Docker needs access to the git repo, if only as read-only.

This commit moves the build of the web into a sub-repository and refactors the build instructions to
understand that move.  The simple result at this time will be just a move and a re-arrangement of
the build paths so that the final product is still deposited in the `./dist` folder.

Only a few "functional" changes have been made:

- The core package has been renamed '@goauthentik/authentik' to distinguish itself from the root
  package name '@goauthentik/web'.
- The codespell paths have been updated
- The path to the imported markdown documentation has been updated.
- TSConfig.json has been split into a "base" and "build" pair. This is necessary because our future
  builds will use a slightly different configuration from our linters, as the former do not need the
  typing information (their job is to strip it away, leaving us with pure JavaScript), and the
  latter very definitely need it to make our IDE's work correctly.
- Rollup.config.js has also been split into a "base" and "build" pair. The base has been slightly
  refactored, with heavily concretized paths for the project ROOT and project DIST folders. This
  informs the moved authentik project where to put the built release.

The NPM -> Lage relationship was done mechanicall: I copied our targets from the existing
package.json into lage, then used some regex magic to tell lage "call all these targets in our
packages," of which we have exactly ONE right now.

I also had to fix yet another xliff consistency error.  *Sigh*.

.dockerignore

@@ -6,7 +6,6 @@ build/**
 build_docs/**
 *Dockerfile
 blueprints/local
-.git
 !gen-ts-api/node_modules
 !gen-ts-api/dist/**
 !gen-go-api/

.github/actions/docker-push-variables/action.yml

@@ -68,18 +68,21 @@ runs:
             for name in image_names:
                 image_tags += [
                     f"{name}:{version}",
-                    f"{name}:{version_family}",
                 ]
             if not prerelease:
-                image_tags += [f"{name}:latest"]
+                image_tags += [
+                    f"{name}:latest",
+                    f"{name}:{version_family}",
+                ]
         else:
             suffix = ""
             if image_arch and image_arch != "amd64":
                 suffix = f"-{image_arch}"
             for name in image_names:
                 image_tags += [
-                    f"{name}:gh-{sha}{suffix}",
-                    f"{name}:gh-{safe_branch_name}{suffix}",
+                    f"{name}:gh-{sha}{suffix}",  # Used for ArgoCD and PR comments
+                    f"{name}:gh-{safe_branch_name}{suffix}",  # For convenience
+                    f"{name}:gh-{safe_branch_name}-{int(time())}-{sha[:7]}{suffix}",  # Use by FluxCD
                 ]
 
         image_main_tag = image_tags[0]

.github/workflows/ci-main.yml

@@ -70,7 +70,7 @@ jobs:
           cp authentik/lib/default.yml local.env.yml
           cp -R .github ..
           cp -R scripts ..
-          git checkout version/$(python -c "from authentik import __version__; print(__version__)")
+          git checkout $(git tag --sort=version:refname | grep '^version/' | grep -vE -- '-rc[0-9]+$' | tail -n1)
           rm -rf .github/ scripts/
           mv ../.github ../scripts .
       - name: Setup authentik env (stable)

.github/workflows/release-publish.yml

@@ -172,8 +172,8 @@ jobs:
           image-name: ghcr.io/goauthentik/server
       - name: Get static files from docker image
         run: |
-          docker pull ghcr.io/goauthentik/server:${{ steps.ev.outputs.imageMainTag }}
-          container=$(docker container create ghcr.io/goauthentik/server:${{ steps.ev.outputs.imageMainTag }})
+          docker pull ${{ steps.ev.outputs.imageMainTag }}
+          container=$(docker container create ${{ steps.ev.outputs.imageMainTag }})
           docker cp ${container}:web/ .
       - name: Create a Sentry.io release
         uses: getsentry/action-release@v1

Dockerfile

@@ -27,6 +27,7 @@ WORKDIR /work/web
 
 RUN --mount=type=bind,target=/work/web/package.json,src=./web/package.json \
     --mount=type=bind,target=/work/web/package-lock.json,src=./web/package-lock.json \
+    --mount=type=bind,target=/work/.git,src=./.git,readonly \
     --mount=type=cache,id=npm-web,sharing=shared,target=/root/.npm \
     npm ci --include=dev
 

authentik/crypto/builder.py

@@ -44,7 +44,7 @@ class CertificateBuilder:
     def generate_private_key(self) -> PrivateKeyTypes:
         """Generate private key"""
         if self._use_ec_private_key:
-            return ec.generate_private_key(curve=ec.SECP256R1)
+            return ec.generate_private_key(curve=ec.SECP256R1())
         return rsa.generate_private_key(
             public_exponent=65537, key_size=4096, backend=default_backend()
         )

authentik/providers/oauth2/tests/test_token_cc_standard.py

@@ -0,0 +1,170 @@
+"""Test token view"""
+
+from json import loads
+
+from django.test import RequestFactory
+from django.urls import reverse
+from jwt import decode
+
+from authentik.blueprints.tests import apply_blueprint
+from authentik.core.models import Application, Group, Token, TokenIntents, UserTypes
+from authentik.core.tests.utils import create_test_admin_user, create_test_cert, create_test_flow
+from authentik.policies.models import PolicyBinding
+from authentik.providers.oauth2.constants import (
+    GRANT_TYPE_CLIENT_CREDENTIALS,
+    GRANT_TYPE_PASSWORD,
+    SCOPE_OPENID,
+    SCOPE_OPENID_EMAIL,
+    SCOPE_OPENID_PROFILE,
+    TOKEN_TYPE,
+)
+from authentik.providers.oauth2.errors import TokenError
+from authentik.providers.oauth2.models import OAuth2Provider, ScopeMapping
+from authentik.providers.oauth2.tests.utils import OAuthTestCase
+
+
+class TestTokenClientCredentialsStandard(OAuthTestCase):
+    """Test token (client_credentials) view"""
+
+    @apply_blueprint("system/providers-oauth2.yaml")
+    def setUp(self) -> None:
+        super().setUp()
+        self.factory = RequestFactory()
+        self.provider = OAuth2Provider.objects.create(
+            name="test",
+            authorization_flow=create_test_flow(),
+            redirect_uris="http://testserver",
+            signing_key=create_test_cert(),
+        )
+        self.provider.property_mappings.set(ScopeMapping.objects.all())
+        self.app = Application.objects.create(name="test", slug="test", provider=self.provider)
+        self.user = create_test_admin_user("sa")
+        self.user.type = UserTypes.SERVICE_ACCOUNT
+        self.user.save()
+        self.token = Token.objects.create(
+            identifier="sa-token",
+            user=self.user,
+            intent=TokenIntents.INTENT_APP_PASSWORD,
+            expiring=False,
+        )
+
+    def test_wrong_user(self):
+        """test invalid username"""
+        response = self.client.post(
+            reverse("authentik_providers_oauth2:token"),
+            {
+                "grant_type": GRANT_TYPE_CLIENT_CREDENTIALS,
+                "scope": SCOPE_OPENID,
+                "client_id": self.provider.client_id,
+                "client_secret": self.provider.client_secret + "foo",
+            },
+        )
+        self.assertEqual(response.status_code, 400)
+        self.assertJSONEqual(
+            response.content.decode(),
+            {"error": "invalid_grant", "error_description": TokenError.errors["invalid_grant"]},
+        )
+
+    def test_no_provider(self):
+        """test no provider"""
+        self.app.provider = None
+        self.app.save()
+        response = self.client.post(
+            reverse("authentik_providers_oauth2:token"),
+            {
+                "grant_type": GRANT_TYPE_CLIENT_CREDENTIALS,
+                "scope": SCOPE_OPENID,
+                "client_id": self.provider.client_id,
+                "client_secret": self.provider.client_secret,
+            },
+        )
+        self.assertEqual(response.status_code, 400)
+        self.assertJSONEqual(
+            response.content.decode(),
+            {"error": "invalid_grant", "error_description": TokenError.errors["invalid_grant"]},
+        )
+
+    def test_permission_denied(self):
+        """test permission denied"""
+        group = Group.objects.create(name="foo")
+        PolicyBinding.objects.create(
+            group=group,
+            target=self.app,
+            order=0,
+        )
+        response = self.client.post(
+            reverse("authentik_providers_oauth2:token"),
+            {
+                "grant_type": GRANT_TYPE_CLIENT_CREDENTIALS,
+                "scope": SCOPE_OPENID,
+                "client_id": self.provider.client_id,
+                "client_secret": self.provider.client_secret,
+            },
+        )
+        self.assertEqual(response.status_code, 400)
+        self.assertJSONEqual(
+            response.content.decode(),
+            {"error": "invalid_grant", "error_description": TokenError.errors["invalid_grant"]},
+        )
+
+    def test_successful(self):
+        """test successful"""
+        response = self.client.post(
+            reverse("authentik_providers_oauth2:token"),
+            {
+                "grant_type": GRANT_TYPE_CLIENT_CREDENTIALS,
+                "scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}",
+                "client_id": self.provider.client_id,
+                "client_secret": self.provider.client_secret,
+            },
+        )
+        self.assertEqual(response.status_code, 200)
+        body = loads(response.content.decode())
+        self.assertEqual(body["token_type"], TOKEN_TYPE)
+        _, alg = self.provider.jwt_key
+        jwt = decode(
+            body["access_token"],
+            key=self.provider.signing_key.public_key,
+            algorithms=[alg],
+            audience=self.provider.client_id,
+        )
+        self.assertEqual(
+            jwt["given_name"], "Autogenerated user from application test (client credentials)"
+        )
+        self.assertEqual(jwt["preferred_username"], "ak-test-client_credentials")
+        jwt = decode(
+            body["id_token"],
+            key=self.provider.signing_key.public_key,
+            algorithms=[alg],
+            audience=self.provider.client_id,
+        )
+        self.assertEqual(
+            jwt["given_name"], "Autogenerated user from application test (client credentials)"
+        )
+        self.assertEqual(jwt["preferred_username"], "ak-test-client_credentials")
+
+    def test_successful_password(self):
+        """test successful (password grant)"""
+        response = self.client.post(
+            reverse("authentik_providers_oauth2:token"),
+            {
+                "grant_type": GRANT_TYPE_PASSWORD,
+                "scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}",
+                "client_id": self.provider.client_id,
+                "client_secret": self.provider.client_secret,
+            },
+        )
+        self.assertEqual(response.status_code, 200)
+        body = loads(response.content.decode())
+        self.assertEqual(body["token_type"], TOKEN_TYPE)
+        _, alg = self.provider.jwt_key
+        jwt = decode(
+            body["access_token"],
+            key=self.provider.signing_key.public_key,
+            algorithms=[alg],
+            audience=self.provider.client_id,
+        )
+        self.assertEqual(
+            jwt["given_name"], "Autogenerated user from application test (client credentials)"
+        )
+        self.assertEqual(jwt["preferred_username"], "ak-test-client_credentials")

