21:20:58 +02:00
0ab8f4eed7
blueprints: add required password stage backends
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-08-19 15:59:41 +01:00
070714abe4
website/docs: add more blueprint docs
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-08-19 12:16:02 +01:00
89fef0ae72
blueprints: docs ( #3376 )
...
* further blueprint cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* more
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* make group users and parent optional
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix api client usage
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-08-06 00:52:12 +02:00
ec42d378ab
blueprints/cleanup ( #3369 )
2022-08-05 08:39:00 +02:00
d1004e3798
blueprints: webui ( #3356 )
2022-08-03 00:05:49 +02:00
a023eee9bf
blueprints: migrate from managed ( #3338 )
...
* test all bundled blueprints
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix empty title
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix default blueprints
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add script to generate dev config
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* migrate managed to blueprints
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add more to blueprint instance
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* migrated away from ObjectManager
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix lint errors
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* migrate things
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* migrate tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix some tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix a bit more
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix more tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* whops
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix missing name
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* *sigh*
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix more tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add tasks
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* scheduled
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* run discovery on start
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* oops this test should stay
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-08-01 23:05:58 +02:00
89c84f10d0
blueprints: v1 ( #1573 )
...
* managed: move flowexporter to managed
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* *: implement SerializerModel in all models
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* managed: add initial api
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* managed: start blueprint
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* managed: spec
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* version blueprint
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* yep
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* remove v2, improve v1
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* start custom tag, more rebrand
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add default flows
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* move blueprints out of website
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* try new things
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* add !lookup, fix web
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* update and cleanup default
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix tags in lists
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* don't save field if its set to default value
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* more flow cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* format web
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix missing serializer for sms
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* ignore _set fields
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* remove custom file extension
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* migrate default flow to tenant
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* include blueprints
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
* fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org >
2022-07-31 17:11:44 +02:00
