Altered directory

.bumpversion.cfg

@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 2025.6.2
+current_version = 2025.6.1
 tag = True
 commit = True
 parse = (?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)(?:-(?P<rc_t>[a-zA-Z-]+)(?P<rc_n>[1-9]\\d*))?
@@ -21,8 +21,6 @@ optional_value = final
 
 [bumpversion:file:package.json]
 
-[bumpversion:file:package-lock.json]
-
 [bumpversion:file:docker-compose.yml]
 
 [bumpversion:file:schema.yml]
@@ -33,4 +31,6 @@ optional_value = final
 
 [bumpversion:file:internal/constants/constants.go]
 
+[bumpversion:file:web/src/common/constants.ts]
+
 [bumpversion:file:lifecycle/aws/template.yaml]

.editorconfig

@@ -7,9 +7,6 @@ charset = utf-8
 trim_trailing_whitespace = true
 insert_final_newline = true
 
-[*.toml]
-indent_size = 2
-
 [*.html]
 indent_size = 2
 

.github/workflows/ci-main.yml

@@ -202,7 +202,7 @@ jobs:
         uses: actions/cache@v4
         with:
           path: web/dist
-          key: ${{ runner.os }}-web-${{ hashFiles('web/package-lock.json', 'package-lock.json', 'web/src/**', 'web/packages/sfe/src/**') }}-b
+          key: ${{ runner.os }}-web-${{ hashFiles('web/package-lock.json', 'web/src/**', 'web/packages/sfe/src/**') }}-b
       - name: prepare web ui
         if: steps.cache-web.outputs.cache-hit != 'true'
         working-directory: web

.github/workflows/ci-website.yml

@@ -41,27 +41,6 @@ jobs:
       - name: test
         working-directory: website/
         run: npm test
-  build:
-    runs-on: ubuntu-latest
-    name: ${{ matrix.job }}
-    strategy:
-      fail-fast: false
-      matrix:
-        job:
-          - build
-          - build:integrations
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
-        with:
-          node-version-file: website/package.json
-          cache: "npm"
-          cache-dependency-path: website/package-lock.json
-      - working-directory: website/
-        run: npm ci
-      - name: build
-        working-directory: website/
-        run: npm run ${{ matrix.job }}
   build-container:
     runs-on: ubuntu-latest
     permissions:
@@ -115,7 +94,6 @@ jobs:
     needs:
       - lint
       - test
-      - build
       - build-container
     runs-on: ubuntu-latest
     steps:

Dockerfile

@@ -75,9 +75,9 @@ RUN --mount=type=secret,id=GEOIPUPDATE_ACCOUNT_ID \
     /bin/sh -c "GEOIPUPDATE_LICENSE_KEY_FILE=/run/secrets/GEOIPUPDATE_LICENSE_KEY /usr/bin/entry.sh || echo 'Failed to get GeoIP database, disabling'; exit 0"
 
 # Stage 4: Download uv
-FROM ghcr.io/astral-sh/uv:0.7.13 AS uv
+FROM ghcr.io/astral-sh/uv:0.7.12 AS uv
 # Stage 5: Base python image
-FROM ghcr.io/goauthentik/fips-python:3.13.5-slim-bookworm-fips AS python-base
+FROM ghcr.io/goauthentik/fips-python:3.13.4-slim-bookworm-fips AS python-base
 
 ENV VENV_PATH="/ak-root/.venv" \
     PATH="/lifecycle:/ak-root/.venv/bin:$PATH" \

Makefile

@@ -86,10 +86,6 @@ dev-create-db:
 
 dev-reset: dev-drop-db dev-create-db migrate  ## Drop and restore the Authentik PostgreSQL instance to a "fresh install" state.
 
-update-test-mmdb:  ## Update test GeoIP and ASN Databases
-	curl -L https://raw.githubusercontent.com/maxmind/MaxMind-DB/refs/heads/main/test-data/GeoLite2-ASN-Test.mmdb -o ${PWD}/tests/GeoLite2-ASN-Test.mmdb
-	curl -L https://raw.githubusercontent.com/maxmind/MaxMind-DB/refs/heads/main/test-data/GeoLite2-City-Test.mmdb -o ${PWD}/tests/GeoLite2-City-Test.mmdb
-
 #########################
 ## API Schema
 #########################
@@ -98,7 +94,7 @@ gen-build:  ## Extract the schema from the database
 	AUTHENTIK_DEBUG=true \
 		AUTHENTIK_TENANTS__ENABLED=true \
 		AUTHENTIK_OUTPOSTS__DISABLE_EMBEDDED_OUTPOST=true \
-		uv run ak make_blueprint_schema --file blueprints/schema.json
+		uv run ak make_blueprint_schema > blueprints/schema.json
 	AUTHENTIK_DEBUG=true \
 		AUTHENTIK_TENANTS__ENABLED=true \
 		AUTHENTIK_OUTPOSTS__DISABLE_EMBEDDED_OUTPOST=true \

authentik/__init__.py

@@ -2,7 +2,7 @@
 
 from os import environ
 
-__version__ = "2025.6.2"
+__version__ = "2025.6.1"
 ENV_GIT_HASH_KEY = "GIT_BUILD_HASH"
 
 

authentik/blueprints/management/commands/make_blueprint_schema.py

@@ -72,33 +72,20 @@ class Command(BaseCommand):
                     "additionalProperties": True,
                 },
                 "entries": {
-                    "anyOf": [
-                        {
-                            "type": "array",
-                            "items": {"$ref": "#/$defs/blueprint_entry"},
-                        },
-                        {
-                            "type": "object",
-                            "additionalProperties": {
-                                "type": "array",
-                                "items": {"$ref": "#/$defs/blueprint_entry"},
-                            },
-                        },
-                    ],
+                    "type": "array",
+                    "items": {
+                        "oneOf": [],
+                    },
                 },
             },
-            "$defs": {"blueprint_entry": {"oneOf": []}},
+            "$defs": {},
         }
 
-    def add_arguments(self, parser):
-        parser.add_argument("--file", type=str)
-
     @no_translations
-    def handle(self, *args, file: str, **options):
+    def handle(self, *args, **options):
         """Generate JSON Schema for blueprints"""
         self.build()
-        with open(file, "w") as _schema:
-            _schema.write(dumps(self.schema, indent=4, default=Command.json_default))
+        self.stdout.write(dumps(self.schema, indent=4, default=Command.json_default))
 
     @staticmethod
     def json_default(value: Any) -> Any:
@@ -125,7 +112,7 @@ class Command(BaseCommand):
                 }
             )
             model_path = f"{model._meta.app_label}.{model._meta.model_name}"
-            self.schema["$defs"]["blueprint_entry"]["oneOf"].append(
+            self.schema["properties"]["entries"]["items"]["oneOf"].append(
                 self.template_entry(model_path, model, serializer)
             )
 
@@ -147,7 +134,7 @@ class Command(BaseCommand):
                 "id": {"type": "string"},
                 "state": {
                     "type": "string",
-                    "enum": sorted([s.value for s in BlueprintEntryDesiredState]),
+                    "enum": [s.value for s in BlueprintEntryDesiredState],
                     "default": "present",
                 },
                 "conditions": {"type": "array", "items": {"type": "boolean"}},
@@ -218,7 +205,7 @@ class Command(BaseCommand):
                 "type": "object",
                 "required": ["permission"],
                 "properties": {
-                    "permission": {"type": "string", "enum": sorted(perms)},
+                    "permission": {"type": "string", "enum": perms},
                     "user": {"type": "integer"},
                     "role": {"type": "string"},
                 },

authentik/blueprints/tests/fixtures/state_present.yaml

@@ -1,11 +1,10 @@
 version: 1
 entries:
-  foo:
-      - identifiers:
-            name: "%(id)s"
-            slug: "%(id)s"
-        model: authentik_flows.flow
-        state: present
-        attrs:
-            designation: stage_configuration
-            title: foo
+    - identifiers:
+          name: "%(id)s"
+          slug: "%(id)s"
+      model: authentik_flows.flow
+      state: present
+      attrs:
+          designation: stage_configuration
+          title: foo

authentik/blueprints/v1/common.py

@@ -191,18 +191,11 @@ class Blueprint:
     """Dataclass used for a full export"""
 
     version: int = field(default=1)
-    entries: list[BlueprintEntry] | dict[str, list[BlueprintEntry]] = field(default_factory=list)
+    entries: list[BlueprintEntry] = field(default_factory=list)
     context: dict = field(default_factory=dict)
 
     metadata: BlueprintMetadata | None = field(default=None)
 
-    def iter_entries(self) -> Iterable[BlueprintEntry]:
-        if isinstance(self.entries, dict):
-            for _section, entries in self.entries.items():
-                yield from entries
-        else:
-            yield from self.entries
-
 
 class YAMLTag:
     """Base class for all YAML Tags"""
@@ -233,7 +226,7 @@ class KeyOf(YAMLTag):
         self.id_from = node.value
 
     def resolve(self, entry: BlueprintEntry, blueprint: Blueprint) -> Any:
-        for _entry in blueprint.iter_entries():
+        for _entry in blueprint.entries:
             if _entry.id == self.id_from and _entry._state.instance:
                 # Special handling for PolicyBindingModels, as they'll have a different PK
                 # which is used when creating policy bindings

authentik/blueprints/v1/importer.py

@@ -384,7 +384,7 @@ class Importer:
     def _apply_models(self, raise_errors=False) -> bool:
         """Apply (create/update) models yaml"""
         self.__pk_map = {}
-        for entry in self._import.iter_entries():
+        for entry in self._import.entries:
             model_app_label, model_name = entry.get_model(self._import).split(".")
             try:
                 model: type[SerializerModel] = registry.get_model(model_app_label, model_name)

authentik/blueprints/v1/meta/registry.py

@@ -47,7 +47,7 @@ class MetaModelRegistry:
         models = apps.get_models()
         for _, value in self.models.items():
             models.append(value)
-        return sorted(models, key=str)
+        return models
 
     def get_model(self, app_label: str, model_id: str) -> type[Model]:
         """Get model checks if any virtual models are registered, and falls back

authentik/core/api/users.py

@@ -386,23 +386,8 @@ class UserViewSet(UsedByMixin, ModelViewSet):
     queryset = User.objects.none()
     ordering = ["username"]
     serializer_class = UserSerializer
-    filterset_class = UsersFilter
     search_fields = ["username", "name", "is_active", "email", "uuid", "attributes"]
-
-    def get_ql_fields(self):
-        from djangoql.schema import BoolField, StrField
-
-        from authentik.enterprise.search.fields import ChoiceSearchField, JSONSearchField
-
-        return [
-            StrField(User, "username"),
-            StrField(User, "name"),
-            StrField(User, "email"),
-            StrField(User, "path"),
-            BoolField(User, "is_active", nullable=True),
-            ChoiceSearchField(User, "type"),
-            JSONSearchField(User, "attributes"),
-        ]
+    filterset_class = UsersFilter
 
     def get_queryset(self):
         base_qs = User.objects.all().exclude_anonymous()

authentik/core/models.py

@@ -18,7 +18,7 @@ from django.http import HttpRequest
 from django.utils.functional import SimpleLazyObject, cached_property
 from django.utils.timezone import now
 from django.utils.translation import gettext_lazy as _
-from django_cte import CTE, with_cte
+from django_cte import CTEQuerySet, With
 from guardian.conf import settings
 from guardian.mixins import GuardianUserMixin
 from model_utils.managers import InheritanceManager
@@ -136,7 +136,7 @@ class AttributesMixin(models.Model):
         return instance, False
 