authentik/providers/oauth2/tests/test_token_cc_standard_compat.py

@@ -0,0 +1,182 @@
+"""Test token view"""
+
+from base64 import b64encode
+from json import loads
+
+from django.test import RequestFactory
+from django.urls import reverse
+from jwt import decode
+
+from authentik.blueprints.tests import apply_blueprint
+from authentik.core.models import Application, Group, Token, TokenIntents, UserTypes
+from authentik.core.tests.utils import create_test_admin_user, create_test_cert, create_test_flow
+from authentik.policies.models import PolicyBinding
+from authentik.providers.oauth2.constants import (
+    GRANT_TYPE_CLIENT_CREDENTIALS,
+    GRANT_TYPE_PASSWORD,
+    SCOPE_OPENID,
+    SCOPE_OPENID_EMAIL,
+    SCOPE_OPENID_PROFILE,
+    TOKEN_TYPE,
+)
+from authentik.providers.oauth2.errors import TokenError
+from authentik.providers.oauth2.models import OAuth2Provider, ScopeMapping
+from authentik.providers.oauth2.tests.utils import OAuthTestCase
+
+
+class TestTokenClientCredentialsStandardCompat(OAuthTestCase):
+    """Test token (client_credentials) view"""
+
+    @apply_blueprint("system/providers-oauth2.yaml")
+    def setUp(self) -> None:
+        super().setUp()
+        self.factory = RequestFactory()
+        self.provider = OAuth2Provider.objects.create(
+            name="test",
+            authorization_flow=create_test_flow(),
+            redirect_uris="http://testserver",
+            signing_key=create_test_cert(),
+        )
+        self.provider.property_mappings.set(ScopeMapping.objects.all())
+        self.app = Application.objects.create(name="test", slug="test", provider=self.provider)
+        self.user = create_test_admin_user("sa")
+        self.user.type = UserTypes.SERVICE_ACCOUNT
+        self.user.save()
+        self.token = Token.objects.create(
+            identifier="sa-token",
+            user=self.user,
+            intent=TokenIntents.INTENT_APP_PASSWORD,
+            expiring=False,
+        )
+
+    def test_wrong_user(self):
+        """test invalid username"""
+        response = self.client.post(
+            reverse("authentik_providers_oauth2:token"),
+            {
+                "grant_type": GRANT_TYPE_CLIENT_CREDENTIALS,
+                "scope": SCOPE_OPENID,
+                "client_id": self.provider.client_id,
+                "client_secret": b64encode(f"saa:{self.token.key}".encode()).decode(),
+            },
+        )
+        self.assertEqual(response.status_code, 400)
+        self.assertJSONEqual(
+            response.content.decode(),
+            {"error": "invalid_grant", "error_description": TokenError.errors["invalid_grant"]},
+        )
+
+    def test_wrong_token(self):
+        """test invalid token"""
+        response = self.client.post(
+            reverse("authentik_providers_oauth2:token"),
+            {
+                "grant_type": GRANT_TYPE_CLIENT_CREDENTIALS,
+                "scope": SCOPE_OPENID,
+                "client_id": self.provider.client_id,
+                "client_secret": b64encode(f"sa:{self.token.key}foo".encode()).decode(),
+            },
+        )
+        self.assertEqual(response.status_code, 400)
+        self.assertJSONEqual(
+            response.content.decode(),
+            {"error": "invalid_grant", "error_description": TokenError.errors["invalid_grant"]},
+        )
+
+    def test_no_provider(self):
+        """test no provider"""
+        self.app.provider = None
+        self.app.save()
+        response = self.client.post(
+            reverse("authentik_providers_oauth2:token"),
+            {
+                "grant_type": GRANT_TYPE_CLIENT_CREDENTIALS,
+                "scope": SCOPE_OPENID,
+                "client_id": self.provider.client_id,
+                "client_secret": b64encode(f"sa:{self.token.key}".encode()).decode(),
+            },
+        )
+        self.assertEqual(response.status_code, 400)
+        self.assertJSONEqual(
+            response.content.decode(),
+            {"error": "invalid_grant", "error_description": TokenError.errors["invalid_grant"]},
+        )
+
+    def test_permission_denied(self):
+        """test permission denied"""
+        group = Group.objects.create(name="foo")
+        PolicyBinding.objects.create(
+            group=group,
+            target=self.app,
+            order=0,
+        )
+        response = self.client.post(
+            reverse("authentik_providers_oauth2:token"),
+            {
+                "grant_type": GRANT_TYPE_CLIENT_CREDENTIALS,
+                "scope": SCOPE_OPENID,
+                "client_id": self.provider.client_id,
+                "client_secret": b64encode(f"sa:{self.token.key}".encode()).decode(),
+            },
+        )
+        self.assertEqual(response.status_code, 400)
+        self.assertJSONEqual(
+            response.content.decode(),
+            {"error": "invalid_grant", "error_description": TokenError.errors["invalid_grant"]},
+        )
+
+    def test_successful(self):
+        """test successful"""
+        response = self.client.post(
+            reverse("authentik_providers_oauth2:token"),
+            {
+                "grant_type": GRANT_TYPE_CLIENT_CREDENTIALS,
+                "scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}",
+                "client_id": self.provider.client_id,
+                "client_secret": b64encode(f"sa:{self.token.key}".encode()).decode(),
+            },
+        )
+        self.assertEqual(response.status_code, 200)
+        body = loads(response.content.decode())
+        self.assertEqual(body["token_type"], TOKEN_TYPE)
+        _, alg = self.provider.jwt_key
+        jwt = decode(
+            body["access_token"],
+            key=self.provider.signing_key.public_key,
+            algorithms=[alg],
+            audience=self.provider.client_id,
+        )
+        self.assertEqual(jwt["given_name"], self.user.name)
+        self.assertEqual(jwt["preferred_username"], self.user.username)
+        jwt = decode(
+            body["id_token"],
+            key=self.provider.signing_key.public_key,
+            algorithms=[alg],
+            audience=self.provider.client_id,
+        )
+        self.assertEqual(jwt["given_name"], self.user.name)
+        self.assertEqual(jwt["preferred_username"], self.user.username)
+
+    def test_successful_password(self):
+        """test successful (password grant)"""
+        response = self.client.post(
+            reverse("authentik_providers_oauth2:token"),
+            {
+                "grant_type": GRANT_TYPE_PASSWORD,
+                "scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}",
+                "client_id": self.provider.client_id,
+                "client_secret": b64encode(f"sa:{self.token.key}".encode()).decode(),
+            },
+        )
+        self.assertEqual(response.status_code, 200)
+        body = loads(response.content.decode())
+        self.assertEqual(body["token_type"], TOKEN_TYPE)
+        _, alg = self.provider.jwt_key
+        jwt = decode(
+            body["access_token"],
+            key=self.provider.signing_key.public_key,
+            algorithms=[alg],
+            audience=self.provider.client_id,
+        )
+        self.assertEqual(jwt["given_name"], self.user.name)
+        self.assertEqual(jwt["preferred_username"], self.user.username)

authentik/providers/oauth2/tests/test_token_cc_user_pw.py

@@ -23,7 +23,7 @@ from authentik.providers.oauth2.models import OAuth2Provider, ScopeMapping
 from authentik.providers.oauth2.tests.utils import OAuthTestCase
 
 
-class TestTokenClientCredentials(OAuthTestCase):
+class TestTokenClientCredentialsUserNamePassword(OAuthTestCase):
     """Test token (client_credentials) view"""
 
     @apply_blueprint("system/providers-oauth2.yaml")

authentik/providers/oauth2/views/token.py

@@ -1,6 +1,7 @@
 """authentik OAuth2 Token views"""
 
-from base64 import urlsafe_b64encode
+from base64 import b64decode, urlsafe_b64encode
+from binascii import Error
 from dataclasses import InitVar, dataclass
 from datetime import datetime
 from hashlib import sha256
@@ -23,10 +24,12 @@ from authentik.core.middleware import CTX_AUTH_VIA
 from authentik.core.models import (
     USER_ATTRIBUTE_EXPIRES,
     USER_ATTRIBUTE_GENERATED,
+    USER_PATH_SYSTEM_PREFIX,
     Application,
     Token,
     TokenIntents,
     User,
+    UserTypes,
 )
 from authentik.events.models import Event, EventAction
 from authentik.events.signals import get_login_event
@@ -286,11 +289,29 @@ class TokenParams:
             raise TokenError("invalid_grant")
 
     def __post_init_client_credentials(self, request: HttpRequest):
+        # client_credentials flow with client assertion
         if request.POST.get(CLIENT_ASSERTION_TYPE, "") != "":
             return self.__post_init_client_credentials_jwt(request)
+        # authentik-custom-ish client credentials flow
+        if request.POST.get("username", "") != "":
+            return self.__post_init_client_credentials_creds(
+                request, request.POST.get("username"), request.POST.get("password")
+            )
+        # Standard method which creates an automatic user
+        if self.client_secret == self.provider.client_secret:
+            return self.__post_init_client_credentials_generated(request)
+        # Standard workaround method which stores username:password
+        # as client_secret
+        try:
+            user, _, password = b64decode(self.client_secret).decode("utf-8").partition(":")
+            return self.__post_init_client_credentials_creds(request, user, password)
+        except (ValueError, Error):
+            raise TokenError("invalid_grant")
+
+    def __post_init_client_credentials_creds(
+        self, request: HttpRequest, username: str, password: str
+    ):
         # Authenticate user based on credentials
-        username = request.POST.get("username")
-        password = request.POST.get("password")
         user = User.objects.filter(username=username).first()
         if not user:
             raise TokenError("invalid_grant")
@@ -316,7 +337,6 @@ class TokenParams:
                 PLAN_CONTEXT_APPLICATION: app,
             },
         ).from_http(request, user=user)
-        return None
 
     # pylint: disable=too-many-locals
     def __post_init_client_credentials_jwt(self, request: HttpRequest):
@@ -409,6 +429,35 @@ class TokenParams:
             },
         ).from_http(request, user=self.user)
 
+    def __post_init_client_credentials_generated(self, request: HttpRequest):
+        # Authorize user access
+        app = Application.objects.filter(provider=self.provider).first()
+        if not app or not app.provider:
+            raise TokenError("invalid_grant")
+        self.user, _ = User.objects.update_or_create(
+            # trim username to ensure the entire username is max 150 chars
+            # (22 chars being the length of the "template")
+            username=f"ak-{self.provider.name[:150-22]}-client_credentials",
+            defaults={
+                "attributes": {
+                    USER_ATTRIBUTE_GENERATED: True,
+                },
+                "last_login": timezone.now(),
+                "name": f"Autogenerated user from application {app.name} (client credentials)",
+                "path": f"{USER_PATH_SYSTEM_PREFIX}/apps/{app.slug}",
+                "type": UserTypes.SERVICE_ACCOUNT,
+            },
+        )
+        self.__check_policy_access(app, request)
+
+        Event.new(
+            action=EventAction.LOGIN,
+            **{
+                PLAN_CONTEXT_METHOD: "oauth_client_secret",
+                PLAN_CONTEXT_APPLICATION: app,
+            },
+        ).from_http(request, user=self.user)
+
     def __post_init_device_code(self, request: HttpRequest):
         device_code = request.POST.get("device_code", "")
         code = DeviceToken.objects.filter(device_code=device_code, provider=self.provider).first()
@@ -418,7 +467,6 @@ class TokenParams:
 
     def __create_user_from_jwt(self, token: dict[str, Any], app: Application, source: OAuthSource):
         """Create user from JWT"""
-        exp = token.get("exp")
         self.user, created = User.objects.update_or_create(
             username=f"{self.provider.name}-{token.get('sub')}",
             defaults={
@@ -428,8 +476,10 @@ class TokenParams:
                 "last_login": timezone.now(),
                 "name": f"Autogenerated user from application {app.name} (client credentials JWT)",
                 "path": source.get_user_path(),
+                "type": UserTypes.SERVICE_ACCOUNT,
             },
         )
+        exp = token.get("exp")
         if created and exp:
             self.user.attributes[USER_ATTRIBUTE_EXPIRES] = exp
             self.user.save()

authentik/root/settings.py

@@ -481,13 +481,6 @@ def _update_settings(app_path: str):
         pass
 
 
-# Load subapps's settings
-for _app in set(SHARED_APPS + TENANT_APPS):
-    if not _app.startswith("authentik"):
-        continue
-    _update_settings(f"{_app}.settings")
-_update_settings("data.user_settings")
-
 if DEBUG:
     CELERY["task_always_eager"] = True
     os.environ[ENV_GIT_HASH_KEY] = "dev"
@@ -512,5 +505,13 @@ except ImportError:
 # being imported for @prefill_task
 TENANT_APPS.append("authentik.events")
 
+
+# Load subapps's settings
+for _app in set(SHARED_APPS + TENANT_APPS):
+    if not _app.startswith("authentik"):
+        continue
+    _update_settings(f"{_app}.settings")
+_update_settings("data.user_settings")
+
 SHARED_APPS = list(OrderedDict.fromkeys(SHARED_APPS + TENANT_APPS))
 INSTALLED_APPS = list(OrderedDict.fromkeys(SHARED_APPS + TENANT_APPS))

lifecycle/ak

@@ -86,6 +86,7 @@ elif [[ "$1" == "bash" ]]; then
     /bin/bash
 elif [[ "$1" == "test-all" ]]; then
     prepare_debug
+    chmod 777 /root
     check_if_root "python -m manage test authentik"
 elif [[ "$1" == "healthcheck" ]]; then
     run_authentik healthcheck $(cat $MODE_FILE)