 
-class GroupQuerySet(QuerySet):
+class GroupQuerySet(CTEQuerySet):
     def with_children_recursive(self):
         """Recursively get all groups that have the current queryset as parents
         or are indirectly related."""
@@ -165,9 +165,9 @@ class GroupQuerySet(QuerySet):
             )
 
         # Build the recursive query, see above
-        cte = CTE.recursive(make_cte)
+        cte = With.recursive(make_cte)
         # Return the result, as a usable queryset for Group.
-        return with_cte(cte, select=cte.join(Group, group_uuid=cte.col.group_uuid))
+        return cte.join(Group, group_uuid=cte.col.group_uuid).with_cte(cte)
 
 
 class Group(SerializerModel, AttributesMixin):

authentik/core/tests/test_applications_api.py

@@ -114,7 +114,6 @@ class TestApplicationsAPI(APITestCase):
         self.assertJSONEqual(
             response.content.decode(),
             {
-                "autocomplete": {},
                 "pagination": {
                     "next": 0,
                     "previous": 0,
@@ -168,7 +167,6 @@ class TestApplicationsAPI(APITestCase):
         self.assertJSONEqual(
             response.content.decode(),
             {
-                "autocomplete": {},
                 "pagination": {
                     "next": 0,
                     "previous": 0,

authentik/enterprise/policies/unique_password/tests/test_tasks.py

@@ -119,17 +119,17 @@ class TestTrimPasswordHistory(TestCase):
             [
                 UserPasswordHistory(
                     user=self.user,
-                    old_password="hunter1",  # nosec
+                    old_password="hunter1",  # nosec B106
                     created_at=_now - timedelta(days=3),
                 ),
                 UserPasswordHistory(
                     user=self.user,
-                    old_password="hunter2",  # nosec
+                    old_password="hunter2",  # nosec B106
                     created_at=_now - timedelta(days=2),
                 ),
                 UserPasswordHistory(
                     user=self.user,
-                    old_password="hunter3",  # nosec
+                    old_password="hunter3",  # nosec B106
                     created_at=_now,
                 ),
             ]

authentik/enterprise/search/apps.py

@@ -1,12 +0,0 @@
-"""Enterprise app config"""
-
-from authentik.enterprise.apps import EnterpriseConfig
-
-
-class AuthentikEnterpriseSearchConfig(EnterpriseConfig):
-    """Enterprise app config"""
-
-    name = "authentik.enterprise.search"
-    label = "authentik_search"
-    verbose_name = "authentik Enterprise.Search"
-    default = True

authentik/enterprise/search/fields.py

@@ -1,128 +0,0 @@
-"""DjangoQL search"""
-
-from collections import OrderedDict, defaultdict
-from collections.abc import Generator
-
-from django.db import connection
-from django.db.models import Model, Q
-from djangoql.compat import text_type
-from djangoql.schema import StrField
-
-
-class JSONSearchField(StrField):
-    """JSON field for DjangoQL"""
-
-    model: Model
-
-    def __init__(self, model=None, name=None, nullable=None, suggest_nested=True):
-        # Set this in the constructor to not clobber the type variable
-        self.type = "relation"
-        self.suggest_nested = suggest_nested
-        super().__init__(model, name, nullable)
-
-    def get_lookup(self, path, operator, value):
-        search = "__".join(path)
-        op, invert = self.get_operator(operator)
-        q = Q(**{f"{search}{op}": self.get_lookup_value(value)})
-        return ~q if invert else q
-
-    def json_field_keys(self) -> Generator[tuple[str]]:
-        with connection.cursor() as cursor:
-            cursor.execute(
-                f"""
-                WITH RECURSIVE "{self.name}_keys" AS (
-                    SELECT
-                        ARRAY[jsonb_object_keys("{self.name}")] AS key_path_array,
-                        "{self.name}" -> jsonb_object_keys("{self.name}") AS value
-                    FROM {self.model._meta.db_table}
-                    WHERE "{self.name}" IS NOT NULL
-                        AND jsonb_typeof("{self.name}") = 'object'
-
-                    UNION ALL
-
-                    SELECT
-                        ck.key_path_array || jsonb_object_keys(ck.value),
-                        ck.value -> jsonb_object_keys(ck.value) AS value
-                    FROM "{self.name}_keys" ck
-                    WHERE jsonb_typeof(ck.value) = 'object'
-                ),
-
-                unique_paths AS (
-                    SELECT DISTINCT key_path_array
-                    FROM "{self.name}_keys"
-                )
-
-                SELECT key_path_array FROM unique_paths;
-            """  # nosec
-            )
-            return (x[0] for x in cursor.fetchall())
-
-    def get_nested_options(self) -> OrderedDict:
-        """Get keys of all nested objects to show autocomplete"""
-        if not self.suggest_nested:
-            return OrderedDict()
-        base_model_name = f"{self.model._meta.app_label}.{self.model._meta.model_name}_{self.name}"
-
-        def recursive_function(parts: list[str], parent_parts: list[str] | None = None):
-            if not parent_parts:
-                parent_parts = []
-            path = parts.pop(0)
-            parent_parts.append(path)
-            relation_key = "_".join(parent_parts)
-            if len(parts) > 1:
-                out_dict = {
-                    relation_key: {
-                        parts[0]: {
-                            "type": "relation",
-                            "relation": f"{relation_key}_{parts[0]}",
-                        }
-                    }
-                }
-                child_paths = recursive_function(parts.copy(), parent_parts.copy())
-                child_paths.update(out_dict)
-                return child_paths
-            else:
-                return {relation_key: {parts[0]: {}}}
-
-        relation_structure = defaultdict(dict)
-
-        for relations in self.json_field_keys():
-            result = recursive_function([base_model_name] + relations)
-            for relation_key, value in result.items():
-                for sub_relation_key, sub_value in value.items():
-                    if not relation_structure[relation_key].get(sub_relation_key, None):
-                        relation_structure[relation_key][sub_relation_key] = sub_value
-                    else:
-                        relation_structure[relation_key][sub_relation_key].update(sub_value)
-
-        final_dict = defaultdict(dict)
-
-        for key, value in relation_structure.items():
-            for sub_key, sub_value in value.items():
-                if not sub_value:
-                    final_dict[key][sub_key] = {
-                        "type": "str",
-                        "nullable": True,
-                    }
-                else:
-                    final_dict[key][sub_key] = sub_value
-        return OrderedDict(final_dict)
-
-    def relation(self) -> str:
-        return f"{self.model._meta.app_label}.{self.model._meta.model_name}_{self.name}"
-
-
-class ChoiceSearchField(StrField):
-    def __init__(self, model=None, name=None, nullable=None):
-        super().__init__(model, name, nullable, suggest_options=True)
-
-    def get_options(self, search):
-        result = []
-        choices = self._field_choices()
-        if choices:
-            search = search.lower()
-            for c in choices:
-                choice = text_type(c[0])
-                if search in choice.lower():
-                    result.append(choice)
-        return result

authentik/enterprise/search/pagination.py

@@ -1,53 +0,0 @@
-from rest_framework.response import Response
-
-from authentik.api.pagination import Pagination
-from authentik.enterprise.search.ql import AUTOCOMPLETE_COMPONENT_NAME, QLSearch
-
-
-class AutocompletePagination(Pagination):
-
-    def paginate_queryset(self, queryset, request, view=None):
-        self.view = view
-        return super().paginate_queryset(queryset, request, view)
-
-    def get_autocomplete(self):
-        schema = QLSearch().get_schema(self.request, self.view)
-        introspections = {}
-        if hasattr(self.view, "get_ql_fields"):
-            from authentik.enterprise.search.schema import AKQLSchemaSerializer
-
-            introspections = AKQLSchemaSerializer().serialize(
-                schema(self.page.paginator.object_list.model)
-            )
-        return introspections
-
-    def get_paginated_response(self, data):
-        previous_page_number = 0
-        if self.page.has_previous():
-            previous_page_number = self.page.previous_page_number()
-        next_page_number = 0
-        if self.page.has_next():
-            next_page_number = self.page.next_page_number()
-        return Response(
-            {
-                "pagination": {
-                    "next": next_page_number,
-                    "previous": previous_page_number,
-                    "count": self.page.paginator.count,
-                    "current": self.page.number,
-                    "total_pages": self.page.paginator.num_pages,
-                    "start_index": self.page.start_index(),
-                    "end_index": self.page.end_index(),
-                },
-                "results": data,
-                "autocomplete": self.get_autocomplete(),
-            }
-        )
-
-    def get_paginated_response_schema(self, schema):
-        final_schema = super().get_paginated_response_schema(schema)
-        final_schema["properties"]["autocomplete"] = {
-            "$ref": f"#/components/schemas/{AUTOCOMPLETE_COMPONENT_NAME}"
-        }
-        final_schema["required"].append("autocomplete")
-        return final_schema

authentik/enterprise/search/ql.py

@@ -1,78 +0,0 @@
-"""DjangoQL search"""
-
-from django.apps import apps
-from django.db.models import QuerySet
-from djangoql.ast import Name
-from djangoql.exceptions import DjangoQLError
-from djangoql.queryset import apply_search
-from djangoql.schema import DjangoQLSchema
-from rest_framework.filters import SearchFilter
-from rest_framework.request import Request
-from structlog.stdlib import get_logger
-
-from authentik.enterprise.search.fields import JSONSearchField
-
-LOGGER = get_logger()
-AUTOCOMPLETE_COMPONENT_NAME = "Autocomplete"
-AUTOCOMPLETE_SCHEMA = {
-    "type": "object",
-    "additionalProperties": {},
-}
-
-
-class BaseSchema(DjangoQLSchema):
-    """Base Schema which deals with JSON Fields"""
-
-    def resolve_name(self, name: Name):
-        model = self.model_label(self.current_model)
-        root_field = name.parts[0]
-        field = self.models[model].get(root_field)
-        # If the query goes into a JSON field, return the root
-        # field as the JSON field will do the rest
-        if isinstance(field, JSONSearchField):
-            # This is a workaround; build_filter will remove the right-most
-            # entry in the path as that is intended to be the same as the field
-            # however for JSON that is not the case
-            if name.parts[-1] != root_field:
-                name.parts.append(root_field)
-            return field
-        return super().resolve_name(name)
-
-
-class QLSearch(SearchFilter):
-    """rest_framework search filter which uses DjangoQL"""
-
-    @property
-    def enabled(self):
-        return apps.get_app_config("authentik_enterprise").enabled()
-
-    def get_search_terms(self, request) -> str:
-        """
-        Search terms are set by a ?search=... query parameter,
-        and may be comma and/or whitespace delimited.
-        """
-        params = request.query_params.get(self.search_param, "")
-        params = params.replace("\x00", "")  # strip null characters
-        return params
-
-    def get_schema(self, request: Request, view) -> BaseSchema:
-        ql_fields = []
-        if hasattr(view, "get_ql_fields"):
-            ql_fields = view.get_ql_fields()
-
-        class InlineSchema(BaseSchema):
-            def get_fields(self, model):
-                return ql_fields or []
-
-        return InlineSchema
-
-    def filter_queryset(self, request: Request, queryset: QuerySet, view) -> QuerySet:
-        search_query = self.get_search_terms(request)
-        schema = self.get_schema(request, view)
-        if len(search_query) == 0 or not self.enabled:
-            return super().filter_queryset(request, queryset, view)
-        try:
-            return apply_search(queryset, search_query, schema=schema)
-        except DjangoQLError as exc:
-            LOGGER.debug("Failed to parse search expression", exc=exc)
-            return super().filter_queryset(request, queryset, view)

authentik/enterprise/search/schema.py

@@ -1,29 +0,0 @@
-from djangoql.serializers import DjangoQLSchemaSerializer
-from drf_spectacular.generators import SchemaGenerator
-
-from authentik.api.schema import create_component
-from authentik.enterprise.search.fields import JSONSearchField
-from authentik.enterprise.search.ql import AUTOCOMPLETE_COMPONENT_NAME, AUTOCOMPLETE_SCHEMA
-
-
-class AKQLSchemaSerializer(DjangoQLSchemaSerializer):
-    def serialize(self, schema):
-        serialization = super().serialize(schema)
-        for _, fields in schema.models.items():
-            for _, field in fields.items():
-                if not isinstance(field, JSONSearchField):
-                    continue
-                serialization["models"].update(field.get_nested_options())
-        return serialization
-
-    def serialize_field(self, field):
-        result = super().serialize_field(field)
-        if isinstance(field, JSONSearchField):
-            result["relation"] = field.relation()
-        return result
-
-
-def postprocess_schema_search_autocomplete(result, generator: SchemaGenerator, **kwargs):
-    create_component(generator, AUTOCOMPLETE_COMPONENT_NAME, AUTOCOMPLETE_SCHEMA)
-
-    return result

authentik/enterprise/search/settings.py

@@ -1,17 +0,0 @@
-SPECTACULAR_SETTINGS = {
-    "POSTPROCESSING_HOOKS": [
-        "authentik.api.schema.postprocess_schema_responses",
-        "authentik.enterprise.search.schema.postprocess_schema_search_autocomplete",
-        "drf_spectacular.hooks.postprocess_schema_enums",
-    ],
-}
-
-REST_FRAMEWORK = {
-    "DEFAULT_PAGINATION_CLASS": "authentik.enterprise.search.pagination.AutocompletePagination",
-    "DEFAULT_FILTER_BACKENDS": [
-        "authentik.enterprise.search.ql.QLSearch",
-        "authentik.rbac.filters.ObjectFilter",
-        "django_filters.rest_framework.DjangoFilterBackend",
-        "rest_framework.filters.OrderingFilter",
-    ],
-}

authentik/enterprise/search/tests.py

@@ -1,78 +0,0 @@
-from json import loads
-from unittest.mock import PropertyMock, patch
-from urllib.parse import urlencode
-
-from django.urls import reverse
-from rest_framework.test import APITestCase
-
-from authentik.core.tests.utils import create_test_admin_user
-
-
-@patch(
-    "authentik.enterprise.audit.middleware.EnterpriseAuditMiddleware.enabled",
-    PropertyMock(return_value=True),
-)
-class QLTest(APITestCase):
-
-    def setUp(self):
-        self.user = create_test_admin_user()
-        # ensure we have more than 1 user
-        create_test_admin_user()
-
-    def test_search(self):
-        """Test simple search query"""
-        self.client.force_login(self.user)
-        query = f'username = "{self.user.username}"'
-        res = self.client.get(
-            reverse(
-                "authentik_api:user-list",
-            )
-            + f"?{urlencode({"search": query})}"
-        )
-        self.assertEqual(res.status_code, 200)
-        content = loads(res.content)
-        self.assertEqual(content["pagination"]["count"], 1)
-        self.assertEqual(content["results"][0]["username"], self.user.username)
-
-    def test_no_search(self):
-        """Ensure works with no search query"""
-        self.client.force_login(self.user)
-        res = self.client.get(
-            reverse(
-                "authentik_api:user-list",
-            )
-        )
-        self.assertEqual(res.status_code, 200)
-        content = loads(res.content)
-        self.assertNotEqual(content["pagination"]["count"], 1)
-
-    def test_search_no_ql(self):
-        """Test simple search query (no QL)"""
-        self.client.force_login(self.user)
-        res = self.client.get(
-            reverse(
-                "authentik_api:user-list",
-            )
-            + f"?{urlencode({"search": self.user.username})}"
-        )
-        self.assertEqual(res.status_code, 200)
-        content = loads(res.content)
-        self.assertGreaterEqual(content["pagination"]["count"], 1)
-        self.assertEqual(content["results"][0]["username"], self.user.username)
-
-    def test_search_json(self):
-        """Test search query with a JSON attribute"""
-        self.user.attributes = {"foo": {"bar": "baz"}}
-        self.user.save()
-        self.client.force_login(self.user)
-        query = 'attributes.foo.bar = "baz"'
-        res = self.client.get(
-            reverse(
-                "authentik_api:user-list",
-            )
-            + f"?{urlencode({"search": query})}"
-        )
-        self.assertEqual(res.status_code, 200)
-        content = loads(res.content)
-        self.assertEqual(content["pagination"]["count"], 1)
-        self.assertEqual(content["results"][0]["username"], self.user.username)

authentik/enterprise/settings.py

@@ -18,7 +18,6 @@ TENANT_APPS = [
     "authentik.enterprise.providers.google_workspace",
     "authentik.enterprise.providers.microsoft_entra",
     "authentik.enterprise.providers.ssf",
-    "authentik.enterprise.search",
     "authentik.enterprise.stages.authenticator_endpoint_gdtc",
     "authentik.enterprise.stages.mtls",
     "authentik.enterprise.stages.source",

authentik/events/api/events.py

@@ -132,22 +132,6 @@ class EventViewSet(ModelViewSet):
     ]
     filterset_class = EventsFilter
 
-    def get_ql_fields(self):
-        from djangoql.schema import DateTimeField, StrField
-
-        from authentik.enterprise.search.fields import ChoiceSearchField, JSONSearchField
-
-        return [
-            ChoiceSearchField(Event, "action"),
-            StrField(Event, "event_uuid"),
-            StrField(Event, "app", suggest_options=True),
-            StrField(Event, "client_ip"),
-            JSONSearchField(Event, "user", suggest_nested=False),
-            JSONSearchField(Event, "brand", suggest_nested=False),
-            JSONSearchField(Event, "context", suggest_nested=False),
-            DateTimeField(Event, "created", suggest_options=True),
-        ]
-
     @extend_schema(
         methods=["GET"],
         responses={200: EventTopPerUserSerializer(many=True)},

authentik/events/api/notification_rules.py

@@ -11,7 +11,7 @@ from authentik.events.models import NotificationRule
 class NotificationRuleSerializer(ModelSerializer):
     """NotificationRule Serializer"""
 
-    destination_group_obj = GroupSerializer(read_only=True, source="destination_group")
+    group_obj = GroupSerializer(read_only=True, source="group")
 
     class Meta:
         model = NotificationRule
@@ -20,9 +20,8 @@ class NotificationRuleSerializer(ModelSerializer):
             "name",
             "transports",
             "severity",
-            "destination_group",
-            "destination_group_obj",
-            "destination_event_user",
+            "group",
+            "group_obj",
         ]
 
 
@@ -31,6 +30,6 @@ class NotificationRuleViewSet(UsedByMixin, ModelViewSet):
 
     queryset = NotificationRule.objects.all()
     serializer_class = NotificationRuleSerializer
-    filterset_fields = ["name", "severity", "destination_group__name"]
+    filterset_fields = ["name", "severity", "group__name"]
     ordering = ["name"]
-    search_fields = ["name", "destination_group__name"]
+    search_fields = ["name", "group__name"]

authentik/events/context_processors/mmdb.py

@@ -15,13 +15,13 @@ class MMDBContextProcessor(EventContextProcessor):
         self.reader: Reader | None = None
         self._last_mtime: float = 0.0
         self.logger = get_logger()
-        self.load()
+        self.open()
 
     def path(self) -> str | None:
         """Get the path to the MMDB file to load"""
         raise NotImplementedError
 
-    def load(self):
+    def open(self):
         """Get GeoIP Reader, if configured, otherwise none"""
         path = self.path()
         if path == "" or not path:
@@ -44,7 +44,7 @@ class MMDBContextProcessor(EventContextProcessor):
             diff = self._last_mtime < mtime
             if diff > 0:
                 self.logger.info("Found new MMDB Database, reopening", diff=diff, path=path)
-                self.load()
+                self.open()
         except OSError as exc:
             self.logger.warning("Failed to check MMDB age", exc=exc)
 

authentik/events/migrations/0010_rename_group_notificationrule_destination_group_and_more.py

@@ -1,26 +0,0 @@
-# Generated by Django 5.1.11 on 2025-06-16 23:21
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ("authentik_events", "0009_remove_notificationtransport_webhook_mapping_and_more"),
-    ]
-
-    operations = [
-        migrations.RenameField(
-            model_name="notificationrule",
-            old_name="group",
-            new_name="destination_group",
-        ),
-        migrations.AddField(
-            model_name="notificationrule",
-            name="destination_event_user",
-            field=models.BooleanField(
-                default=False,
-                help_text="When enabled, notification will be sent to user the user that triggered the event.When destination_group is configured, notification is sent to both.",
-            ),
-        ),
-    ]

authentik/events/models.py

@@ -1,12 +1,10 @@
 """authentik events models"""
 