poetry.lock

@@ -402,33 +402,33 @@ files = [
 
 [[package]]
 name = "black"
-version = "24.1.1"
+version = "24.2.0"
 description = "The uncompromising code formatter."
 optional = false
 python-versions = ">=3.8"
 files = [
-    {file = "black-24.1.1-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:2588021038bd5ada078de606f2a804cadd0a3cc6a79cb3e9bb3a8bf581325a4c"},
-    {file = "black-24.1.1-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:1a95915c98d6e32ca43809d46d932e2abc5f1f7d582ffbe65a5b4d1588af7445"},
-    {file = "black-24.1.1-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:2fa6a0e965779c8f2afb286f9ef798df770ba2b6cee063c650b96adec22c056a"},
-    {file = "black-24.1.1-cp310-cp310-win_amd64.whl", hash = "sha256:5242ecd9e990aeb995b6d03dc3b2d112d4a78f2083e5a8e86d566340ae80fec4"},
-    {file = "black-24.1.1-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:fc1ec9aa6f4d98d022101e015261c056ddebe3da6a8ccfc2c792cbe0349d48b7"},
-    {file = "black-24.1.1-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:0269dfdea12442022e88043d2910429bed717b2d04523867a85dacce535916b8"},
-    {file = "black-24.1.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:b3d64db762eae4a5ce04b6e3dd745dcca0fb9560eb931a5be97472e38652a161"},
-    {file = "black-24.1.1-cp311-cp311-win_amd64.whl", hash = "sha256:5d7b06ea8816cbd4becfe5f70accae953c53c0e53aa98730ceccb0395520ee5d"},
-    {file = "black-24.1.1-cp312-cp312-macosx_10_9_x86_64.whl", hash = "sha256:e2c8dfa14677f90d976f68e0c923947ae68fa3961d61ee30976c388adc0b02c8"},
-    {file = "black-24.1.1-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:a21725862d0e855ae05da1dd25e3825ed712eaaccef6b03017fe0853a01aa45e"},
-    {file = "black-24.1.1-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:07204d078e25327aad9ed2c64790d681238686bce254c910de640c7cc4fc3aa6"},
-    {file = "black-24.1.1-cp312-cp312-win_amd64.whl", hash = "sha256:a83fe522d9698d8f9a101b860b1ee154c1d25f8a82ceb807d319f085b2627c5b"},
-    {file = "black-24.1.1-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:08b34e85170d368c37ca7bf81cf67ac863c9d1963b2c1780c39102187ec8dd62"},
-    {file = "black-24.1.1-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:7258c27115c1e3b5de9ac6c4f9957e3ee2c02c0b39222a24dc7aa03ba0e986f5"},
-    {file = "black-24.1.1-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:40657e1b78212d582a0edecafef133cf1dd02e6677f539b669db4746150d38f6"},
-    {file = "black-24.1.1-cp38-cp38-win_amd64.whl", hash = "sha256:e298d588744efda02379521a19639ebcd314fba7a49be22136204d7ed1782717"},
-    {file = "black-24.1.1-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:34afe9da5056aa123b8bfda1664bfe6fb4e9c6f311d8e4a6eb089da9a9173bf9"},
-    {file = "black-24.1.1-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:854c06fb86fd854140f37fb24dbf10621f5dab9e3b0c29a690ba595e3d543024"},
-    {file = "black-24.1.1-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:3897ae5a21ca132efa219c029cce5e6bfc9c3d34ed7e892113d199c0b1b444a2"},
-    {file = "black-24.1.1-cp39-cp39-win_amd64.whl", hash = "sha256:ecba2a15dfb2d97105be74bbfe5128bc5e9fa8477d8c46766505c1dda5883aac"},
-    {file = "black-24.1.1-py3-none-any.whl", hash = "sha256:5cdc2e2195212208fbcae579b931407c1fa9997584f0a415421748aeafff1168"},
-    {file = "black-24.1.1.tar.gz", hash = "sha256:48b5760dcbfe5cf97fd4fba23946681f3a81514c6ab8a45b50da67ac8fbc6c7b"},
+    {file = "black-24.2.0-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:6981eae48b3b33399c8757036c7f5d48a535b962a7c2310d19361edeef64ce29"},
+    {file = "black-24.2.0-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:d533d5e3259720fdbc1b37444491b024003e012c5173f7d06825a77508085430"},
+    {file = "black-24.2.0-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:61a0391772490ddfb8a693c067df1ef5227257e72b0e4108482b8d41b5aee13f"},
+    {file = "black-24.2.0-cp310-cp310-win_amd64.whl", hash = "sha256:992e451b04667116680cb88f63449267c13e1ad134f30087dec8527242e9862a"},
+    {file = "black-24.2.0-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:163baf4ef40e6897a2a9b83890e59141cc8c2a98f2dda5080dc15c00ee1e62cd"},
+    {file = "black-24.2.0-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:e37c99f89929af50ffaf912454b3e3b47fd64109659026b678c091a4cd450fb2"},
+    {file = "black-24.2.0-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:4f9de21bafcba9683853f6c96c2d515e364aee631b178eaa5145fc1c61a3cc92"},
+    {file = "black-24.2.0-cp311-cp311-win_amd64.whl", hash = "sha256:9db528bccb9e8e20c08e716b3b09c6bdd64da0dd129b11e160bf082d4642ac23"},
+    {file = "black-24.2.0-cp312-cp312-macosx_10_9_x86_64.whl", hash = "sha256:d84f29eb3ee44859052073b7636533ec995bd0f64e2fb43aeceefc70090e752b"},
+    {file = "black-24.2.0-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:1e08fb9a15c914b81dd734ddd7fb10513016e5ce7e6704bdd5e1251ceee51ac9"},
+    {file = "black-24.2.0-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:810d445ae6069ce64030c78ff6127cd9cd178a9ac3361435708b907d8a04c693"},
+    {file = "black-24.2.0-cp312-cp312-win_amd64.whl", hash = "sha256:ba15742a13de85e9b8f3239c8f807723991fbfae24bad92d34a2b12e81904982"},
+    {file = "black-24.2.0-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:7e53a8c630f71db01b28cd9602a1ada68c937cbf2c333e6ed041390d6968faf4"},
+    {file = "black-24.2.0-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:93601c2deb321b4bad8f95df408e3fb3943d85012dddb6121336b8e24a0d1218"},
+    {file = "black-24.2.0-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:a0057f800de6acc4407fe75bb147b0c2b5cbb7c3ed110d3e5999cd01184d53b0"},
+    {file = "black-24.2.0-cp38-cp38-win_amd64.whl", hash = "sha256:faf2ee02e6612577ba0181f4347bcbcf591eb122f7841ae5ba233d12c39dcb4d"},
+    {file = "black-24.2.0-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:057c3dc602eaa6fdc451069bd027a1b2635028b575a6c3acfd63193ced20d9c8"},
+    {file = "black-24.2.0-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:08654d0797e65f2423f850fc8e16a0ce50925f9337fb4a4a176a7aa4026e63f8"},
+    {file = "black-24.2.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:ca610d29415ee1a30a3f30fab7a8f4144e9d34c89a235d81292a1edb2b55f540"},
+    {file = "black-24.2.0-cp39-cp39-win_amd64.whl", hash = "sha256:4dd76e9468d5536abd40ffbc7a247f83b2324f0c050556d9c371c2b9a9a95e31"},
+    {file = "black-24.2.0-py3-none-any.whl", hash = "sha256:e8a6ae970537e67830776488bca52000eaa37fa63b9988e8c487458d9cd5ace6"},
+    {file = "black-24.2.0.tar.gz", hash = "sha256:bce4f25c27c3435e4dace4815bcb2008b87e167e3bf4ee47ccdc5ce906eb4894"},
 ]
 
 [package.dependencies]
@@ -993,43 +993,43 @@ toml = ["tomli"]
 
 [[package]]
 name = "cryptography"
-version = "42.0.0"
+version = "42.0.2"
 description = "cryptography is a package which provides cryptographic recipes and primitives to Python developers."
 optional = false
 python-versions = ">=3.7"
 files = [
-    {file = "cryptography-42.0.0-cp37-abi3-macosx_10_12_universal2.whl", hash = "sha256:c640b0ef54138fde761ec99a6c7dc4ce05e80420262c20fa239e694ca371d434"},
-    {file = "cryptography-42.0.0-cp37-abi3-macosx_10_12_x86_64.whl", hash = "sha256:678cfa0d1e72ef41d48993a7be75a76b0725d29b820ff3cfd606a5b2b33fda01"},
-    {file = "cryptography-42.0.0-cp37-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:146e971e92a6dd042214b537a726c9750496128453146ab0ee8971a0299dc9bd"},
-    {file = "cryptography-42.0.0-cp37-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:87086eae86a700307b544625e3ba11cc600c3c0ef8ab97b0fda0705d6db3d4e3"},
-    {file = "cryptography-42.0.0-cp37-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:0a68bfcf57a6887818307600c3c0ebc3f62fbb6ccad2240aa21887cda1f8df1b"},
-    {file = "cryptography-42.0.0-cp37-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:5a217bca51f3b91971400890905a9323ad805838ca3fa1e202a01844f485ee87"},
-    {file = "cryptography-42.0.0-cp37-abi3-musllinux_1_1_aarch64.whl", hash = "sha256:ca20550bb590db16223eb9ccc5852335b48b8f597e2f6f0878bbfd9e7314eb17"},
-    {file = "cryptography-42.0.0-cp37-abi3-musllinux_1_1_x86_64.whl", hash = "sha256:33588310b5c886dfb87dba5f013b8d27df7ffd31dc753775342a1e5ab139e59d"},
-    {file = "cryptography-42.0.0-cp37-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:9515ea7f596c8092fdc9902627e51b23a75daa2c7815ed5aa8cf4f07469212ec"},
-    {file = "cryptography-42.0.0-cp37-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:35cf6ed4c38f054478a9df14f03c1169bb14bd98f0b1705751079b25e1cb58bc"},
-    {file = "cryptography-42.0.0-cp37-abi3-win32.whl", hash = "sha256:8814722cffcfd1fbd91edd9f3451b88a8f26a5fd41b28c1c9193949d1c689dc4"},
-    {file = "cryptography-42.0.0-cp37-abi3-win_amd64.whl", hash = "sha256:a2a8d873667e4fd2f34aedab02ba500b824692c6542e017075a2efc38f60a4c0"},
-    {file = "cryptography-42.0.0-cp39-abi3-macosx_10_12_universal2.whl", hash = "sha256:8fedec73d590fd30c4e3f0d0f4bc961aeca8390c72f3eaa1a0874d180e868ddf"},
-    {file = "cryptography-42.0.0-cp39-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:be41b0c7366e5549265adf2145135dca107718fa44b6e418dc7499cfff6b4689"},
-    {file = "cryptography-42.0.0-cp39-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:3ca482ea80626048975360c8e62be3ceb0f11803180b73163acd24bf014133a0"},
-    {file = "cryptography-42.0.0-cp39-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:c58115384bdcfe9c7f644c72f10f6f42bed7cf59f7b52fe1bf7ae0a622b3a139"},
-    {file = "cryptography-42.0.0-cp39-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:56ce0c106d5c3fec1038c3cca3d55ac320a5be1b44bf15116732d0bc716979a2"},
-    {file = "cryptography-42.0.0-cp39-abi3-musllinux_1_1_aarch64.whl", hash = "sha256:324721d93b998cb7367f1e6897370644751e5580ff9b370c0a50dc60a2003513"},
-    {file = "cryptography-42.0.0-cp39-abi3-musllinux_1_1_x86_64.whl", hash = "sha256:d97aae66b7de41cdf5b12087b5509e4e9805ed6f562406dfcf60e8481a9a28f8"},
-    {file = "cryptography-42.0.0-cp39-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:85f759ed59ffd1d0baad296e72780aa62ff8a71f94dc1ab340386a1207d0ea81"},
-    {file = "cryptography-42.0.0-cp39-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:206aaf42e031b93f86ad60f9f5d9da1b09164f25488238ac1dc488334eb5e221"},
-    {file = "cryptography-42.0.0-cp39-abi3-win32.whl", hash = "sha256:74f18a4c8ca04134d2052a140322002fef535c99cdbc2a6afc18a8024d5c9d5b"},
-    {file = "cryptography-42.0.0-cp39-abi3-win_amd64.whl", hash = "sha256:14e4b909373bc5bf1095311fa0f7fcabf2d1a160ca13f1e9e467be1ac4cbdf94"},
-    {file = "cryptography-42.0.0-pp310-pypy310_pp73-macosx_10_12_x86_64.whl", hash = "sha256:3005166a39b70c8b94455fdbe78d87a444da31ff70de3331cdec2c568cf25b7e"},
-    {file = "cryptography-42.0.0-pp310-pypy310_pp73-manylinux_2_28_aarch64.whl", hash = "sha256:be14b31eb3a293fc6e6aa2807c8a3224c71426f7c4e3639ccf1a2f3ffd6df8c3"},
-    {file = "cryptography-42.0.0-pp310-pypy310_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:bd7cf7a8d9f34cc67220f1195884151426ce616fdc8285df9054bfa10135925f"},
-    {file = "cryptography-42.0.0-pp310-pypy310_pp73-win_amd64.whl", hash = "sha256:c310767268d88803b653fffe6d6f2f17bb9d49ffceb8d70aed50ad45ea49ab08"},
-    {file = "cryptography-42.0.0-pp39-pypy39_pp73-macosx_10_12_x86_64.whl", hash = "sha256:bdce70e562c69bb089523e75ef1d9625b7417c6297a76ac27b1b8b1eb51b7d0f"},
-    {file = "cryptography-42.0.0-pp39-pypy39_pp73-manylinux_2_28_aarch64.whl", hash = "sha256:e9326ca78111e4c645f7e49cbce4ed2f3f85e17b61a563328c85a5208cf34440"},
-    {file = "cryptography-42.0.0-pp39-pypy39_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:69fd009a325cad6fbfd5b04c711a4da563c6c4854fc4c9544bff3088387c77c0"},
-    {file = "cryptography-42.0.0-pp39-pypy39_pp73-win_amd64.whl", hash = "sha256:988b738f56c665366b1e4bfd9045c3efae89ee366ca3839cd5af53eaa1401bce"},
-    {file = "cryptography-42.0.0.tar.gz", hash = "sha256:6cf9b76d6e93c62114bd19485e5cb003115c134cf9ce91f8ac924c44f8c8c3f4"},
+    {file = "cryptography-42.0.2-cp37-abi3-macosx_10_12_universal2.whl", hash = "sha256:701171f825dcab90969596ce2af253143b93b08f1a716d4b2a9d2db5084ef7be"},
+    {file = "cryptography-42.0.2-cp37-abi3-macosx_10_12_x86_64.whl", hash = "sha256:61321672b3ac7aade25c40449ccedbc6db72c7f5f0fdf34def5e2f8b51ca530d"},
+    {file = "cryptography-42.0.2-cp37-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:ea2c3ffb662fec8bbbfce5602e2c159ff097a4631d96235fcf0fb00e59e3ece4"},
+    {file = "cryptography-42.0.2-cp37-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:3b15c678f27d66d247132cbf13df2f75255627bcc9b6a570f7d2fd08e8c081d2"},
+    {file = "cryptography-42.0.2-cp37-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:8e88bb9eafbf6a4014d55fb222e7360eef53e613215085e65a13290577394529"},
+    {file = "cryptography-42.0.2-cp37-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:a047682d324ba56e61b7ea7c7299d51e61fd3bca7dad2ccc39b72bd0118d60a1"},
+    {file = "cryptography-42.0.2-cp37-abi3-musllinux_1_1_aarch64.whl", hash = "sha256:36d4b7c4be6411f58f60d9ce555a73df8406d484ba12a63549c88bd64f7967f1"},
+    {file = "cryptography-42.0.2-cp37-abi3-musllinux_1_1_x86_64.whl", hash = "sha256:a00aee5d1b6c20620161984f8ab2ab69134466c51f58c052c11b076715e72929"},
+    {file = "cryptography-42.0.2-cp37-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:b97fe7d7991c25e6a31e5d5e795986b18fbbb3107b873d5f3ae6dc9a103278e9"},
+    {file = "cryptography-42.0.2-cp37-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:5fa82a26f92871eca593b53359c12ad7949772462f887c35edaf36f87953c0e2"},
+    {file = "cryptography-42.0.2-cp37-abi3-win32.whl", hash = "sha256:4b063d3413f853e056161eb0c7724822a9740ad3caa24b8424d776cebf98e7ee"},
+    {file = "cryptography-42.0.2-cp37-abi3-win_amd64.whl", hash = "sha256:841ec8af7a8491ac76ec5a9522226e287187a3107e12b7d686ad354bb78facee"},
+    {file = "cryptography-42.0.2-cp39-abi3-macosx_10_12_universal2.whl", hash = "sha256:55d1580e2d7e17f45d19d3b12098e352f3a37fe86d380bf45846ef257054b242"},
+    {file = "cryptography-42.0.2-cp39-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:28cb2c41f131a5758d6ba6a0504150d644054fd9f3203a1e8e8d7ac3aea7f73a"},
+    {file = "cryptography-42.0.2-cp39-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:b9097a208875fc7bbeb1286d0125d90bdfed961f61f214d3f5be62cd4ed8a446"},
+    {file = "cryptography-42.0.2-cp39-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:44c95c0e96b3cb628e8452ec060413a49002a247b2b9938989e23a2c8291fc90"},
+    {file = "cryptography-42.0.2-cp39-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:2f9f14185962e6a04ab32d1abe34eae8a9001569ee4edb64d2304bf0d65c53f3"},
+    {file = "cryptography-42.0.2-cp39-abi3-musllinux_1_1_aarch64.whl", hash = "sha256:09a77e5b2e8ca732a19a90c5bca2d124621a1edb5438c5daa2d2738bfeb02589"},
+    {file = "cryptography-42.0.2-cp39-abi3-musllinux_1_1_x86_64.whl", hash = "sha256:ad28cff53f60d99a928dfcf1e861e0b2ceb2bc1f08a074fdd601b314e1cc9e0a"},
+    {file = "cryptography-42.0.2-cp39-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:130c0f77022b2b9c99d8cebcdd834d81705f61c68e91ddd614ce74c657f8b3ea"},
+    {file = "cryptography-42.0.2-cp39-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:fa3dec4ba8fb6e662770b74f62f1a0c7d4e37e25b58b2bf2c1be4c95372b4a33"},
+    {file = "cryptography-42.0.2-cp39-abi3-win32.whl", hash = "sha256:3dbd37e14ce795b4af61b89b037d4bc157f2cb23e676fa16932185a04dfbf635"},
+    {file = "cryptography-42.0.2-cp39-abi3-win_amd64.whl", hash = "sha256:8a06641fb07d4e8f6c7dda4fc3f8871d327803ab6542e33831c7ccfdcb4d0ad6"},
+    {file = "cryptography-42.0.2-pp310-pypy310_pp73-macosx_10_12_x86_64.whl", hash = "sha256:087887e55e0b9c8724cf05361357875adb5c20dec27e5816b653492980d20380"},
+    {file = "cryptography-42.0.2-pp310-pypy310_pp73-manylinux_2_28_aarch64.whl", hash = "sha256:a7ef8dd0bf2e1d0a27042b231a3baac6883cdd5557036f5e8df7139255feaac6"},
+    {file = "cryptography-42.0.2-pp310-pypy310_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:4383b47f45b14459cab66048d384614019965ba6c1a1a141f11b5a551cace1b2"},
+    {file = "cryptography-42.0.2-pp310-pypy310_pp73-win_amd64.whl", hash = "sha256:fbeb725c9dc799a574518109336acccaf1303c30d45c075c665c0793c2f79a7f"},
+    {file = "cryptography-42.0.2-pp39-pypy39_pp73-macosx_10_12_x86_64.whl", hash = "sha256:320948ab49883557a256eab46149df79435a22d2fefd6a66fe6946f1b9d9d008"},
+    {file = "cryptography-42.0.2-pp39-pypy39_pp73-manylinux_2_28_aarch64.whl", hash = "sha256:5ef9bc3d046ce83c4bbf4c25e1e0547b9c441c01d30922d812e887dc5f125c12"},
+    {file = "cryptography-42.0.2-pp39-pypy39_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:52ed9ebf8ac602385126c9a2fe951db36f2cb0c2538d22971487f89d0de4065a"},
+    {file = "cryptography-42.0.2-pp39-pypy39_pp73-win_amd64.whl", hash = "sha256:141e2aa5ba100d3788c0ad7919b288f89d1fe015878b9659b307c9ef867d3a65"},
+    {file = "cryptography-42.0.2.tar.gz", hash = "sha256:e0ec52ba3c7f1b7d813cd52649a5b3ef1fc0d433219dc8c93827c57eab6cf888"},
 ]
 
 [package.dependencies]
@@ -3934,13 +3934,13 @@ wsproto = ">=0.14"
 
 [[package]]
 name = "twilio"
-version = "8.12.0"
+version = "8.13.0"
 description = "Twilio API client and TwiML generator"
 optional = false
 python-versions = ">=3.7.0"
 files = [
-    {file = "twilio-8.12.0-py2.py3-none-any.whl", hash = "sha256:ccdf78b634dff13fd50b33bafd254a9dc2fb492c6b06839683e73f09ec110ec6"},
-    {file = "twilio-8.12.0.tar.gz", hash = "sha256:28e3a743da18d5b298c9b9fb9e922404a60f8091441c5e0aa35bfefc46411370"},
+    {file = "twilio-8.13.0-py2.py3-none-any.whl", hash = "sha256:f5396e355de11b80c6729bd286fdc0e12c9c0b025c465f16f090034a7ef88d3d"},
+    {file = "twilio-8.13.0.tar.gz", hash = "sha256:89f629fa280b51bc21cd58b35cf640f9bbf88efd3977c0c5ec6ea6821b9880cd"},
 ]
 
 [package.dependencies]

tests/wdio/package-lock.json

@@ -6,16 +6,16 @@
         "": {
             "name": "@goauthentik/web-tests",
             "dependencies": {
-                "chromedriver": "^121.0.0"
+                "chromedriver": "^121.0.2"
             },
             "devDependencies": {
                 "@trivago/prettier-plugin-sort-imports": "^4.3.0",
                 "@typescript-eslint/eslint-plugin": "^7.0.1",
                 "@typescript-eslint/parser": "^7.0.1",
-                "@wdio/cli": "^8.31.1",
-                "@wdio/local-runner": "^8.31.1",
-                "@wdio/mocha-framework": "^8.31.1",
-                "@wdio/spec-reporter": "^8.31.1",
+                "@wdio/cli": "^8.32.2",
+                "@wdio/local-runner": "^8.32.2",
+                "@wdio/mocha-framework": "^8.32.2",
+                "@wdio/spec-reporter": "^8.32.2",
                 "eslint": "^8.56.0",
                 "eslint-config-google": "^0.14.0",
                 "eslint-plugin-sonarjs": "^0.24.0",
@@ -896,9 +896,9 @@
             "devOptional": true
         },
         "node_modules/@types/normalize-package-data": {
-            "version": "2.4.2",
-            "resolved": "https://registry.npmjs.org/@types/normalize-package-data/-/normalize-package-data-2.4.2.tgz",
-            "integrity": "sha512-lqa4UEhhv/2sjjIQgjX8B+RBjj47eo0mzGasklVJ78UKGQY1r0VpB9XHDaZZO9qzEFDdy4MrXLuEaSmPrPSe/A==",
+            "version": "2.4.4",
+            "resolved": "https://registry.npmjs.org/@types/normalize-package-data/-/normalize-package-data-2.4.4.tgz",
+            "integrity": "sha512-37i+OaWTh9qeK4LSHPsyRC7NahnGotNuZvjLSgcPzblpHB3rrCJxAOgI5gCdKm7coonsaX1Of0ILiTcnZjbfxA==",
             "dev": true
         },
         "node_modules/@types/semver": {
@@ -1187,19 +1187,19 @@
             }
         },
         "node_modules/@wdio/cli": {
-            "version": "8.31.1",
-            "resolved": "https://registry.npmjs.org/@wdio/cli/-/cli-8.31.1.tgz",
-            "integrity": "sha512-UnAoXjUrgRTfFq7TSnnMSuA80V8G7yW/d5zo59RtzrHdrGr6QVWJfnt6aLueXJJ6SnouVA6yU2rcsXPOvGpUIA==",
+            "version": "8.32.2",
+            "resolved": "https://registry.npmjs.org/@wdio/cli/-/cli-8.32.2.tgz",
+            "integrity": "sha512-CbTALXXnDzvthu+EK0dK5QDTXToU4wNrldtonQcsD8tT726O56BLFGm9tzcGP6PZWh9NxAuvsFlWSwUxcqXq0Q==",
             "dev": true,
             "dependencies": {
                 "@types/node": "^20.1.1",
                 "@vitest/snapshot": "^1.2.1",
-                "@wdio/config": "8.31.1",
-                "@wdio/globals": "8.31.1",
+                "@wdio/config": "8.32.2",
+                "@wdio/globals": "8.32.2",
                 "@wdio/logger": "8.28.0",
-                "@wdio/protocols": "8.29.7",
-                "@wdio/types": "8.31.1",
-                "@wdio/utils": "8.31.1",
+                "@wdio/protocols": "8.32.0",
+                "@wdio/types": "8.32.2",
+                "@wdio/utils": "8.32.2",
                 "async-exit-hook": "^2.0.1",
                 "chalk": "^5.2.0",
                 "chokidar": "^3.5.3",
@@ -1208,13 +1208,13 @@
                 "ejs": "^3.1.9",
                 "execa": "^8.0.1",
                 "import-meta-resolve": "^4.0.0",
-                "inquirer": "9.2.14",
+                "inquirer": "9.2.12",
                 "lodash.flattendeep": "^4.4.0",
                 "lodash.pickby": "^4.6.0",
                 "lodash.union": "^4.6.0",
-                "read-pkg-up": "^10.0.0",
+                "read-pkg-up": "10.0.0",
                 "recursive-readdir": "^2.2.3",
-                "webdriverio": "8.31.1",
+                "webdriverio": "8.32.2",
                 "yargs": "^17.7.2"
             },
             "bin": {
@@ -1237,14 +1237,14 @@
             }
         },
         "node_modules/@wdio/config": {
-            "version": "8.31.1",
-            "resolved": "https://registry.npmjs.org/@wdio/config/-/config-8.31.1.tgz",
-            "integrity": "sha512-Iz4DTXQdy53VT8LRZ6ayaDKE+zEDk4QY/ILz+D0IQh0OaMWruFesfoxqFP0hnU6rbJT1YE4ehTGf7JTZLWIPcw==",
+            "version": "8.32.2",
+            "resolved": "https://registry.npmjs.org/@wdio/config/-/config-8.32.2.tgz",
+            "integrity": "sha512-ubqe4X+TgcERzXKIpMfisquNxPZNtRU5uPeV7hvas++mD75QyNpmWHCtea2+TjoXKxlZd1MVrtZAwtmqMmyhPw==",
             "dev": true,
             "dependencies": {
                 "@wdio/logger": "8.28.0",
-                "@wdio/types": "8.31.1",
-                "@wdio/utils": "8.31.1",
+                "@wdio/types": "8.32.2",
+                "@wdio/utils": "8.32.2",
                 "decamelize": "^6.0.0",
                 "deepmerge-ts": "^5.0.0",
                 "glob": "^10.2.2",
@@ -1255,29 +1255,29 @@
             }
         },
         "node_modules/@wdio/globals": {
-            "version": "8.31.1",
-            "resolved": "https://registry.npmjs.org/@wdio/globals/-/globals-8.31.1.tgz",
-            "integrity": "sha512-2r80BX8aS5YiQ6cFuxtt44g2Y5P01MoHJTR3w21suSyiVoH70mxvJf6vJsLB+jtGfaXLJzOjlZkgXrd+Kn+keA==",
+            "version": "8.32.2",
+            "resolved": "https://registry.npmjs.org/@wdio/globals/-/globals-8.32.2.tgz",
+            "integrity": "sha512-WEN7Tq0+Ny8OHS+7e1RCu4ss3lYG2Ln8/TpicacTsYWM3jtrf1SkUT+4H8JtG1qywj4WXTH8CxD4H9zFoofiJw==",
             "dev": true,
             "engines": {
                 "node": "^16.13 || >=18"
             },
             "optionalDependencies": {
                 "expect-webdriverio": "^4.11.2",
-                "webdriverio": "8.31.1"
+                "webdriverio": "8.32.2"
             }
         },
         "node_modules/@wdio/local-runner": {
-            "version": "8.31.1",
-            "resolved": "https://registry.npmjs.org/@wdio/local-runner/-/local-runner-8.31.1.tgz",
-            "integrity": "sha512-KaMok/LaVvWcXTTi61Al5+XgocBDJ2+gpG1mjxytILrwaMFohYL0YuaGDw4yb3lx3Lsej6K+/FbaWMMnGq3JIw==",
+            "version": "8.32.2",
+            "resolved": "https://registry.npmjs.org/@wdio/local-runner/-/local-runner-8.32.2.tgz",
+            "integrity": "sha512-iCVnwBIIwgRqiF2Fz/XVlGf3ejHOzR2+kc3dsdMgKljLkVq4ZDFwPMtw8Hk06sq+BaiNLamdxj+8ElD6OGJ88A==",
             "dev": true,
             "dependencies": {
                 "@types/node": "^20.1.0",
                 "@wdio/logger": "8.28.0",
                 "@wdio/repl": "8.24.12",
-                "@wdio/runner": "8.31.1",
-                "@wdio/types": "8.31.1",
+                "@wdio/runner": "8.32.2",
+                "@wdio/types": "8.32.2",
                 "async-exit-hook": "^2.0.1",
                 "split2": "^4.1.0",
                 "stream-buffers": "^3.0.2"
@@ -1314,16 +1314,16 @@
             }
         },
         "node_modules/@wdio/mocha-framework": {
-            "version": "8.31.1",
-            "resolved": "https://registry.npmjs.org/@wdio/mocha-framework/-/mocha-framework-8.31.1.tgz",
-            "integrity": "sha512-5297tKj9zNvzZD+X4tMSuTcJrSaQ6mmDGLEdapa/+CMA549N+0vE38tNh+5Br7dmFXXVanw40T752OQcSeFf1A==",
+            "version": "8.32.2",
+            "resolved": "https://registry.npmjs.org/@wdio/mocha-framework/-/mocha-framework-8.32.2.tgz",
+            "integrity": "sha512-76DA95u0Z2AfyZSQglJn9BFJ+XveRR6+oH1K/J8rDOWoIHgMcASGEj+fsXAPSDNcSVDBe0QN5HLnVi3tciuyQw==",
             "dev": true,
             "dependencies": {
                 "@types/mocha": "^10.0.0",
                 "@types/node": "^20.1.0",
                 "@wdio/logger": "8.28.0",
-                "@wdio/types": "8.31.1",
-                "@wdio/utils": "8.31.1",
+                "@wdio/types": "8.32.2",
+                "@wdio/utils": "8.32.2",
                 "mocha": "^10.0.0"
             },
             "engines": {
@@ -1331,9 +1331,9 @@
             }
         },
         "node_modules/@wdio/protocols": {
-            "version": "8.29.7",
-            "resolved": "https://registry.npmjs.org/@wdio/protocols/-/protocols-8.29.7.tgz",
-            "integrity": "sha512-9hhEePMLmI8fm9F2v4jlg9x4w4jEoZmY3vT6fXy90ne1DFaGWfy/a853nKEagQe/ZzxkN3/cpMBh8mryv9BVjw==",
+            "version": "8.32.0",
+            "resolved": "https://registry.npmjs.org/@wdio/protocols/-/protocols-8.32.0.tgz",
+            "integrity": "sha512-inLJRrtIGdTz/YPbcsvpSvPlYQFTVtF3OYBwAXhG2FiP1ZwE1CQNLP/xgRGye1ymdGCypGkexRqIx3KBGm801Q==",
             "dev": true
         },
         "node_modules/@wdio/repl": {
@@ -1349,14 +1349,14 @@
             }
         },
         "node_modules/@wdio/reporter": {
-            "version": "8.31.1",
-            "resolved": "https://registry.npmjs.org/@wdio/reporter/-/reporter-8.31.1.tgz",
-            "integrity": "sha512-ayZipzyr9dSwpbKYbV4PoXuw91A1H7fjadJ5R5oMYUETx+pfBJqjR2UIHZhhPAa0lJ7bWHEn7eCsGB1PXp47Og==",
+            "version": "8.32.2",
+            "resolved": "https://registry.npmjs.org/@wdio/reporter/-/reporter-8.32.2.tgz",
+            "integrity": "sha512-BZdReAFfRCtgtYbyhkKgSGqqoIn/yG5/Z4COjvRvon9NJkz+eA4PiHCKdEP7+ekBIjud7H8Gy+6mPBDEu+wllw==",
             "dev": true,
             "dependencies": {
                 "@types/node": "^20.1.0",
                 "@wdio/logger": "8.28.0",
-                "@wdio/types": "8.31.1",
+                "@wdio/types": "8.32.2",
                 "diff": "^5.0.0",
                 "object-inspect": "^1.12.0"
             },
@@ -1365,35 +1365,35 @@
             }
         },
         "node_modules/@wdio/runner": {
-            "version": "8.31.1",
-            "resolved": "https://registry.npmjs.org/@wdio/runner/-/runner-8.31.1.tgz",
-            "integrity": "sha512-9KUDaAHNUeBp5h1YoEmKVk0hZyzBDl6x0ge1dnaORACKKi6TXa76T0kLaBruuBTBn4zZd4+Xrg9/bLGAnTFvLA==",
+            "version": "8.32.2",
+            "resolved": "https://registry.npmjs.org/@wdio/runner/-/runner-8.32.2.tgz",
+            "integrity": "sha512-/24wPBg2okkfpA1bl7mCWIvWXO3pa9OhsKNav+gGm7BP+hQ1lxULyYg/o5fCEwEjFPWDLy0jjknJLqXcTWvmiQ==",
             "dev": true,
             "dependencies": {
                 "@types/node": "^20.1.0",
-                "@wdio/config": "8.31.1",
-                "@wdio/globals": "8.31.1",
+                "@wdio/config": "8.32.2",
+                "@wdio/globals": "8.32.2",
                 "@wdio/logger": "8.28.0",
-                "@wdio/types": "8.31.1",
-                "@wdio/utils": "8.31.1",
+                "@wdio/types": "8.32.2",
+                "@wdio/utils": "8.32.2",
                 "deepmerge-ts": "^5.0.0",
                 "expect-webdriverio": "^4.11.2",
                 "gaze": "^1.1.2",
-                "webdriver": "8.31.1",
-                "webdriverio": "8.31.1"
+                "webdriver": "8.32.2",
+                "webdriverio": "8.32.2"
             },
             "engines": {
                 "node": "^16.13 || >=18"
             }
         },
         "node_modules/@wdio/spec-reporter": {
-            "version": "8.31.1",
-            "resolved": "https://registry.npmjs.org/@wdio/spec-reporter/-/spec-reporter-8.31.1.tgz",
-            "integrity": "sha512-t2isqf/yDvc3xfNnkuR8XdRaKf34I6/40f1DHfojHZUpTF94jrt7CLACkFiDZhu5sz0KCuDWzy56aycd6IUz3w==",
+            "version": "8.32.2",
+            "resolved": "https://registry.npmjs.org/@wdio/spec-reporter/-/spec-reporter-8.32.2.tgz",
+            "integrity": "sha512-3hUXpE+idC4KOXofJnpubdDDCE8X0OTd6ykypiaXMI2hJTA2nIZcHtpRQnAE0E4JT9OzLnPWODcMq54GGBDRkg==",
             "dev": true,
             "dependencies": {
-                "@wdio/reporter": "8.31.1",
-                "@wdio/types": "8.31.1",
+                "@wdio/reporter": "8.32.2",
+                "@wdio/types": "8.32.2",
                 "chalk": "^5.1.2",
                 "easy-table": "^1.2.0",
                 "pretty-ms": "^7.0.0"
@@ -1415,9 +1415,9 @@
             }
         },
         "node_modules/@wdio/types": {
-            "version": "8.31.1",
-            "resolved": "https://registry.npmjs.org/@wdio/types/-/types-8.31.1.tgz",
-            "integrity": "sha512-KQ0EmjeVdshufhsxygaPzkJ8WD7hm8WlflZcLwKMZ0OM6f8pV9NMGGOvfBQXgTs447ScK6/6rX+lbJk3yvg65g==",
+            "version": "8.32.2",
+            "resolved": "https://registry.npmjs.org/@wdio/types/-/types-8.32.2.tgz",
+            "integrity": "sha512-jq8LcBBQpBP9ZF5kECKEpXv8hN7irCGCjLFAN0Bd5ScRR6qu6MGWvwkDkau2sFPr0b++sKDCEaMzQlwrGFjZXg==",
             "dev": true,
             "dependencies": {
                 "@types/node": "^20.1.0"
@@ -1427,14 +1427,14 @@
             }
         },
         "node_modules/@wdio/utils": {
-            "version": "8.31.1",
-            "resolved": "https://registry.npmjs.org/@wdio/utils/-/utils-8.31.1.tgz",
-            "integrity": "sha512-fGUtNeJYSqPLMqIRrooEg1ViM2+z1Izd/7bzWzhg8EQHKFXqD/G68rEwBWpoLF/ziiHZFe4fJk7SZdXUK/gFgQ==",
+            "version": "8.32.2",
+            "resolved": "https://registry.npmjs.org/@wdio/utils/-/utils-8.32.2.tgz",
+            "integrity": "sha512-PJcP4d1Fr8Zp+YIfGN93G0fjDj/6J0I6Gf6p0IpJk8qKQpdFDm4gB+lc202iv2YkyC+oT6b4Ik2W9LzvpSKNoQ==",
             "dev": true,
             "dependencies": {
                 "@puppeteer/browsers": "^1.6.0",
                 "@wdio/logger": "8.28.0",
-                "@wdio/types": "8.31.1",
+                "@wdio/types": "8.32.2",
                 "decamelize": "^6.0.0",
                 "deepmerge-ts": "^5.1.0",
                 "edgedriver": "^5.3.5",
@@ -2064,9 +2064,9 @@
             }