-from collections.abc import Generator
 from datetime import timedelta
 from difflib import get_close_matches
 from functools import lru_cache
 from inspect import currentframe
 from smtplib import SMTPException
-from typing import Any
 from uuid import uuid4
 
 from django.apps import apps
@@ -549,7 +547,7 @@ class NotificationRule(SerializerModel, PolicyBindingModel):
         default=NotificationSeverity.NOTICE,
         help_text=_("Controls which severity level the created notifications will have."),
     )
-    destination_group = models.ForeignKey(
+    group = models.ForeignKey(
         Group,
         help_text=_(
             "Define which group of users this notification should be sent and shown to. "
@@ -559,19 +557,6 @@ class NotificationRule(SerializerModel, PolicyBindingModel):
         blank=True,
         on_delete=models.SET_NULL,
     )
-    destination_event_user = models.BooleanField(
-        default=False,
-        help_text=_(
-            "When enabled, notification will be sent to user the user that triggered the event."
-            "When destination_group is configured, notification is sent to both."
-        ),
-    )
-
-    def destination_users(self, event: Event) -> Generator[User, Any]:
-        if self.destination_event_user and event.user.get("pk"):
-            yield User(pk=event.user.get("pk"))
-        if self.destination_group:
-            yield from self.destination_group.users.all()
 
     @property
     def serializer(self) -> type[Serializer]:

authentik/events/tasks.py

@@ -68,10 +68,14 @@ def event_trigger_handler(event_uuid: str, trigger_name: str):
     if not result.passing:
         return
 
+    if not trigger.group:
+        LOGGER.debug("e(trigger): trigger has no group", trigger=trigger)
+        return
+
     LOGGER.debug("e(trigger): event trigger matched", trigger=trigger)
     # Create the notification objects
     for transport in trigger.transports.all():
-        for user in trigger.destination_users(event):
+        for user in trigger.group.users.all():
             LOGGER.debug("created notification")
             notification_transport.apply_async(
                 args=[

authentik/events/tests/test_notifications.py

@@ -6,7 +6,6 @@ from django.urls import reverse
 from rest_framework.test import APITestCase
 
 from authentik.core.models import Group, User
-from authentik.core.tests.utils import create_test_user
 from authentik.events.models import (
     Event,
     EventAction,
@@ -35,7 +34,7 @@ class TestEventsNotifications(APITestCase):
     def test_trigger_empty(self):
         """Test trigger without any policies attached"""
         transport = NotificationTransport.objects.create(name=generate_id())
-        trigger = NotificationRule.objects.create(name=generate_id(), destination_group=self.group)
+        trigger = NotificationRule.objects.create(name=generate_id(), group=self.group)
         trigger.transports.add(transport)
         trigger.save()
 
@@ -47,7 +46,7 @@ class TestEventsNotifications(APITestCase):
     def test_trigger_single(self):
         """Test simple transport triggering"""
         transport = NotificationTransport.objects.create(name=generate_id())
-        trigger = NotificationRule.objects.create(name=generate_id(), destination_group=self.group)
+        trigger = NotificationRule.objects.create(name=generate_id(), group=self.group)
         trigger.transports.add(transport)
         trigger.save()
         matcher = EventMatcherPolicy.objects.create(
@@ -60,25 +59,6 @@ class TestEventsNotifications(APITestCase):
             Event.new(EventAction.CUSTOM_PREFIX).save()
         self.assertEqual(execute_mock.call_count, 1)
 
-    def test_trigger_event_user(self):
-        """Test trigger with event user"""
-        user = create_test_user()
-        transport = NotificationTransport.objects.create(name=generate_id())
-        trigger = NotificationRule.objects.create(name=generate_id(), destination_event_user=True)
-        trigger.transports.add(transport)
-        trigger.save()
-        matcher = EventMatcherPolicy.objects.create(
-            name="matcher", action=EventAction.CUSTOM_PREFIX
-        )
-        PolicyBinding.objects.create(target=trigger, policy=matcher, order=0)
-
-        execute_mock = MagicMock()
-        with patch("authentik.events.models.NotificationTransport.send", execute_mock):
-            Event.new(EventAction.CUSTOM_PREFIX).set_user(user).save()
-        self.assertEqual(execute_mock.call_count, 1)
-        notification: Notification = execute_mock.call_args[0][0]
-        self.assertEqual(notification.user, user)
-
     def test_trigger_no_group(self):
         """Test trigger without group"""
         trigger = NotificationRule.objects.create(name=generate_id())
@@ -96,7 +76,7 @@ class TestEventsNotifications(APITestCase):
         """Test Policy error which would cause recursion"""
         transport = NotificationTransport.objects.create(name=generate_id())
         NotificationRule.objects.filter(name__startswith="default").delete()
-        trigger = NotificationRule.objects.create(name=generate_id(), destination_group=self.group)
+        trigger = NotificationRule.objects.create(name=generate_id(), group=self.group)
         trigger.transports.add(transport)
         trigger.save()
         matcher = EventMatcherPolicy.objects.create(
@@ -119,7 +99,7 @@ class TestEventsNotifications(APITestCase):
 
         transport = NotificationTransport.objects.create(name=generate_id(), send_once=True)
         NotificationRule.objects.filter(name__startswith="default").delete()
-        trigger = NotificationRule.objects.create(name=generate_id(), destination_group=self.group)
+        trigger = NotificationRule.objects.create(name=generate_id(), group=self.group)
         trigger.transports.add(transport)
         trigger.save()
         matcher = EventMatcherPolicy.objects.create(
@@ -143,7 +123,7 @@ class TestEventsNotifications(APITestCase):
             name=generate_id(), webhook_mapping_body=mapping, mode=TransportMode.LOCAL
         )
         NotificationRule.objects.filter(name__startswith="default").delete()
-        trigger = NotificationRule.objects.create(name=generate_id(), destination_group=self.group)
+        trigger = NotificationRule.objects.create(name=generate_id(), group=self.group)
         trigger.transports.add(transport)
         matcher = EventMatcherPolicy.objects.create(
             name="matcher", action=EventAction.CUSTOM_PREFIX

authentik/outposts/tests/test_ws.py

@@ -1,9 +1,11 @@
 """Websocket tests"""
 
 from dataclasses import asdict
+from unittest.mock import patch
 
 from channels.routing import URLRouter
 from channels.testing import WebsocketCommunicator
+from django.contrib.contenttypes.models import ContentType
 from django.test import TransactionTestCase
 
 from authentik import __version__
@@ -14,6 +16,12 @@ from authentik.providers.proxy.models import ProxyProvider
 from authentik.root import websocket
 
 
+def patched__get_ct_cached(app_label, codename):
+    """Caches `ContentType` instances like its `QuerySet` does."""
+    return ContentType.objects.get(app_label=app_label, permission__codename=codename)
+
+
+@patch("guardian.shortcuts._get_ct_cached", patched__get_ct_cached)
 class TestOutpostWS(TransactionTestCase):
     """Websocket tests"""
 

authentik/providers/oauth2/tests/test_authorize.py

@@ -387,7 +387,8 @@ class TestAuthorize(OAuthTestCase):
             self.assertEqual(
                 response.url,
                 (
-                    f"http://localhost#id_token={provider.encode(token.id_token.to_dict())}"
+                    f"http://localhost#access_token={token.token}"
+                    f"&id_token={provider.encode(token.id_token.to_dict())}"
                     f"&token_type={TOKEN_TYPE}"
                     f"&expires_in={int(expires)}&state={state}"
                 ),
@@ -562,6 +563,7 @@ class TestAuthorize(OAuthTestCase):
                 "url": "http://localhost",
                 "title": f"Redirecting to {app.name}...",
                 "attrs": {
+                    "access_token": token.token,
                     "id_token": provider.encode(token.id_token.to_dict()),
                     "token_type": TOKEN_TYPE,
                     "expires_in": "3600",

authentik/providers/oauth2/views/authorize.py

@@ -150,12 +150,12 @@ class OAuthAuthorizationParams:
         self.check_redirect_uri()
         self.check_grant()
         self.check_scope(github_compat)
+        self.check_nonce()
+        self.check_code_challenge()
         if self.request:
             raise AuthorizeError(
                 self.redirect_uri, "request_not_supported", self.grant_type, self.state
             )
-        self.check_nonce()
-        self.check_code_challenge()
 
     def check_grant(self):
         """Check grant"""
@@ -630,6 +630,7 @@ class OAuthFulfillmentStage(StageView):
         if self.params.response_type in [
             ResponseTypes.ID_TOKEN_TOKEN,
             ResponseTypes.CODE_ID_TOKEN_TOKEN,
+            ResponseTypes.ID_TOKEN,
             ResponseTypes.CODE_TOKEN,
         ]:
             query_fragment["access_token"] = token.token

authentik/providers/rac/tests/test_endpoints_api.py

@@ -49,7 +49,6 @@ class TestEndpointsAPI(APITestCase):
         self.assertJSONEqual(
             response.content.decode(),
             {
-                "autocomplete": {},
                 "pagination": {
                     "next": 0,
                     "previous": 0,
@@ -102,7 +101,6 @@ class TestEndpointsAPI(APITestCase):
         self.assertJSONEqual(
             response.content.decode(),
             {
-                "autocomplete": {},
                 "pagination": {
                     "next": 0,
                     "previous": 0,

authentik/providers/rac/views.py

@@ -20,9 +20,6 @@ from authentik.lib.utils.time import timedelta_from_string
 from authentik.policies.engine import PolicyEngine
 from authentik.policies.views import PolicyAccessView
 from authentik.providers.rac.models import ConnectionToken, Endpoint, RACProvider
-from authentik.stages.prompt.stage import PLAN_CONTEXT_PROMPT
-
-PLAN_CONNECTION_SETTINGS = "connection_settings"
 
 
 class RACStartView(PolicyAccessView):
@@ -112,15 +109,10 @@ class RACFinalStage(RedirectStage):
         return super().dispatch(request, *args, **kwargs)
 
     def get_challenge(self, *args, **kwargs) -> RedirectChallenge:
-        settings = self.executor.plan.context.get(PLAN_CONNECTION_SETTINGS)
-        if not settings:
-            settings = self.executor.plan.context.get(PLAN_CONTEXT_PROMPT, {}).get(
-                PLAN_CONNECTION_SETTINGS
-            )
         token = ConnectionToken.objects.create(
             provider=self.provider,
             endpoint=self.endpoint,
-            settings=settings or {},
+            settings=self.executor.plan.context.get("connection_settings", {}),
             session=self.request.session["authenticatedsession"],
             expires=now() + timedelta_from_string(self.provider.connection_expiry),
             expiring=True,