         },
         "node_modules/chromedriver": {
-            "version": "121.0.0",
-            "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-121.0.0.tgz",
-            "integrity": "sha512-ZIKEdZrQAfuzT/RRofjl8/EZR99ghbdBXNTOcgJMKGP6N/UL6lHUX4n6ONWBV18pDvDFfQJ0x58h5AdOaXIOMw==",
+            "version": "121.0.2",
+            "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-121.0.2.tgz",
+            "integrity": "sha512-58MUSCEE3oB3G3Y/Jo3URJ2Oa1VLHcVBufyYt7vNfGrABSJm7ienQLF9IQ8LPDlPVgLUXt2OBfggK3p2/SlEBg==",
             "hasInstallScript": true,
             "dependencies": {
                 "@testim/chrome-version": "^1.1.4",
@@ -2589,15 +2589,15 @@
             }
         },
         "node_modules/devtools-protocol": {
-            "version": "0.0.1255431",
-            "resolved": "https://registry.npmjs.org/devtools-protocol/-/devtools-protocol-0.0.1255431.tgz",
-            "integrity": "sha512-VuKgO1U4Ew4meKKoXCEBMUNkzyQqci5F8HIuoELPJkr5yvk9kR9p07gaZfzG9QIIrcIfpJVgf6Ms8OqEMxEYgA==",
+            "version": "0.0.1261483",
+            "resolved": "https://registry.npmjs.org/devtools-protocol/-/devtools-protocol-0.0.1261483.tgz",
+            "integrity": "sha512-7vJvejpzA5DTfZVkr7a8sGpEAzEiAqcgmRTB0LSUrWeOicwL09lMQTzxHtFNVhJ1OOJkgYdH6Txvy9E5j3VOUQ==",
             "dev": true
         },
         "node_modules/diff": {
-            "version": "5.1.0",
-            "resolved": "https://registry.npmjs.org/diff/-/diff-5.1.0.tgz",
-            "integrity": "sha512-D+mk+qE8VC/PAUrlAU34N+VfXev0ghe5ywmpqrawphmVZc1bEfn56uo9qpyGp1p4xpzOHkSW4ztBd6L7Xx4ACw==",
+            "version": "5.2.0",
+            "resolved": "https://registry.npmjs.org/diff/-/diff-5.2.0.tgz",
+            "integrity": "sha512-uIFDxqpRZGZ6ThOk84hEfqWoHx2devRFvpTZcTHur85vImfaxUbTW9Ryh4CpCuDnToOP1CEtXKIgytHBPVff5A==",
             "dev": true,
             "engines": {
                 "node": ">=0.3.1"
@@ -3445,15 +3445,40 @@
             }
         },
         "node_modules/figures": {
-            "version": "3.2.0",
-            "resolved": "https://registry.npmjs.org/figures/-/figures-3.2.0.tgz",
-            "integrity": "sha512-yaduQFRKLXYOGgEn6AZau90j3ggSOyiqXU0F9JZfeXYhNa+Jk4X+s45A2zg5jns87GAFa34BBm2kXw4XpNcbdg==",
+            "version": "5.0.0",
+            "resolved": "https://registry.npmjs.org/figures/-/figures-5.0.0.tgz",
+            "integrity": "sha512-ej8ksPF4x6e5wvK9yevct0UCXh8TTFlWGVLlgjZuoBH1HwjIfKE/IdL5mq89sFA7zELi1VhKpmtDnrs7zWyeyg==",
             "dev": true,
             "dependencies": {
-                "escape-string-regexp": "^1.0.5"
+                "escape-string-regexp": "^5.0.0",
+                "is-unicode-supported": "^1.2.0"
             },
             "engines": {
-                "node": ">=8"
+                "node": ">=14"
+            },
+            "funding": {
+                "url": "https://github.com/sponsors/sindresorhus"
+            }
+        },
+        "node_modules/figures/node_modules/escape-string-regexp": {
+            "version": "5.0.0",
+            "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-5.0.0.tgz",
+            "integrity": "sha512-/veY75JbMK4j1yjvuUxuVsiS/hr/4iHs9FTT6cgTexxdE0Ly/glccBAkloH/DofkjRbZU3bnoj38mOmhkZ0lHw==",
+            "dev": true,
+            "engines": {
+                "node": ">=12"
+            },
+            "funding": {
+                "url": "https://github.com/sponsors/sindresorhus"
+            }
+        },
+        "node_modules/figures/node_modules/is-unicode-supported": {
+            "version": "1.3.0",
+            "resolved": "https://registry.npmjs.org/is-unicode-supported/-/is-unicode-supported-1.3.0.tgz",
+            "integrity": "sha512-43r2mRvz+8JRIKnWJ+3j8JtjRKZ6GmjzfaE/qiBJnikNnYv/6bagRJ1kUhNk8R5EX/GkobD+r+sfxCPJsiKBLQ==",
+            "dev": true,
+            "engines": {
+                "node": ">=12"
             },
             "funding": {
                 "url": "https://github.com/sponsors/sindresorhus"
@@ -4362,18 +4387,18 @@
             "dev": true
         },
         "node_modules/inquirer": {
-            "version": "9.2.14",
-            "resolved": "https://registry.npmjs.org/inquirer/-/inquirer-9.2.14.tgz",
-            "integrity": "sha512-4ByIMt677Iz5AvjyKrDpzaepIyMewNvDcvwpVVRZNmy9dLakVoVgdCHZXbK1SlVJra1db0JZ6XkJyHsanpdrdQ==",
+            "version": "9.2.12",
+            "resolved": "https://registry.npmjs.org/inquirer/-/inquirer-9.2.12.tgz",
+            "integrity": "sha512-mg3Fh9g2zfuVWJn6lhST0O7x4n03k7G8Tx5nvikJkbq8/CK47WDVm+UznF0G6s5Zi0KcyUisr6DU8T67N5U+1Q==",
             "dev": true,
             "dependencies": {
-                "@ljharb/through": "^2.3.12",
+                "@ljharb/through": "^2.3.11",
                 "ansi-escapes": "^4.3.2",
                 "chalk": "^5.3.0",
                 "cli-cursor": "^3.1.0",
                 "cli-width": "^4.1.0",
                 "external-editor": "^3.1.0",
-                "figures": "^3.2.0",
+                "figures": "^5.0.0",
                 "lodash": "^4.17.21",
                 "mute-stream": "1.0.0",
                 "ora": "^5.4.1",
@@ -4384,7 +4409,7 @@
                 "wrap-ansi": "^6.2.0"
             },
             "engines": {
-                "node": ">=18"
+                "node": ">=14.18.0"
             }
         },
         "node_modules/inquirer/node_modules/chalk": {
@@ -5288,9 +5313,9 @@
             "dev": true
         },
         "node_modules/json-parse-even-better-errors": {
-            "version": "3.0.0",
-            "resolved": "https://registry.npmjs.org/json-parse-even-better-errors/-/json-parse-even-better-errors-3.0.0.tgz",
-            "integrity": "sha512-iZbGHafX/59r39gPwVPRBGw0QQKnA7tte5pSMrhWOW7swGsVvVTjmfyAV9pNqk8YGT7tRCdxRu8uzcgZwoDooA==",
+            "version": "3.0.1",
+            "resolved": "https://registry.npmjs.org/json-parse-even-better-errors/-/json-parse-even-better-errors-3.0.1.tgz",
+            "integrity": "sha512-aatBvbL26wVUCLmbWdCpeu9iF5wOyWpagiKkInA+kfws3sWdBrTnsvN2CKcyCYyUrc7rebNBlK6+kteg7ksecg==",
             "dev": true,
             "engines": {
                 "node": "^14.17.0 || ^16.13.0 || >=18.0.0"
@@ -5400,9 +5425,9 @@
             }
         },
         "node_modules/lines-and-columns": {
-            "version": "2.0.3",
-            "resolved": "https://registry.npmjs.org/lines-and-columns/-/lines-and-columns-2.0.3.tgz",
-            "integrity": "sha512-cNOjgCnLB+FnvWWtyRTzmB3POJ+cXxTA81LoW7u8JdmhfXzriropYwpjShnz1QLLWsQwY7nIxoDmcPTwphDK9w==",
+            "version": "2.0.4",
+            "resolved": "https://registry.npmjs.org/lines-and-columns/-/lines-and-columns-2.0.4.tgz",
+            "integrity": "sha512-wM1+Z03eypVAVUCE7QdSqpVIvelbOakn1M0bPDoA4SGWPx3sNDVUiMo3L6To6WWGClB7VyXnhQ4Sn7gxiJbE6A==",
             "dev": true,
             "engines": {
                 "node": "^12.20.0 || ^14.13.1 || >=16.0.0"
@@ -7027,14 +7052,14 @@
             }
         },
         "node_modules/read-pkg-up": {
-            "version": "10.1.0",
-            "resolved": "https://registry.npmjs.org/read-pkg-up/-/read-pkg-up-10.1.0.tgz",
-            "integrity": "sha512-aNtBq4jR8NawpKJQldrQcSW9y/d+KWH4v24HWkHljOZ7H0av+YTGANBzRh9A5pw7v/bLVsLVPpOhJ7gHNVy8lA==",
+            "version": "10.0.0",
+            "resolved": "https://registry.npmjs.org/read-pkg-up/-/read-pkg-up-10.0.0.tgz",
+            "integrity": "sha512-jgmKiS//w2Zs+YbX039CorlkOp8FIVbSAN8r8GJHDsGlmNPXo+VeHkqAwCiQVTTx5/LwLZTcEw59z3DvcLbr0g==",
             "dev": true,
             "dependencies": {
                 "find-up": "^6.3.0",
-                "read-pkg": "^8.1.0",
-                "type-fest": "^4.2.0"
+                "read-pkg": "^8.0.0",
+                "type-fest": "^3.12.0"
             },
             "engines": {
                 "node": ">=16"
@@ -7132,9 +7157,9 @@
             }
         },
         "node_modules/read-pkg-up/node_modules/parse-json": {
-            "version": "7.1.0",
-            "resolved": "https://registry.npmjs.org/parse-json/-/parse-json-7.1.0.tgz",
-            "integrity": "sha512-ihtdrgbqdONYD156Ap6qTcaGcGdkdAxodO1wLqQ/j7HP1u2sFYppINiq4jyC8F+Nm+4fVufylCV00QmkTHkSUg==",
+            "version": "7.1.1",
+            "resolved": "https://registry.npmjs.org/parse-json/-/parse-json-7.1.1.tgz",
+            "integrity": "sha512-SgOTCX/EZXtZxBE5eJ97P4yGM5n37BwRU+YMsH4vNzFqJV/oWFXXCmwFlgWUM4PrakybVOueJJ6pwHqSVhTFDw==",
             "dev": true,
             "dependencies": {
                 "@babel/code-frame": "^7.21.4",
@@ -7150,18 +7175,6 @@
                 "url": "https://github.com/sponsors/sindresorhus"
             }
         },
-        "node_modules/read-pkg-up/node_modules/parse-json/node_modules/type-fest": {
-            "version": "3.13.1",
-            "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-3.13.1.tgz",
-            "integrity": "sha512-tLq3bSNx+xSpwvAJnzrK0Ep5CLNWjvFTOp71URMaAEWBfRb9nnJiBoUe0tF8bI4ZFO3omgBR6NvnbzVUT3Ly4g==",
-            "dev": true,
-            "engines": {
-                "node": ">=14.16"
-            },
-            "funding": {
-                "url": "https://github.com/sponsors/sindresorhus"
-            }
-        },
         "node_modules/read-pkg-up/node_modules/path-exists": {
             "version": "5.0.0",
             "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-5.0.0.tgz",
@@ -7189,10 +7202,10 @@
                 "url": "https://github.com/sponsors/sindresorhus"
             }
         },
-        "node_modules/read-pkg-up/node_modules/type-fest": {
-            "version": "4.3.1",
-            "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-4.3.1.tgz",
-            "integrity": "sha512-pphNW/msgOUSkJbH58x8sqpq8uQj6b0ZKGxEsLKMUnGorRcDjrUaLS+39+/ub41JNTwrrMyJcUB8+YZs3mbwqw==",
+        "node_modules/read-pkg-up/node_modules/read-pkg/node_modules/type-fest": {
+            "version": "4.10.2",
+            "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-4.10.2.tgz",
+            "integrity": "sha512-anpAG63wSpdEbLwOqH8L84urkL6PiVIov3EMmgIhhThevh9aiMQov+6Btx0wldNcvm4wV+e2/Rt1QdDwKHFbHw==",
             "dev": true,
             "engines": {
                 "node": ">=16"
@@ -7201,6 +7214,18 @@
                 "url": "https://github.com/sponsors/sindresorhus"
             }
         },
+        "node_modules/read-pkg-up/node_modules/type-fest": {
+            "version": "3.13.1",
+            "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-3.13.1.tgz",
+            "integrity": "sha512-tLq3bSNx+xSpwvAJnzrK0Ep5CLNWjvFTOp71URMaAEWBfRb9nnJiBoUe0tF8bI4ZFO3omgBR6NvnbzVUT3Ly4g==",
+            "dev": true,
+            "engines": {
+                "node": ">=14.16"
+            },
+            "funding": {
+                "url": "https://github.com/sponsors/sindresorhus"
+            }
+        },
         "node_modules/read-pkg-up/node_modules/yocto-queue": {
             "version": "1.0.0",
             "resolved": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-1.0.0.tgz",
@@ -8748,18 +8773,18 @@
             }
         },
         "node_modules/webdriver": {
-            "version": "8.31.1",
-            "resolved": "https://registry.npmjs.org/webdriver/-/webdriver-8.31.1.tgz",
-            "integrity": "sha512-J1Ata+ZiBVhCFKL7hnD6qCfr7ZRsBN2c/YlCgosq0lG/iYMKXWi5rlWDfpuyISprM/G/V3GjfEGxTUC6jJBSBA==",
+            "version": "8.32.2",
+            "resolved": "https://registry.npmjs.org/webdriver/-/webdriver-8.32.2.tgz",
+            "integrity": "sha512-uyCT2QzCqoz+EsMLTApG5/+RvHJR9MVbdEnjMoxpJDt+IeZCG2Vy/Gq9oNgNQfpxrvZme/EY+PtBsltZi7BAyg==",
             "dev": true,
             "dependencies": {
                 "@types/node": "^20.1.0",
                 "@types/ws": "^8.5.3",
-                "@wdio/config": "8.31.1",
+                "@wdio/config": "8.32.2",
                 "@wdio/logger": "8.28.0",
-                "@wdio/protocols": "8.29.7",
-                "@wdio/types": "8.31.1",
-                "@wdio/utils": "8.31.1",
+                "@wdio/protocols": "8.32.0",
+                "@wdio/types": "8.32.2",
+                "@wdio/utils": "8.32.2",
                 "deepmerge-ts": "^5.1.0",
                 "got": "^12.6.1",
                 "ky": "^0.33.0",
@@ -8770,23 +8795,23 @@
             }
         },
         "node_modules/webdriverio": {
-            "version": "8.31.1",
-            "resolved": "https://registry.npmjs.org/webdriverio/-/webdriverio-8.31.1.tgz",
-            "integrity": "sha512-b3bLBkkSGESGcRw3s3Sty84luZe2+qwPudXosSXbzcRu2Z1sccjdA6BHJA36IcLgKndNCOhf9wx3yQ3umoS7Jw==",
+            "version": "8.32.2",
+            "resolved": "https://registry.npmjs.org/webdriverio/-/webdriverio-8.32.2.tgz",
+            "integrity": "sha512-Z0Wc/dHFfWGWJZpaQ8u910/LG0E9EIVTO7J5yjqWx2XtXz2LzQMxYwNRnvNLhY/1tI4y/cZxI6kFMWr8wD2TtA==",
             "dev": true,
             "dependencies": {
                 "@types/node": "^20.1.0",
-                "@wdio/config": "8.31.1",
+                "@wdio/config": "8.32.2",
                 "@wdio/logger": "8.28.0",
-                "@wdio/protocols": "8.29.7",
+                "@wdio/protocols": "8.32.0",
                 "@wdio/repl": "8.24.12",
-                "@wdio/types": "8.31.1",
-                "@wdio/utils": "8.31.1",
+                "@wdio/types": "8.32.2",
+                "@wdio/utils": "8.32.2",
                 "archiver": "^6.0.0",
                 "aria-query": "^5.0.0",
                 "css-shorthand-properties": "^1.1.1",
                 "css-value": "^0.0.1",
-                "devtools-protocol": "^0.0.1255431",
+                "devtools-protocol": "^0.0.1261483",
                 "grapheme-splitter": "^1.0.2",
                 "import-meta-resolve": "^4.0.0",
                 "is-plain-obj": "^4.1.0",
@@ -8798,7 +8823,7 @@
                 "resq": "^1.9.1",
                 "rgb2hex": "0.2.5",
                 "serialize-error": "^11.0.1",
-                "webdriver": "8.31.1"
+                "webdriver": "8.32.2"
             },
             "engines": {
                 "node": "^16.13 || >=18"

tests/wdio/package.json

@@ -6,10 +6,10 @@
         "@trivago/prettier-plugin-sort-imports": "^4.3.0",
         "@typescript-eslint/eslint-plugin": "^7.0.1",
         "@typescript-eslint/parser": "^7.0.1",
-        "@wdio/cli": "^8.31.1",
-        "@wdio/local-runner": "^8.31.1",
-        "@wdio/mocha-framework": "^8.31.1",
-        "@wdio/spec-reporter": "^8.31.1",
+        "@wdio/cli": "^8.32.2",
+        "@wdio/local-runner": "^8.32.2",
+        "@wdio/mocha-framework": "^8.32.2",
+        "@wdio/spec-reporter": "^8.32.2",
         "eslint": "^8.56.0",
         "eslint-config-google": "^0.14.0",
         "eslint-plugin-sonarjs": "^0.24.0",
@@ -32,6 +32,6 @@
         "node": ">=20"
     },
     "dependencies": {
-        "chromedriver": "^121.0.0"
+        "chromedriver": "^121.0.2"
     }
 }

web/lage.config.js

@@ -0,0 +1,33 @@
+module.exports = {
+    // Basic syntax: just run these tasks all the packages. There is only one package at the moment.
+    pipeline: {
+        "extract-locales": ["^extract-locales"],
+        "build-locales": ["^build-locales"],
+        "build-locales:build": ["^build-locales:build"],
+        "build-locales:repair": ["^build-locales:repair"],
+        "rollup:build": ["^rollup:build"],
+        "rollup:build-proxy": ["^rollup:build-proxy"],
+        "rollup:watch": ["^rollup:watch"],
+        "build": ["^build"],
+        "build-proxy": ["^build-proxy"],
+        "watch": ["^watch"],
+        "lint": ["^lint"],
+        "lint:precommit": ["^lint:precommit"],
+        "lint:spelling": ["^lint:spelling"],
+        "lit-analyse": ["^lit-analyse"],
+        "precommit": ["^precommit"],
+        "prequick": ["^prequick"],
+        "prettier-check": ["^prettier-check"],
+        "prettier": ["^prettier"],
+        "pseudolocalize:build-extract-script": ["^pseudolocalize:build-extract-script"],
+        "pseudolocalize:extract": ["^pseudolocalize:extract"],
+        "pseudolocalize": ["^pseudolocalize"],
+        "tsc:execute": ["^tsc:execute"],
+        "tsc": ["^tsc"],
+        "storybook": ["^storybook"],
+        "storybook:build": ["^storybook:build"],
+        "storybook:build-import-map": ["^storybook:build-import-map"],
+        "storybook:build-import-map-script": ["^storybook:build-import-map-script"],
+        "storybook:run-import-map-script": ["^storybook:run-import-map-script"],
+    },
+};