authentik/rbac/tests/test_api_assigned_by_roles.py

@@ -44,7 +44,6 @@ class TestRBACRoleAPI(APITestCase):
         self.assertJSONEqual(
             res.content.decode(),
             {
-                "autocomplete": {},
                 "pagination": {
                     "next": 0,
                     "previous": 0,

authentik/rbac/tests/test_api_assigned_by_users.py

@@ -46,7 +46,6 @@ class TestRBACUserAPI(APITestCase):
         self.assertJSONEqual(
             res.content.decode(),
             {
-                "autocomplete": {},
                 "pagination": {
                     "next": 0,
                     "previous": 0,

authentik/rbac/tests/test_api_filters.py

@@ -38,7 +38,6 @@ class TestAPIPerms(APITestCase):
         self.assertJSONEqual(
             res.content.decode(),
             {
-                "autocomplete": {},
                 "pagination": {
                     "next": 0,
                     "previous": 0,
@@ -74,7 +73,6 @@ class TestAPIPerms(APITestCase):
         self.assertJSONEqual(
             res.content.decode(),
             {
-                "autocomplete": {},
                 "pagination": {
                     "next": 0,
                     "previous": 0,

authentik/root/asgi.py

@@ -9,14 +9,13 @@ https://docs.djangoproject.com/en/3.0/howto/deployment/asgi/
 
 import django
 from channels.routing import ProtocolTypeRouter, URLRouter
+from defusedxml import defuse_stdlib
 from django.core.asgi import get_asgi_application
 from sentry_sdk.integrations.asgi import SentryAsgiMiddleware
 
-from authentik.root.setup import setup
-
 # DJANGO_SETTINGS_MODULE is set in gunicorn.conf.py
 
-setup()
+defuse_stdlib()
 django.setup()
 
 

authentik/root/settings.py

@@ -446,8 +446,6 @@ _DISALLOWED_ITEMS = [
     "MIDDLEWARE",
     "AUTHENTICATION_BACKENDS",
     "CELERY",
-    "SPECTACULAR_SETTINGS",
-    "REST_FRAMEWORK",
 ]
 
 SILENCED_SYSTEM_CHECKS = [
@@ -470,8 +468,6 @@ def _update_settings(app_path: str):
         TENANT_APPS.extend(getattr(settings_module, "TENANT_APPS", []))
         MIDDLEWARE.extend(getattr(settings_module, "MIDDLEWARE", []))
         AUTHENTICATION_BACKENDS.extend(getattr(settings_module, "AUTHENTICATION_BACKENDS", []))
-        SPECTACULAR_SETTINGS.update(getattr(settings_module, "SPECTACULAR_SETTINGS", {}))
-        REST_FRAMEWORK.update(getattr(settings_module, "REST_FRAMEWORK", {}))
         CELERY["beat_schedule"].update(getattr(settings_module, "CELERY_BEAT_SCHEDULE", {}))
         for _attr in dir(settings_module):
             if not _attr.startswith("__") and _attr not in _DISALLOWED_ITEMS:

authentik/root/setup.py

@@ -1,26 +0,0 @@
-import os
-import warnings
-
-from cryptography.hazmat.backends.openssl.backend import backend
-from defusedxml import defuse_stdlib
-
-from authentik.lib.config import CONFIG
-
-
-def setup():
-    warnings.filterwarnings("ignore", "SelectableGroups dict interface")
-    warnings.filterwarnings(
-        "ignore",
-        "defusedxml.lxml is no longer supported and will be removed in a future release.",
-    )
-    warnings.filterwarnings(
-        "ignore",
-        "defusedxml.cElementTree is deprecated, import from defusedxml.ElementTree instead.",
-    )
-
-    defuse_stdlib()
-
-    if CONFIG.get_bool("compliance.fips.enabled", False):
-        backend._enable_fips()
-
-    os.environ.setdefault("DJANGO_SETTINGS_MODULE", "authentik.root.settings")

authentik/root/test_runner.py

@@ -3,40 +3,21 @@
 import os
 from argparse import ArgumentParser
 from unittest import TestCase
-from unittest.mock import patch
 
 import pytest
 from django.conf import settings
-from django.contrib.contenttypes.models import ContentType
 from django.test.runner import DiscoverRunner
 from structlog.stdlib import get_logger
 
-from authentik.events.context_processors.asn import ASN_CONTEXT_PROCESSOR
-from authentik.events.context_processors.geoip import GEOIP_CONTEXT_PROCESSOR
 from authentik.lib.config import CONFIG
 from authentik.lib.sentry import sentry_init
 from authentik.root.signals import post_startup, pre_startup, startup
+from tests.e2e.utils import get_docker_tag
 
 # globally set maxDiff to none to show full assert error
 TestCase.maxDiff = None
 
 
-def get_docker_tag() -> str:
-    """Get docker-tag based off of CI variables"""
-    env_pr_branch = "GITHUB_HEAD_REF"
-    default_branch = "GITHUB_REF"
-    branch_name = os.environ.get(default_branch, "main")
-    if os.environ.get(env_pr_branch, "") != "":
-        branch_name = os.environ[env_pr_branch]
-    branch_name = branch_name.replace("refs/heads/", "").replace("/", "-")
-    return f"gh-{branch_name}"
-
-
-def patched__get_ct_cached(app_label, codename):
-    """Caches `ContentType` instances like its `QuerySet` does."""
-    return ContentType.objects.get(app_label=app_label, permission__codename=codename)
-
-
 class PytestTestRunner(DiscoverRunner):  # pragma: no cover
     """Runs pytest to discover and run tests."""
 
@@ -78,9 +59,6 @@ class PytestTestRunner(DiscoverRunner):  # pragma: no cover
         for key, value in test_config.items():
             CONFIG.set(key, value)
 
-        ASN_CONTEXT_PROCESSOR.load()
-        GEOIP_CONTEXT_PROCESSOR.load()
-
         sentry_init()
         self.logger.debug("Test environment configured")
 
@@ -171,9 +149,8 @@ class PytestTestRunner(DiscoverRunner):  # pragma: no cover
                 return 1
 
         self.logger.info("Running tests", test_files=self.args)
-        with patch("guardian.shortcuts._get_ct_cached", patched__get_ct_cached):
-            try:
-                return pytest.main(self.args)
-            except Exception as e:
-                self.logger.error("Error running tests", error=str(e), test_files=self.args)
-                return 1
+        try:
+            return pytest.main(self.args)
+        except Exception as e:
+            self.logger.error("Error running tests", error=str(e), test_files=self.args)
+            return 1

authentik/sources/ldap/tasks.py

@@ -71,31 +71,37 @@ def ldap_sync_single(source_pk: str):
             return
         # Delete all sync tasks from the cache
         DBSystemTask.objects.filter(name="ldap_sync", uid__startswith=source.slug).delete()
-
-        # The order of these operations needs to be preserved as each depends on the previous one(s)
-        # 1. User and group sync can happen simultaneously
-        # 2. Membership sync needs to run afterwards
-        # 3. Finally, user and group deletions can happen simultaneously
-        user_group_sync = ldap_sync_paginator(source, UserLDAPSynchronizer) + ldap_sync_paginator(
-            source, GroupLDAPSynchronizer
+        task = chain(
+            # User and group sync can happen at once, they have no dependencies on each other
+            group(
+                ldap_sync_paginator(source, UserLDAPSynchronizer)
+                + ldap_sync_paginator(source, GroupLDAPSynchronizer),
+            ),
+            # Membership sync needs to run afterwards
+            group(
+                ldap_sync_paginator(source, MembershipLDAPSynchronizer),
+            ),
+            # Finally, deletions. What we'd really like to do here is something like
+            # ```
+            # user_identifiers = <ldap query>
+            # User.objects.exclude(
+            #     usersourceconnection__identifier__in=user_uniqueness_identifiers,
+            # ).delete()
+            # ```
+            # This runs into performance issues in large installations. So instead we spread the
+            # work out into three steps:
+            # 1. Get every object from the LDAP source.
+            # 2. Mark every object as "safe" in the database. This is quick, but any error could
+            #    mean deleting users which should not be deleted, so we do it immediately, in
+            #    large chunks, and only queue the deletion step afterwards.
+            # 3. Delete every unmarked item. This is slow, so we spread it over many tasks in
+            #    small chunks.
+            group(
+                ldap_sync_paginator(source, UserLDAPForwardDeletion)
+                + ldap_sync_paginator(source, GroupLDAPForwardDeletion),
+            ),
         )
-        membership_sync = ldap_sync_paginator(source, MembershipLDAPSynchronizer)
-        user_group_deletion = ldap_sync_paginator(
-            source, UserLDAPForwardDeletion
-        ) + ldap_sync_paginator(source, GroupLDAPForwardDeletion)
-
-        # Celery is buggy with empty groups, so we are careful only to add non-empty groups.
-        # See https://github.com/celery/celery/issues/9772
-        task_groups = []
-        if user_group_sync:
-            task_groups.append(group(user_group_sync))
-        if membership_sync:
-            task_groups.append(group(membership_sync))
-        if user_group_deletion:
-            task_groups.append(group(user_group_deletion))
-
-        all_tasks = chain(task_groups)
-        all_tasks()
+        task()
 
 
 def ldap_sync_paginator(source: LDAPSource, sync: type[BaseLDAPSynchronizer]) -> list:

authentik/stages/user_login/middleware.py

@@ -101,9 +101,9 @@ class BoundSessionMiddleware(SessionMiddleware):
             SESSION_KEY_BINDING_GEO, GeoIPBinding.NO_BINDING
         )
         if configured_binding_net != NetworkBinding.NO_BINDING:
-            BoundSessionMiddleware.recheck_session_net(configured_binding_net, last_ip, new_ip)
+            self.recheck_session_net(configured_binding_net, last_ip, new_ip)
         if configured_binding_geo != GeoIPBinding.NO_BINDING:
-            BoundSessionMiddleware.recheck_session_geo(configured_binding_geo, last_ip, new_ip)
+            self.recheck_session_geo(configured_binding_geo, last_ip, new_ip)
         # If we got to this point without any error being raised, we need to
         # update the last saved IP to the current one
         if SESSION_KEY_BINDING_NET in request.session or SESSION_KEY_BINDING_GEO in request.session:
@@ -111,8 +111,7 @@ class BoundSessionMiddleware(SessionMiddleware):
             # (== basically requires the user to be logged in)
             request.session[request.session.model.Keys.LAST_IP] = new_ip
 