web/package.json

@@ -4,132 +4,38 @@
     "private": true,
     "license": "MIT",
     "scripts": {
-        "extract-locales": "lit-localize extract",
-        "build-locales": "run-s build-locales:build",
-        "build-locales:build": "lit-localize build",
-        "build-locales:repair": "prettier --write ./src/locale-codes.ts",
-        "rollup:build": "cross-env NODE_OPTIONS='--max_old_space_size=8192' rollup -c ./rollup.config.mjs",
-        "rollup:build-proxy": "cross-env NODE_OPTIONS='--max_old_space_size=8192' rollup -c ./rollup.proxy.mjs",
-        "rollup:watch": "cross-env NODE_OPTIONS='--max_old_space_size=8192' rollup -c -w",
-        "build": "run-s build-locales rollup:build",
-        "build-proxy": "run-s build-locales rollup:build-proxy",
-        "watch": "run-s build-locales rollup:watch",
-        "lint": "eslint . --max-warnings 0 --fix",
-        "lint:precommit": "eslint --max-warnings 0 --config ./.eslintrc.precommit.json $(git status --porcelain . | grep '^[M?][M?]' | cut -c8- | grep -E '\\.(ts|js|tsx|jsx)$') ",
-        "lint:spelling": "codespell -D - -D ../.github/codespell-dictionary.txt -I ../.github/codespell-words.txt -S './src/locales/**' ./src -s",
-        "lit-analyse": "lit-analyzer src",
-        "precommit": "run-s tsc lit-analyse lint:precommit lint:spelling prettier",
-        "prequick": "run-s tsc:execute lit-analyse lint:precommit lint:spelling",
-        "prettier-check": "prettier --check .",
-        "prettier": "prettier --write .",
-        "pseudolocalize:build-extract-script": "cd scripts && tsc --esModuleInterop --module es2020 --moduleResolution 'node' pseudolocalize.ts && mv pseudolocalize.js pseudolocalize.mjs",
-        "pseudolocalize:extract": "node scripts/pseudolocalize.mjs",
-        "pseudolocalize": "run-s pseudolocalize:build-extract-script pseudolocalize:extract",
-        "tsc:execute": "tsc --noEmit -p .",
-        "tsc": "run-s build-locales tsc:execute",
-        "storybook": "storybook dev -p 6006",
-        "storybook:build": "cross-env NODE_OPTIONS='--max_old_space_size=8192' storybook build",
-        "storybook:build-import-map": "run-s storybook:build-import-map-script storybook:run-import-map-script",
-        "storybook:build-import-map-script": "cd scripts && tsc --esModuleInterop --module es2020 --target es2020 --moduleResolution 'node' build-storybook-import-maps.ts && mv build-storybook-import-maps.js build-storybook-import-maps.mjs",
-        "storybook:run-import-map-script": "node scripts/build-storybook-import-maps.mjs"
+        "extract-locales": "lage extract-locales",
+        "build-locales": "lage build-locales",
+        "build-locales:build": "lage build-locales:build",
+        "build-locales:repair": "lage build-locales:repair",
+        "rollup:build": "lage rollup:build",
+        "rollup:build-proxy": "lage rollup:build-proxy",
+        "rollup:watch": "lage rollup:watch",
+        "build": "lage build",
+        "build-proxy": "lage build-proxy",
+        "watch": "lage watch",
+        "lint": "lage lint",
+        "lint:precommit": "lage lint:precommit",
+        "lint:spelling": "lage lint:spelling",
+        "lit-analyse": "lage lit-analyse",
+        "precommit": "lage precommit",
+        "prequick": "lage prequick",
+        "prettier-check": "lage prettier-check",
+        "prettier": "lage prettier",
+        "pseudolocalize:build-extract-script": "lage pseudolocalize:build-extract-script",
+        "pseudolocalize:extract": "lage pseudolocalize:extract",
+        "pseudolocalize": "lage pseudolocalize",
+        "tsc:execute": "lage tsc:execute",
+        "tsc": "lage tsc",
+        "storybook": "lage storybook",
+        "storybook:build": "lage storybook:build",
+        "storybook:build-import-map": "lage storybook:build-import-map",
+        "storybook:build-import-map-script": "lage storybook:build-import-map-script",
+        "storybook:run-import-map-script": "lage storybook:run-import-map-script"
     },
     "dependencies": {
-        "@codemirror/lang-html": "^6.4.8",
-        "@codemirror/lang-javascript": "^6.2.1",
-        "@codemirror/lang-python": "^6.1.4",
-        "@codemirror/lang-xml": "^6.0.2",
-        "@codemirror/legacy-modes": "^6.3.3",
-        "@codemirror/theme-one-dark": "^6.1.2",
-        "@formatjs/intl-listformat": "^7.5.5",
-        "@fortawesome/fontawesome-free": "^6.5.1",
-        "@goauthentik/api": "^2023.10.7-1707933453",
-        "@lit-labs/context": "^0.4.0",
-        "@lit-labs/task": "^3.1.0",
-        "@lit/localize": "^0.11.4",
-        "@open-wc/lit-helpers": "^0.6.0",
-        "@patternfly/elements": "^2.4.0",
-        "@patternfly/patternfly": "^4.224.2",
-        "@sentry/browser": "^7.101.0",
-        "@webcomponents/webcomponentsjs": "^2.8.0",
-        "base64-js": "^1.5.1",
-        "chart.js": "^4.4.1",
-        "chartjs-adapter-moment": "^1.0.1",
-        "codemirror": "^6.0.1",
-        "construct-style-sheets-polyfill": "^3.1.0",
-        "core-js": "^3.35.1",
-        "country-flag-icons": "^1.5.9",
-        "fuse.js": "^7.0.0",
-        "guacamole-common-js": "^1.5.0",
-        "lit": "^2.8.0",
-        "mermaid": "^10.8.0",
-        "rapidoc": "^9.3.4",
-        "style-mod": "^4.1.0",
-        "webcomponent-qr-code": "^1.2.0",
-        "yaml": "^2.3.4"
-    },
-    "devDependencies": {
-        "@babel/core": "^7.23.9",
-        "@babel/plugin-proposal-class-properties": "^7.18.6",
-        "@babel/plugin-proposal-decorators": "^7.23.9",
-        "@babel/plugin-transform-private-methods": "^7.23.3",
-        "@babel/plugin-transform-private-property-in-object": "^7.23.4",
-        "@babel/plugin-transform-runtime": "^7.23.9",
-        "@babel/preset-env": "^7.23.9",
-        "@babel/preset-typescript": "^7.23.3",
-        "@hcaptcha/types": "^1.0.3",
-        "@jackfranklin/rollup-plugin-markdown": "^0.4.0",
-        "@jeysal/storybook-addon-css-user-preferences": "^0.2.0",
-        "@lit/localize-tools": "^0.7.2",
-        "@rollup/plugin-babel": "^6.0.4",
-        "@rollup/plugin-commonjs": "^25.0.7",
-        "@rollup/plugin-node-resolve": "^15.2.3",
-        "@rollup/plugin-replace": "^5.0.5",
-        "@rollup/plugin-terser": "^0.4.4",
-        "@rollup/plugin-typescript": "^11.1.6",
-        "@spotlightjs/spotlight": "^1.2.12",
-        "@storybook/addon-essentials": "^7.6.15",
-        "@storybook/addon-links": "^7.6.15",
-        "@storybook/api": "^7.6.15",
-        "@storybook/blocks": "^7.6.4",
-        "@storybook/manager-api": "^7.6.15",
-        "@storybook/web-components": "^7.6.15",
-        "@storybook/web-components-vite": "^7.6.15",
-        "@trivago/prettier-plugin-sort-imports": "^4.3.0",
-        "@types/chart.js": "^2.9.41",
-        "@types/codemirror": "5.60.15",
-        "@types/grecaptcha": "^3.0.7",
-        "@types/guacamole-common-js": "1.5.2",
-        "@typescript-eslint/eslint-plugin": "^7.0.1",
-        "@typescript-eslint/parser": "^7.0.1",
-        "babel-plugin-macros": "^3.1.0",
-        "babel-plugin-tsconfig-paths": "^1.0.3",
-        "cross-env": "^7.0.3",
-        "eslint": "^8.56.0",
-        "eslint-config-google": "^0.14.0",
-        "eslint-plugin-custom-elements": "0.0.8",
-        "eslint-plugin-lit": "^1.11.0",
-        "eslint-plugin-sonarjs": "^0.24.0",
-        "eslint-plugin-storybook": "^0.6.15",
-        "github-slugger": "^2.0.0",
-        "lit-analyzer": "^2.0.3",
-        "npm-run-all": "^4.1.5",
-        "prettier": "^3.2.5",
-        "pseudolocale": "^2.0.0",
-        "pyright": "=1.1.338",
-        "react": "^18.2.0",
-        "react-dom": "^18.2.0",
-        "rollup": "^4.10.0",
-        "rollup-plugin-copy": "^3.5.0",
-        "rollup-plugin-cssimport": "^1.0.3",
-        "rollup-plugin-modify": "^3.0.0",
-        "rollup-plugin-postcss-lit": "^2.1.0",
-        "storybook": "^7.6.15",
-        "storybook-addon-mock": "^4.3.0",
-        "ts-lit-plugin": "^2.0.2",
-        "tslib": "^2.6.2",
-        "turnstile-types": "^1.2.0",
-        "typescript": "^5.3.3",
-        "vite-tsconfig-paths": "^4.3.1"
+        "@manypkg/cli": "^0.21.1",
+        "lage": "^2.7.9"
     },
     "optionalDependencies": {
         "@esbuild/darwin-arm64": "^0.20.0",
@@ -138,5 +44,8 @@
     },
     "engines": {
         "node": ">=20"
-    }
+    },
+    "workspaces": [
+        "packages/authentik"
+    ]
 }

web/packages/authentik/.eslintignore

@@ -6,3 +6,4 @@ dist
 coverage
 src/locale-codes.ts
 storybook-static/
+src/locales/**

web/packages/authentik/.eslintrc.json

@@ -0,0 +1,37 @@
+{
+    "env": {
+        "browser": true,
+        "es2021": true
+    },
+    "extends": [
+        "eslint:recommended",
+        "plugin:@typescript-eslint/recommended",
+        "plugin:lit/recommended",
+        "plugin:custom-elements/recommended",
+        "plugin:storybook/recommended"
+    ],
+    "parser": "@typescript-eslint/parser",
+    "parserOptions": {
+        "ecmaVersion": 12,
+        "sourceType": "module",
+        "project": true
+    },
+    "plugins": ["@typescript-eslint", "lit", "custom-elements"],
+    "ignorePatterns": ["authentik-live-tests/**"],
+    "rules": {
+        "indent": "off",
+        "linebreak-style": ["error", "unix"],
+        "quotes": ["error", "double", { "avoidEscape": true }],
+        "semi": ["error", "always"],
+        "@typescript-eslint/ban-ts-comment": "off",
+        "no-unused-vars": "off",
+        "@typescript-eslint/no-unused-vars": [
+            "error",
+            {
+                "argsIgnorePattern": "^_",
+                "varsIgnorePattern": "^_",
+                "caughtErrorsIgnorePattern": "^_"
+            }
+        ]
+    }
+}

web/packages/authentik/package.json

@@ -0,0 +1,142 @@
+{
+    "name": "@goauthentik/authentik",
+    "version": "0.0.0",
+    "private": true,
+    "license": "MIT",
+    "scripts": {
+        "extract-locales": "lit-localize extract",
+        "build-locales": "run-s build-locales:build",
+        "build-locales:build": "lit-localize build",
+        "build-locales:repair": "prettier --write ./src/locale-codes.ts",
+        "rollup:build": "cross-env NODE_OPTIONS='--max_old_space_size=8192' rollup -c ./rollup.config.mjs",
+        "rollup:build-proxy": "cross-env NODE_OPTIONS='--max_old_space_size=8192' rollup -c ./rollup.proxy.mjs",
+        "rollup:watch": "cross-env NODE_OPTIONS='--max_old_space_size=8192' rollup -c -w",
+        "build": "run-s build-locales rollup:build",
+        "build-proxy": "run-s build-locales rollup:build-proxy",
+        "watch": "run-s build-locales rollup:watch",
+        "lint": "eslint . --max-warnings 0 --fix",
+        "lint:precommit": "eslint --max-warnings 0 --config ./.eslintrc.precommit.json $(git status --porcelain . | grep '^[M?][M?]' | cut -c8- | grep -E '\\.(ts|js|tsx|jsx)$') ",
+        "lint:spelling": "codespell -D - -D ../../../.github/codespell-dictionary.txt -I ../../../.github/codespell-words.txt -S './src/locales/**' ./src -s",
+        "lit-analyse": "lit-analyzer src",
+        "precommit": "run-s tsc lit-analyse lint:precommit lint:spelling prettier",
+        "prequick": "run-s tsc:execute lit-analyse lint:precommit lint:spelling",
+        "prettier-check": "prettier --check .",
+        "prettier": "prettier --write .",
+        "pseudolocalize:build-extract-script": "cd scripts && tsc --esModuleInterop --module es2020 --moduleResolution 'node' pseudolocalize.ts && mv pseudolocalize.js pseudolocalize.mjs",
+        "pseudolocalize:extract": "node scripts/pseudolocalize.mjs",
+        "pseudolocalize": "run-s pseudolocalize:build-extract-script pseudolocalize:extract",
+        "tsc:execute": "tsc --noEmit -p .",
+        "tsc": "run-s build-locales tsc:execute",
+        "storybook": "storybook dev -p 6006",
+        "storybook:build": "cross-env NODE_OPTIONS='--max_old_space_size=8192' storybook build",
+        "storybook:build-import-map": "run-s storybook:build-import-map-script storybook:run-import-map-script",
+        "storybook:build-import-map-script": "cd scripts && tsc --esModuleInterop --module es2020 --target es2020 --moduleResolution 'node' build-storybook-import-maps.ts && mv build-storybook-import-maps.js build-storybook-import-maps.mjs",
+        "storybook:run-import-map-script": "node scripts/build-storybook-import-maps.mjs"
+    },
+    "dependencies": {
+        "@codemirror/lang-html": "^6.4.8",
+        "@codemirror/lang-javascript": "^6.2.1",
+        "@codemirror/lang-python": "^6.1.4",
+        "@codemirror/lang-xml": "^6.0.2",
+        "@codemirror/legacy-modes": "^6.3.3",
+        "@codemirror/theme-one-dark": "^6.1.2",
+        "@formatjs/intl-listformat": "^7.5.5",
+        "@fortawesome/fontawesome-free": "^6.5.1",
+        "@goauthentik/api": "^2023.10.7-1707933453",
+        "@lit-labs/context": "^0.4.0",
+        "@lit-labs/task": "^3.1.0",
+        "@lit/localize": "^0.11.4",
+        "@open-wc/lit-helpers": "^0.6.0",
+        "@patternfly/elements": "^2.4.0",
+        "@patternfly/patternfly": "^4.224.2",
+        "@sentry/browser": "^7.101.1",
+        "@webcomponents/webcomponentsjs": "^2.8.0",
+        "base64-js": "^1.5.1",
+        "chart.js": "^4.4.1",
+        "chartjs-adapter-moment": "^1.0.1",
+        "codemirror": "^6.0.1",
+        "construct-style-sheets-polyfill": "^3.1.0",
+        "core-js": "^3.36.0",
+        "country-flag-icons": "^1.5.9",
+        "fuse.js": "^7.0.0",
+        "guacamole-common-js": "^1.5.0",
+        "lit": "^2.8.0",
+        "mermaid": "^10.8.0",
+        "rapidoc": "^9.3.4",
+        "style-mod": "^4.1.0",
+        "webcomponent-qr-code": "^1.2.0",
+        "yaml": "^2.3.4"
+    },
+    "devDependencies": {
+        "@babel/core": "^7.23.9",
+        "@babel/plugin-proposal-class-properties": "^7.18.6",
+        "@babel/plugin-proposal-decorators": "^7.23.9",
+        "@babel/plugin-transform-private-methods": "^7.23.3",
+        "@babel/plugin-transform-private-property-in-object": "^7.23.4",
+        "@babel/plugin-transform-runtime": "^7.23.9",
+        "@babel/preset-env": "^7.23.9",
+        "@babel/preset-typescript": "^7.23.3",
+        "@hcaptcha/types": "^1.0.3",
+        "@jackfranklin/rollup-plugin-markdown": "^0.4.0",
+        "@jeysal/storybook-addon-css-user-preferences": "^0.2.0",
+        "@lit/localize-tools": "^0.7.2",
+        "@rollup/plugin-babel": "^6.0.4",
+        "@rollup/plugin-commonjs": "^25.0.7",
+        "@rollup/plugin-node-resolve": "^15.2.3",
+        "@rollup/plugin-replace": "^5.0.5",
+        "@rollup/plugin-terser": "^0.4.4",
+        "@rollup/plugin-typescript": "^11.1.6",
+        "@spotlightjs/spotlight": "^1.2.12",
+        "@storybook/addon-essentials": "^7.6.16",
+        "@storybook/addon-links": "^7.6.16",
+        "@storybook/api": "^7.6.16",
+        "@storybook/blocks": "^7.6.4",
+        "@storybook/manager-api": "^7.6.16",
+        "@storybook/web-components": "^7.6.16",
+        "@storybook/web-components-vite": "^7.6.16",
+        "@trivago/prettier-plugin-sort-imports": "^4.3.0",
+        "@types/chart.js": "^2.9.41",
+        "@types/codemirror": "5.60.15",
+        "@types/grecaptcha": "^3.0.7",
+        "@types/guacamole-common-js": "1.5.2",
+        "@typescript-eslint/eslint-plugin": "^7.0.1",
+        "@typescript-eslint/parser": "^7.0.1",
+        "babel-plugin-macros": "^3.1.0",
+        "babel-plugin-tsconfig-paths": "^1.0.3",
+        "cross-env": "^7.0.3",
+        "eslint": "^8.56.0",
+        "eslint-config-google": "^0.14.0",
+        "eslint-plugin-custom-elements": "0.0.8",
+        "eslint-plugin-lit": "^1.11.0",
+        "eslint-plugin-sonarjs": "^0.24.0",
+        "eslint-plugin-storybook": "^0.8.0",
+        "github-slugger": "^2.0.0",
+        "lit-analyzer": "^2.0.3",
+        "npm-run-all": "^4.1.5",
+        "prettier": "^3.2.5",
+        "pseudolocale": "^2.0.0",
+        "pyright": "=1.1.338",
+        "react": "^18.2.0",
+        "react-dom": "^18.2.0",
+        "rollup": "^4.12.0",
+        "rollup-plugin-copy": "^3.5.0",
+        "rollup-plugin-cssimport": "^1.0.3",
+        "rollup-plugin-modify": "^3.0.0",
+        "rollup-plugin-postcss-lit": "^2.1.0",
+        "storybook": "^7.6.16",
+        "storybook-addon-mock": "^4.3.0",
+        "ts-lit-plugin": "^2.0.2",
+        "tslib": "^2.6.2",
+        "turnstile-types": "^1.2.0",
+        "typescript": "^5.3.3",
+        "vite-tsconfig-paths": "^4.3.1"
+    },
+    "optionalDependencies": {
+        "@esbuild/darwin-arm64": "^0.20.0",
+        "@esbuild/linux-amd64": "^0.18.11",
+        "@esbuild/linux-arm64": "^0.20.0"
+    },
+    "engines": {
+        "node": ">=20"
+    }
+}