-    @staticmethod
-    def recheck_session_net(binding: NetworkBinding, last_ip: str, new_ip: str):
+    def recheck_session_net(self, binding: NetworkBinding, last_ip: str, new_ip: str):
         """Check network/ASN binding"""
         last_asn = ASN_CONTEXT_PROCESSOR.asn(last_ip)
         new_asn = ASN_CONTEXT_PROCESSOR.asn(new_ip)
@@ -159,8 +158,7 @@ class BoundSessionMiddleware(SessionMiddleware):
                     new_ip,
                 )
 
-    @staticmethod
-    def recheck_session_geo(binding: GeoIPBinding, last_ip: str, new_ip: str):
+    def recheck_session_geo(self, binding: GeoIPBinding, last_ip: str, new_ip: str):
         """Check GeoIP binding"""
         last_geo = GEOIP_CONTEXT_PROCESSOR.city(last_ip)
         new_geo = GEOIP_CONTEXT_PROCESSOR.city(new_ip)
@@ -181,8 +179,8 @@ class BoundSessionMiddleware(SessionMiddleware):
             if last_geo.continent != new_geo.continent:
                 raise SessionBindingBroken(
                     "geoip.continent",
-                    last_geo.continent.to_dict(),
-                    new_geo.continent.to_dict(),
+                    last_geo.continent,
+                    new_geo.continent,
                     last_ip,
                     new_ip,
                 )
@@ -194,8 +192,8 @@ class BoundSessionMiddleware(SessionMiddleware):
             if last_geo.country != new_geo.country:
                 raise SessionBindingBroken(
                     "geoip.country",
-                    last_geo.country.to_dict(),
-                    new_geo.country.to_dict(),
+                    last_geo.country,
+                    new_geo.country,
                     last_ip,
                     new_ip,
                 )
@@ -204,8 +202,8 @@ class BoundSessionMiddleware(SessionMiddleware):
             if last_geo.city != new_geo.city:
                 raise SessionBindingBroken(
                     "geoip.city",
-                    last_geo.city.to_dict(),
-                    new_geo.city.to_dict(),
+                    last_geo.city,
+                    new_geo.city,
                     last_ip,
                     new_ip,
                 )

authentik/stages/user_login/tests.py

@@ -3,7 +3,6 @@
 from time import sleep
 from unittest.mock import patch
 
-from django.http import HttpRequest
 from django.urls import reverse
 from django.utils.timezone import now
 
@@ -18,12 +17,7 @@ from authentik.flows.views.executor import SESSION_KEY_PLAN
 from authentik.lib.generators import generate_id
 from authentik.lib.utils.time import timedelta_from_string
 from authentik.root.middleware import ClientIPMiddleware
-from authentik.stages.user_login.middleware import (
-    BoundSessionMiddleware,
-    SessionBindingBroken,
-    logout_extra,
-)
-from authentik.stages.user_login.models import GeoIPBinding, NetworkBinding, UserLoginStage
+from authentik.stages.user_login.models import UserLoginStage
 
 
 class TestUserLoginStage(FlowTestCase):
@@ -198,52 +192,3 @@ class TestUserLoginStage(FlowTestCase):
         self.assertStageRedirects(response, reverse("authentik_core:root-redirect"))
         response = self.client.get(reverse("authentik_api:application-list"))
         self.assertEqual(response.status_code, 403)
-
-    def test_binding_net_break_log(self):
-        """Test logout_extra with exception"""
-        # IPs from https://github.com/maxmind/MaxMind-DB/blob/main/source-data/GeoLite2-ASN-Test.json
-        for args, expect in [
-            [[NetworkBinding.BIND_ASN, "8.8.8.8", "8.8.8.8"], ["network.missing"]],
-            [[NetworkBinding.BIND_ASN, "1.0.0.1", "1.128.0.1"], ["network.asn"]],
-            [
-                [NetworkBinding.BIND_ASN_NETWORK, "12.81.96.1", "12.81.128.1"],
-                ["network.asn_network"],
-            ],
-            [[NetworkBinding.BIND_ASN_NETWORK_IP, "1.0.0.1", "1.0.0.2"], ["network.ip"]],
-        ]:
-            with self.subTest(args[0]):
-                with self.assertRaises(SessionBindingBroken) as cm:
-                    BoundSessionMiddleware.recheck_session_net(*args)
-                self.assertEqual(cm.exception.reason, expect[0])
-                # Ensure the request can be logged without throwing errors
-                self.client.force_login(self.user)
-                request = HttpRequest()
-                request.session = self.client.session
-                request.user = self.user
-                logout_extra(request, cm.exception)
-
-    def test_binding_geo_break_log(self):
-        """Test logout_extra with exception"""
-        # IPs from https://github.com/maxmind/MaxMind-DB/blob/main/source-data/GeoLite2-City-Test.json
-        for args, expect in [
-            [[GeoIPBinding.BIND_CONTINENT, "8.8.8.8", "8.8.8.8"], ["geoip.missing"]],
-            [[GeoIPBinding.BIND_CONTINENT, "2.125.160.216", "67.43.156.1"], ["geoip.continent"]],
-            [
-                [GeoIPBinding.BIND_CONTINENT_COUNTRY, "81.2.69.142", "89.160.20.112"],
-                ["geoip.country"],
-            ],
-            [
-                [GeoIPBinding.BIND_CONTINENT_COUNTRY_CITY, "2.125.160.216", "81.2.69.142"],
-                ["geoip.city"],
-            ],
-        ]:
-            with self.subTest(args[0]):
-                with self.assertRaises(SessionBindingBroken) as cm:
-                    BoundSessionMiddleware.recheck_session_geo(*args)
-                self.assertEqual(cm.exception.reason, expect[0])
-                # Ensure the request can be logged without throwing errors
-                self.client.force_login(self.user)
-                request = HttpRequest()
-                request.session = self.client.session
-                request.user = self.user
-                logout_extra(request, cm.exception)

docker-compose.yml

@@ -31,7 +31,7 @@ services:
     volumes:
       - redis:/data
   server:
-    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.6.2}
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.6.1}
     restart: unless-stopped
     command: server
     environment:
@@ -55,7 +55,7 @@ services:
       redis:
         condition: service_healthy
   worker:
-    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.6.2}
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.6.1}
     restart: unless-stopped
     command: worker
     environment:

go.mod

@@ -18,7 +18,7 @@ require (
 	github.com/gorilla/sessions v1.4.0
 	github.com/gorilla/websocket v1.5.3
 	github.com/grafana/pyroscope-go v1.2.2
-	github.com/jellydator/ttlcache/v3 v3.4.0
+	github.com/jellydator/ttlcache/v3 v3.3.0
 	github.com/mitchellh/mapstructure v1.5.0
 	github.com/nmcclain/asn1-ber v0.0.0-20170104154839-2661553a0484
 	github.com/pires/go-proxyproto v0.8.1
@@ -29,7 +29,7 @@ require (
 	github.com/spf13/cobra v1.9.1
 	github.com/stretchr/testify v1.10.0
 	github.com/wwt/guac v1.3.2
-	goauthentik.io/api/v3 v3.2025062.3
+	goauthentik.io/api/v3 v3.2025061.2
 	golang.org/x/exp v0.0.0-20230210204819-062eb4c674ab
 	golang.org/x/oauth2 v0.30.0
 	golang.org/x/sync v0.15.0

go.sum

@@ -203,8 +203,8 @@ github.com/jcmturner/gokrb5/v8 v8.4.4 h1:x1Sv4HaTpepFkXbt2IkL29DXRf8sOfZXo8eRKh6
 github.com/jcmturner/gokrb5/v8 v8.4.4/go.mod h1:1btQEpgT6k+unzCwX1KdWMEwPPkkgBtP+F6aCACiMrs=
 github.com/jcmturner/rpc/v2 v2.0.3 h1:7FXXj8Ti1IaVFpSAziCZWNzbNuZmnvw/i6CqLNdWfZY=
 github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJki3ELg/Hc=
-github.com/jellydator/ttlcache/v3 v3.4.0 h1:YS4P125qQS0tNhtL6aeYkheEaB/m8HCqdMMP4mnWdTY=
-github.com/jellydator/ttlcache/v3 v3.4.0/go.mod h1:Hw9EgjymziQD3yGsQdf1FqFdpp7YjFMd4Srg5EJlgD4=
+github.com/jellydator/ttlcache/v3 v3.3.0 h1:BdoC9cE81qXfrxeb9eoJi9dWrdhSuwXMAnHTbnBm4Wc=
+github.com/jellydator/ttlcache/v3 v3.3.0/go.mod h1:bj2/e0l4jRnQdrnSTaGTsh4GSXvMjQcy41i7th0GVGw=
 github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
 github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
 github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
@@ -298,8 +298,8 @@ go.opentelemetry.io/otel/trace v1.24.0 h1:CsKnnL4dUAr/0llH9FKuc698G04IrpWV0MQA/Y
 go.opentelemetry.io/otel/trace v1.24.0/go.mod h1:HPc3Xr/cOApsBI154IU0OI0HJexz+aw5uPdbs3UCjNU=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
 go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
-goauthentik.io/api/v3 v3.2025062.3 h1:syBOKigaHyX/8Rwmh9kOSF+TzsxOzmP5i7rsFwbemzA=
-goauthentik.io/api/v3 v3.2025062.3/go.mod h1:zz+mEZg8rY/7eEjkMGWJ2DnGqk+zqxuybGCGrR2O4Kw=
+goauthentik.io/api/v3 v3.2025061.2 h1:bKmrl82Gz6J8lz3f+QIH9g+MEkl3MvkMXF34GktesA0=
+goauthentik.io/api/v3 v3.2025061.2/go.mod h1:zz+mEZg8rY/7eEjkMGWJ2DnGqk+zqxuybGCGrR2O4Kw=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=

internal/constants/constants.go

@@ -33,4 +33,4 @@ func UserAgent() string {
 	return fmt.Sprintf("authentik@%s", FullVersion())
 }
 
-const VERSION = "2025.6.2"
+const VERSION = "2025.6.1"

lifecycle/aws/package-lock.json

@@ -9,7 +9,7 @@
             "version": "0.0.0",
             "license": "MIT",
             "devDependencies": {
-                "aws-cdk": "^2.1019.1",
+                "aws-cdk": "^2.1018.0",
                 "cross-env": "^7.0.3"
             },
             "engines": {
@@ -17,9 +17,9 @@
             }
         },
         "node_modules/aws-cdk": {
-            "version": "2.1019.1",
-            "resolved": "https://registry.npmjs.org/aws-cdk/-/aws-cdk-2.1019.1.tgz",
-            "integrity": "sha512-G2jxKuTsYTrYZX80CDApCrKcZ+AuFxxd+b0dkb0KEkfUsela7RqrDGLm5wOzSCIc3iH6GocR8JDVZuJ+0nNuKg==",
+            "version": "2.1018.0",
+            "resolved": "https://registry.npmjs.org/aws-cdk/-/aws-cdk-2.1018.0.tgz",
+            "integrity": "sha512-sppVsNtFJTW4wawS/PBudHCSNHb8xwaZ2WX1mpsfwaPNyTWm0eSUVJsRbRiRBu9O/Us8pgrd4woUjfM1lgD7Kw==",
             "dev": true,
             "license": "Apache-2.0",
             "bin": {

lifecycle/aws/package.json

@@ -10,7 +10,7 @@
         "node": ">=20"
     },
     "devDependencies": {
-        "aws-cdk": "^2.1019.1",
+        "aws-cdk": "^2.1018.0",
         "cross-env": "^7.0.3"
     }
 }

lifecycle/aws/template.yaml

@@ -26,7 +26,7 @@ Parameters:
     Description: authentik Docker image
   AuthentikVersion:
     Type: String
-    Default: 2025.6.2
+    Default: 2025.6.1
     Description: authentik Docker image tag
   AuthentikServerCPU:
     Type: Number

lifecycle/gunicorn.conf.py

@@ -7,6 +7,8 @@ from pathlib import Path
 from tempfile import gettempdir
 from typing import TYPE_CHECKING
 
+from cryptography.hazmat.backends.openssl.backend import backend
+from defusedxml import defuse_stdlib
 from prometheus_client.values import MultiProcessValue
 
 from authentik import get_full_version
@@ -16,7 +18,6 @@ from authentik.lib.logging import get_logger_config
 from authentik.lib.utils.http import get_http_session
 from authentik.lib.utils.reflection import get_env
 from authentik.root.install_id import get_install_id_raw
-from authentik.root.setup import setup
 from lifecycle.migrate import run_migrations
 from lifecycle.wait_for_db import wait_for_db
 from lifecycle.worker import DjangoUvicornWorker
@@ -27,7 +28,10 @@ if TYPE_CHECKING:
 
     from authentik.root.asgi import AuthentikAsgi
 
-setup()
+defuse_stdlib()
+
+if CONFIG.get_bool("compliance.fips.enabled", False):
+    backend._enable_fips()
 
 wait_for_db()
 

locale/en/LC_MESSAGES/django.po

@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2025-06-19 00:10+0000\n"
+"POT-Creation-Date: 2025-06-04 00:12+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -763,12 +763,6 @@ msgid ""
 "If left empty, Notification won't ben sent."
 msgstr ""
 
-#: authentik/events/models.py
-msgid ""
-"When enabled, notification will be sent to user the user that triggered the "
-"event.When destination_group is configured, notification is sent to both."
-msgstr ""
-
 #: authentik/events/models.py
 msgid "Notification Rule"
 msgstr ""

locale/es/LC_MESSAGES/django.po

@@ -6,18 +6,18 @@
 # Translators:
 # jcamat, 2022
 # Angel, 2024
+# Iamanaws, 2024
 # Marcelo Elizeche Landó, 2025
 # Jens L. <jens@goauthentik.io>, 2025
-# Iamanaws, 2025
 # 
 #, fuzzy
 msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2025-06-04 00:12+0000\n"
+"POT-Creation-Date: 2025-05-28 11:25+0000\n"
 "PO-Revision-Date: 2022-09-26 16:47+0000\n"
-"Last-Translator: Iamanaws, 2025\n"
+"Last-Translator: Jens L. <jens@goauthentik.io>, 2025\n"
 "Language-Team: Spanish (https://app.transifex.com/authentik/teams/119923/es/)\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
@@ -111,7 +111,7 @@ msgstr "Certificado Web usado por el servidor web Core de authentik"
 
 #: authentik/brands/models.py
 msgid "Certificates used for client authentication."
-msgstr "Certificados utilizados para la autenticación del cliente."
+msgstr ""
 
 #: authentik/brands/models.py
 msgid "Brand"
@@ -131,7 +131,7 @@ msgstr "Descripción adicional no disponible."
 
 #: authentik/core/api/groups.py
 msgid "Cannot set group as parent of itself."
-msgstr "No se puede establecer un grupo como su propio padre."
+msgstr "No se puede establecer el grupo como padre de sí mismo."
 
 #: authentik/core/api/providers.py
 msgid ""
@@ -183,11 +183,11 @@ msgstr "Remueve usuario del grupo"
 
 #: authentik/core/models.py
 msgid "Enable superuser status"
-msgstr "Habilitar el estado de superusuario"
+msgstr "Habiliar estado de \"superusuario\""
 
 #: authentik/core/models.py
 msgid "Disable superuser status"
-msgstr "Deshabilitar el estado de superusuario"
+msgstr "Deshabiliar estado de \"superusuario\""
 
 #: authentik/core/models.py
 msgid "User's display name."
@@ -241,7 +241,7 @@ msgstr "Flujo utilizado al autorizar a este proveedor."
 
 #: authentik/core/models.py
 msgid "Flow used ending the session from a provider."
-msgstr "Flujo utilizado para finalizar la sesión desde un proveedor."
+msgstr "Flujo usado para terminar la sesión de un proveedor."
 
 #: authentik/core/models.py
 msgid ""
@@ -273,11 +273,11 @@ msgstr "Aplicaciones"
 
 #: authentik/core/models.py
 msgid "Application Entitlement"
-msgstr "Derecho de Aplicación"
+msgstr ""
 
 #: authentik/core/models.py
 msgid "Application Entitlements"
-msgstr "Derechos de Aplicación"
+msgstr ""
 
 #: authentik/core/models.py
 msgid "Use the source-specific identifier"
@@ -288,9 +288,9 @@ msgid ""
 "Link to a user with identical email address. Can have security implications "
 "when a source doesn't validate email addresses."
 msgstr ""
-"Enlace a un usuario con la misma dirección de correo electrónico. Puede "
-"tener implicaciones de seguridad cuando una fuente no valida las direcciones"
-" de correo electrónico."
+"Apunta a un usuario con una dirección de correo electrónico idéntica. Puede "
+"tener implicaciones de seguridad cuando una fuente no valida la dirección de"
+" correo electrónico."
 
 #: authentik/core/models.py
 msgid ""
@@ -305,8 +305,8 @@ msgid ""
 "Link to a user with identical username. Can have security implications when "
 "a username is used with another source."
 msgstr ""
-"Enlace a un usuario con el mismo nombre de usuario. Puede tener "
-"implicaciones de seguridad cuando un nombre de usuario se utiliza con otra "
+"Enlace a un usuario con un nombre de usuario idéntico. Puede tener "
+"implicaciones de seguridad cuando se usa un nombre de usuario con otra "
 "fuente."
 
 #: authentik/core/models.py
@@ -322,8 +322,8 @@ msgid ""
 "Link to a group with identical name. Can have security implications when a "
 "group name is used with another source."
 msgstr ""
-"Enlace a un grupo con el mismo nombre. Puede tener implicaciones de "
-"seguridad cuando un nombre de grupo se utiliza con otra fuente."
+"Enlace a un grupo con un nombre idéntico. Puede tener implicaciones de "
+"seguridad cuando se utiliza un nombre de grupo con otra fuente."
 
 #: authentik/core/models.py
 msgid "Use the group name, but deny enrollment when the name already exists."
@@ -385,7 +385,7 @@ msgstr "Asignaciones de Propiedades"
 
 #: authentik/core/models.py
 msgid "session data"
-msgstr "datos de sesión"
+msgstr ""
 
 #: authentik/core/models.py
 msgid "Session"
@@ -424,7 +424,7 @@ msgstr "¡Autenticado exitosamente con {source}!"
 #: authentik/core/sources/flow_manager.py
 #, python-brace-format
 msgid "Successfully linked {source}!"
-msgstr "¡{source} enlazado correctamente!"
+msgstr "¡{source} vinculado exitosamente!"
 
 #: authentik/core/sources/flow_manager.py
 msgid "Source is not configured for enrollment."
@@ -476,11 +476,11 @@ msgstr ""
 
 #: authentik/crypto/models.py
 msgid "Certificate-Key Pair"
-msgstr "Par Certificado-Clave"
+msgstr "Par de claves de certificado"
 
 #: authentik/crypto/models.py
 msgid "Certificate-Key Pairs"
-msgstr "Pares Certificado-Clave"
+msgstr "Pares de claves de certificado"
 
 #: authentik/enterprise/api.py
 msgid "Enterprise is required to create/update this object."
@@ -511,7 +511,7 @@ msgstr ""
 
 #: authentik/enterprise/policies/unique_password/models.py
 msgid "Number of passwords to check against."
-msgstr "Número de contraseñas contra las que verificar."
+msgstr ""
 
 #: authentik/enterprise/policies/unique_password/models.py
 #: authentik/policies/password/models.py
@@ -521,20 +521,18 @@ msgstr "La contraseña no se ha establecido en contexto"
 #: authentik/enterprise/policies/unique_password/models.py
 msgid "This password has been used previously. Please choose a different one."
 msgstr ""
-"Esta contraseña se ha utilizado anteriormente. Por favor, elija una "
-"diferente."
 