web/packages/authentik/rollup.config.mjs

@@ -0,0 +1,107 @@
+import commonjs from "@rollup/plugin-commonjs";
+import { nodeResolve } from "@rollup/plugin-node-resolve";
+import terser from "@rollup/plugin-terser";
+import path from "path";
+import copy from "rollup-plugin-copy";
+import cssimport from "rollup-plugin-cssimport";
+
+import { DIST, defaultOptions, isProdBuild, manualChunks, resources } from "../../rollup.base.mjs";
+
+export const POLY = {
+    input: "./src/polyfill/poly.ts",
+    output: [
+        {
+            format: "iife",
+            file: path.join(DIST, "poly.js"),
+            sourcemap: true,
+        },
+    ],
+    cache: true,
+    plugins: [
+        cssimport(),
+        nodeResolve({ browser: true }),
+        commonjs(),
+        isProdBuild && terser(),
+        copy({
+            targets: [...resources],
+            copyOnce: false,
+        }),
+    ].filter((p) => p),
+};
+
+export const standalone = ["api-browser", "loading"].map((input) => {
+    return {
+        input: `./src/standalone/${input}`,
+        output: [
+            {
+                format: "es",
+                dir: path.join(DIST, "standalone", input),
+                sourcemap: true,
+                manualChunks: manualChunks,
+            },
+        ],
+        ...defaultOptions,
+    };
+});
+
+export const enterprise = ["rac"].map((input) => {
+    return {
+        input: `./src/enterprise/${input}`,
+        output: [
+            {
+                format: "es",
+                dir: path.join(DIST, "enterprise", input),
+                sourcemap: true,
+                manualChunks: manualChunks,
+            },
+        ],
+        ...defaultOptions,
+    };
+});
+
+export default [
+    POLY,
+    // Standalone
+    ...standalone,
+    // Flow interface
+    {
+        input: "./src/flow/FlowInterface.ts",
+        output: [
+            {
+                format: "es",
+                dir: path.join(DIST, "flow"),
+                sourcemap: true,
+                manualChunks: manualChunks,
+            },
+        ],
+        ...defaultOptions,
+    },
+    // Admin interface
+    {
+        input: "./src/admin/AdminInterface/AdminInterface.ts",
+        output: [
+            {
+                format: "es",
+                dir: path.join(DIST, "admin"),
+                sourcemap: true,
+                manualChunks: manualChunks,
+            },
+        ],
+        ...defaultOptions,
+    },
+    // User interface
+    {
+        input: "./src/user/UserInterface.ts",
+        output: [
+            {
+                format: "es",
+                dir: path.join(DIST, "user"),
+                sourcemap: true,
+                manualChunks: manualChunks,
+            },
+        ],
+        ...defaultOptions,
+    },
+    // Enterprise
+    ...enterprise,
+];

web/packages/authentik/scripts/pseudolocalize.mjs

@@ -0,0 +1,48 @@
+var __assign = (this && this.__assign) || function () {
+    __assign = Object.assign || function(t) {
+        for (var s, i = 1, n = arguments.length; i < n; i++) {
+            s = arguments[i];
+            for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p))
+                t[p] = s[p];
+        }
+        return t;
+    };
+    return __assign.apply(this, arguments);
+};
+var __spreadArray = (this && this.__spreadArray) || function (to, from, pack) {
+    if (pack || arguments.length === 2) for (var i = 0, l = from.length, ar; i < l; i++) {
+        if (ar || !(i in from)) {
+            if (!ar) ar = Array.prototype.slice.call(from, 0, i);
+            ar[i] = from[i];
+        }
+    }
+    return to.concat(ar || Array.prototype.slice.call(from));
+};
+import { readFileSync } from "fs";
+import path from "path";
+import pseudolocale from "pseudolocale";
+import { fileURLToPath } from "url";
+import { makeFormatter } from "@lit/localize-tools/lib/formatters/index.js";
+import { sortProgramMessages } from "@lit/localize-tools/lib/messages.js";
+import { TransformLitLocalizer } from "@lit/localize-tools/lib/modes/transform.js";
+var __dirname = fileURLToPath(new URL(".", import.meta.url));
+var pseudoLocale = "pseudo-LOCALE";
+var targetLocales = [pseudoLocale];
+var baseConfig = JSON.parse(readFileSync(path.join(__dirname, "../lit-localize.json"), "utf-8"));
+// Need to make some internal specifications to satisfy the transformer. It doesn't actually matter
+// which Localizer we use (transformer or runtime), because all of the functionality we care about
+// is in their common parent class, but I had to pick one.  Everything else here is just pure
+// exploitation of the lit/localize-tools internals.
+var config = __assign(__assign({}, baseConfig), { baseDir: path.join(__dirname, ".."), targetLocales: targetLocales, output: __assign(__assign({}, baseConfig), { mode: "transform" }), resolve: function (path) { return path; } });
+var pseudoMessagify = function (message) { return ({
+    name: message.name,
+    contents: message.contents.map(function (content) {
+        return typeof content === "string" ? pseudolocale(content, { prepend: "", append: "" }) : content;
+    }),
+}); };
+var localizer = new TransformLitLocalizer(config);
+var messages = localizer.extractSourceMessages().messages;
+var translations = messages.map(pseudoMessagify);
+var sorted = sortProgramMessages(__spreadArray([], messages, true));
+var formatter = makeFormatter(config);
+formatter.writeOutput(sorted, new Map([[pseudoLocale, translations]]));

web/packages/authentik/src/admin/admin-settings/AdminSettingsForm.ts

@@ -22,25 +22,36 @@ import { AdminApi, Settings, SettingsRequest } from "@goauthentik/api";
 
 @customElement("ak-admin-settings-form")
 export class AdminSettingsForm extends Form<SettingsRequest> {
-    @property({ attribute: false })
-    set settings(value: Settings) {
+    //
+    // Custom property accessors in Lit 2 require a manual call to requestUpdate(). See:
+    // https://lit.dev/docs/v2/components/properties/#accessors-custom
+    //
+    set settings(value: Settings | undefined) {
         this._settings = value;
+        this.requestUpdate();
+    }
+
+    @property({ type: Object })
+    get settings() {
+        return this._settings;
     }
 
     private _settings?: Settings;
 
+    static get styles(): CSSResult[] {
+        return super.styles.concat(PFList);
+    }
+
     getSuccessMessage(): string {
         return msg("Successfully updated settings.");
     }
 
     async send(data: SettingsRequest): Promise<Settings> {
-        return new AdminApi(DEFAULT_CONFIG).adminSettingsUpdate({
+        const result = await new AdminApi(DEFAULT_CONFIG).adminSettingsUpdate({
             settingsRequest: data,
         });
-    }
-
-    static get styles(): CSSResult[] {
-        return super.styles.concat(PFList);
+        this.dispatchEvent(new CustomEvent("ak-admin-setting-changed"));
+        return result;
     }
 
     renderForm(): TemplateResult {

web/packages/authentik/src/admin/admin-settings/AdminSettingsPage.ts

@@ -14,8 +14,8 @@ import "@goauthentik/elements/buttons/SpinnerButton";
 import "@goauthentik/elements/forms/ModalForm";
 
 import { msg } from "@lit/localize";
-import { CSSResult, TemplateResult, html } from "lit";
-import { customElement, property } from "lit/decorators.js";
+import { html, nothing } from "lit";
+import { customElement, query, state } from "lit/decorators.js";
 
 import PFBanner from "@patternfly/patternfly/components/Banner/banner.css";
 import PFButton from "@patternfly/patternfly/components/Button/button.css";
@@ -32,7 +32,7 @@ import { AdminApi, Settings } from "@goauthentik/api";
 
 @customElement("ak-admin-settings")
 export class AdminSettingsPage extends AKElement {
-    static get styles(): CSSResult[] {
+    static get styles() {
         return [
             PFBase,
             PFButton,
@@ -46,41 +46,46 @@ export class AdminSettingsPage extends AKElement {
             PFBanner,
         ];
     }
-    @property({ attribute: false })
+
+    @query("ak-admin-settings-form#form")
+    form?: AdminSettingsForm;
+
+    @state()
     settings?: Settings;
 
-    loadSettings(): void {
-        new AdminApi(DEFAULT_CONFIG).adminSettingsRetrieve().then((settings) => {
+    constructor() {
+        super();
+        AdminSettingsPage.fetchSettings().then((settings) => {
             this.settings = settings;
         });
+        this.save = this.save.bind(this);
+        this.reset = this.reset.bind(this);
+        this.addEventListener("ak-admin-setting-changed", this.handleUpdate.bind(this));
     }
 
-    firstUpdated(): void {
-        this.loadSettings();
+    static async fetchSettings() {
+        return await new AdminApi(DEFAULT_CONFIG).adminSettingsRetrieve();
     }
 
-    async save(): Promise<void> {
-        const form = this.shadowRoot?.querySelector<AdminSettingsForm>("ak-admin-settings-form");
-        if (!form) {
+    async handleUpdate() {
+        this.settings = await AdminSettingsPage.fetchSettings();
+    }
+
+    async save() {
+        if (!this.form) {
             return;
         }
-        await form.submit(new Event("submit"));
-        this.resetForm();
+        await this.form.submit(new Event("submit"));
+        this.settings = await AdminSettingsPage.fetchSettings();
     }
 
-    resetForm(): void {
-        const form = this.shadowRoot?.querySelector<AdminSettingsForm>("ak-admin-settings-form");
-        if (!form) {
-            return;
-        }
-        this.loadSettings();
-        form.settings = this.settings!;
-        form.resetForm();
+    async reset() {
+        this.form?.resetForm();
     }
 
-    render(): TemplateResult {
+    render() {
         if (!this.settings) {
-            return html``;
+            return nothing;
         }
         return html`
             <ak-page-header icon="fa fa-cog" header="" description="">
@@ -93,18 +98,10 @@ export class AdminSettingsPage extends AKElement {
                         </ak-admin-settings-form>
                     </div>
                     <div class="pf-c-card__footer">
-                        <ak-spinner-button
-                            .callAction=${async () => {
-                                await this.save();
-                            }}
-                            class="pf-m-primary"
+                        <ak-spinner-button .callAction=${this.save} class="pf-m-primary"
                             >${msg("Save")}</ak-spinner-button
                         >
-                        <ak-spinner-button
-                            .callAction=${() => {
-                                this.resetForm();
-                            }}
-                            class="pf-m-secondary"
+                        <ak-spinner-button .callAction=${this.reset} class="pf-m-secondary"
                             >${msg("Cancel")}</ak-spinner-button
                         >
                     </div>