 #: authentik/enterprise/policies/unique_password/models.py
 msgid "Password Uniqueness Policy"
-msgstr "Política de Unicidad de Contraseñas"
+msgstr ""
 
 #: authentik/enterprise/policies/unique_password/models.py
 msgid "Password Uniqueness Policies"
-msgstr "Políticas de Unicidad de Contraseñas"
+msgstr ""
 
 #: authentik/enterprise/policies/unique_password/models.py
 msgid "User Password History"
-msgstr "Historial de Contraseñas del Usuario"
+msgstr ""
 
 #: authentik/enterprise/policy.py
 msgid "Enterprise required to access this feature."
@@ -619,39 +617,39 @@ msgstr "Clave de firma"
 
 #: authentik/enterprise/providers/ssf/models.py
 msgid "Key used to sign the SSF Events."
-msgstr "Clave utilizada para firmar los eventos SSF."
+msgstr ""
 
 #: authentik/enterprise/providers/ssf/models.py
 msgid "Shared Signals Framework Provider"
-msgstr "Proveedor del Marco de Señales Compartidas"
+msgstr ""
 
 #: authentik/enterprise/providers/ssf/models.py
 msgid "Shared Signals Framework Providers"
-msgstr "Proveedores del Marco de Señales Compartidas"
+msgstr ""
 
 #: authentik/enterprise/providers/ssf/models.py
 msgid "Add stream to SSF provider"
-msgstr "Agregar flujo de datos al proveedor SSF"
+msgstr ""
 
 #: authentik/enterprise/providers/ssf/models.py
 msgid "SSF Stream"
-msgstr "Flujo de Datos SSF"
+msgstr ""
 
 #: authentik/enterprise/providers/ssf/models.py
 msgid "SSF Streams"
-msgstr "Flujos de Datos SSF"
+msgstr ""
 
 #: authentik/enterprise/providers/ssf/models.py
 msgid "SSF Stream Event"
-msgstr "Evento de Flujo de Datos SSF"
+msgstr ""
 
 #: authentik/enterprise/providers/ssf/models.py
 msgid "SSF Stream Events"
-msgstr "Eventos de Flujos de Datos SSF"
+msgstr ""
 
 #: authentik/enterprise/providers/ssf/tasks.py
 msgid "Failed to send request"
-msgstr "Error al enviar la solicitud"
+msgstr "Falló envio de petición"
 
 #: authentik/enterprise/stages/authenticator_endpoint_gdtc/models.py
 msgid "Endpoint Authenticator Google Device Trust Connector Stage"
@@ -683,29 +681,26 @@ msgid ""
 "option has a higher priority than the `client_certificate` option on "
 "`Brand`."
 msgstr ""
-"Configura las autoridades certificadoras para validar el certificado. Esta "
-"opción tiene una prioridad mayor que la opción `client_certificate` en "
-"`Brand`."
 
 #: authentik/enterprise/stages/mtls/models.py
 msgid "Mutual TLS Stage"
-msgstr "Etapa de TLS mutuo"
+msgstr ""
 
 #: authentik/enterprise/stages/mtls/models.py
 msgid "Mutual TLS Stages"
-msgstr "Etapas de TLS mutuo"
+msgstr ""
 
 #: authentik/enterprise/stages/mtls/models.py
 msgid "Permissions to pass Certificates for outposts."
-msgstr "Permisos para pasar Certificados a los puestos avanzados."
+msgstr ""
 
 #: authentik/enterprise/stages/mtls/stage.py
 msgid "Certificate required but no certificate was given."
-msgstr "Se requiere certificado, pero no se proporcionó ninguno."
+msgstr ""
 
 #: authentik/enterprise/stages/mtls/stage.py
 msgid "No user found for certificate."
-msgstr "No se encontró usuario para el certificado."
+msgstr ""
 
 #: authentik/enterprise/stages/source/models.py
 msgid ""
@@ -758,16 +753,12 @@ msgid ""
 "Customize the body of the request. Mapping should return data that is JSON-"
 "serializable."
 msgstr ""
-"Personaliza el cuerpo de la solicitud. El mapeo debe devolver datos que sean"
-" serializables en JSON."
 
 #: authentik/events/models.py
 msgid ""
 "Configure additional headers to be sent. Mapping should return a dictionary "
 "of key-value pairs"
 msgstr ""
-"Configura encabezados adicionales para enviar. El mapeo debe devolver un "
-"diccionario de pares clave-valor"
 
 #: authentik/events/models.py
 msgid ""
@@ -795,7 +786,7 @@ msgstr "Transporte de notificaciones"
 
 #: authentik/events/models.py
 msgid "Notification Transports"
-msgstr "Medios de Notificación"
+msgstr "Transportes de notificación"
 
 #: authentik/events/models.py
 msgid "Notice"
@@ -822,9 +813,9 @@ msgid ""
 "Select which transports should be used to notify the user. If none are "
 "selected, the notification will only be shown in the authentik UI."
 msgstr ""
-"Selecciona qué medios se deben usar para notificar al usuario. Si no se "
-"selecciona ninguno, la notificación solo se mostrará en la interfaz de "
-"authentik."
+"Seleccione qué transportes se deben usar para notificar al usuario. Si no se"
+" selecciona ninguno, la notificación solo se mostrará en la interfaz de "
+"usuario de authentik."
 
 #: authentik/events/models.py
 msgid "Controls which severity level the created notifications will have."
@@ -996,7 +987,7 @@ msgstr "Evalúa políticas durante el proceso de planeación del Flujo."
 
 #: authentik/flows/models.py
 msgid "Evaluate policies when the Stage is presented to the user."
-msgstr "Evaluar las políticas cuando la Etapa se presenta al usuario."
+msgstr ""
 
 #: authentik/flows/models.py
 msgid ""
@@ -1043,8 +1034,6 @@ msgid ""
 "When enabled, provider will not modify or create objects in the remote "
 "system."
 msgstr ""
-"Cuando está habilitado, el proveedor no modificará ni creará objetos en el "
-"sistema remoto."
 
 #: authentik/lib/sync/outgoing/tasks.py
 msgid "Starting full provider sync"
@@ -1052,21 +1041,20 @@ msgstr "Iniciando sincronización completa de proveedor"
 
 #: authentik/lib/sync/outgoing/tasks.py
 msgid "Syncing users"
-msgstr "Sincronizando usuarios"
+msgstr ""
 
 #: authentik/lib/sync/outgoing/tasks.py
 msgid "Syncing groups"
-msgstr "Sincronizando grupos"
+msgstr ""
 
 #: authentik/lib/sync/outgoing/tasks.py
 #, python-brace-format
-msgid "Syncing page {page} of {object_type}"
-msgstr "Sincronizando página {page} de {object_type}"
+msgid "Syncing page {page} of groups"
+msgstr "Sincronizando página {page} de grupos"
 
 #: authentik/lib/sync/outgoing/tasks.py
 msgid "Dropping mutating request due to dry run"
 msgstr ""
-"Descartando solicitud de mutación debido a ejecución en modo de simulación"
 
 #: authentik/lib/sync/outgoing/tasks.py
 #, python-brace-format
@@ -1245,7 +1233,7 @@ msgstr ""
 
 #: authentik/policies/expiry/models.py
 msgid "Password has expired."
-msgstr "La contraseña ha expirado."
+msgstr "La contraseña ha caducado."
 
 #: authentik/policies/expiry/models.py
 msgid "Password Expiry Policy"
@@ -1283,7 +1271,7 @@ msgstr "La IP del cliente no está en un país permitido."
 
 #: authentik/policies/geoip/models.py
 msgid "Distance from previous authentication is larger than threshold."
-msgstr "La distancia desde la autenticación anterior es mayor que el umbral."
+msgstr "La distancia desde la autenticación previa es mayor que el límite."
 
 #: authentik/policies/geoip/models.py
 msgid "Distance is further than possible."
@@ -1332,7 +1320,7 @@ msgstr "Vinculación de Políticas"
 
 #: authentik/policies/models.py
 msgid "Policy Bindings"
-msgstr "Vinculaciones de Políticas"
+msgstr "Vinculaciones de políticas"
 
 #: authentik/policies/models.py
 msgid ""
@@ -1606,11 +1594,11 @@ msgstr "ES256 (Encriptación Asimétrica)"
 
 #: authentik/providers/oauth2/models.py
 msgid "ES384 (Asymmetric Encryption)"
-msgstr "ES384 (Encriptación Asimétrica)"
+msgstr ""
 
 #: authentik/providers/oauth2/models.py
 msgid "ES512 (Asymmetric Encryption)"
-msgstr "ES512 (Encriptación Asimétrica)"
+msgstr ""
 
 #: authentik/providers/oauth2/models.py
 msgid "Scope used by the client"
@@ -1825,7 +1813,7 @@ msgstr "Valida Certificados SSL de servidores de origen"
 
 #: authentik/providers/proxy/models.py
 msgid "Internal host SSL Validation"
-msgstr "Validación SSL del host interno"
+msgstr "Validación SSL de host interno"
 
 #: authentik/providers/proxy/models.py
 msgid ""
@@ -2039,7 +2027,7 @@ msgstr ""
 
 #: authentik/providers/saml/models.py
 msgid "AuthnContextClassRef Property Mapping"
-msgstr "Asignación de Propiedades de AuthnContextClassRef"
+msgstr ""
 
 #: authentik/providers/saml/models.py
 msgid ""
@@ -2047,9 +2035,6 @@ msgid ""
 "empty, the AuthnContextClassRef will be set based on which authentication "
 "methods the user used to authenticate."
 msgstr ""
-"Configura cómo se creará el valor de AuthnContextClassRef. Si se deja vacío,"
-" el AuthnContextClassRef se establecerá según los métodos de autenticación "
-"que el usuario haya utilizado para autenticarse."
 
 #: authentik/providers/saml/models.py
 msgid ""
@@ -2199,11 +2184,11 @@ msgstr "Predeterminado"
 
 #: authentik/providers/scim/models.py
 msgid "AWS"
-msgstr "AWS"
+msgstr ""
 
 #: authentik/providers/scim/models.py
 msgid "Slack"
-msgstr "Slack"
+msgstr ""
 
 #: authentik/providers/scim/models.py
 msgid "Base URL to SCIM requests, usually ends in /v2"
@@ -2215,13 +2200,11 @@ msgstr "Token de Autenticación"
 
 #: authentik/providers/scim/models.py
 msgid "SCIM Compatibility Mode"
-msgstr "Modo de Compatibilidad SCIM"
+msgstr ""
 
 #: authentik/providers/scim/models.py
 msgid "Alter authentik behavior for vendor-specific SCIM implementations."
 msgstr ""
-"Modificar el comportamiento de authentik para implementaciones SCIM "
-"específicas de proveedores."
 
 #: authentik/providers/scim/models.py
 msgid "SCIM Provider"
@@ -2249,7 +2232,7 @@ msgstr "Roles"
 
 #: authentik/rbac/models.py
 msgid "Initial Permissions"
-msgstr "Permisos Iniciales"
+msgstr ""
 
 #: authentik/rbac/models.py
 msgid "System permission"
@@ -2287,7 +2270,7 @@ msgstr ""
 
 #: authentik/recovery/views.py
 msgid "Used recovery-link to authenticate."
-msgstr "Se utilizó un enlace de recuperación para autenticarse."
+msgstr "Se usó el enlace de recuperación para autenticarse."
 
 #: authentik/sources/kerberos/models.py
 msgid "Kerberos realm"
@@ -2299,7 +2282,7 @@ msgstr "krb5.conf personalizado a usar. Usa el del sistema por defecto."
 
 #: authentik/sources/kerberos/models.py
 msgid "KAdmin server type"
-msgstr "Tipo de servidor KAdmin"
+msgstr ""
 
 #: authentik/sources/kerberos/models.py
 msgid "Sync users from Kerberos into authentik"
@@ -2307,24 +2290,23 @@ msgstr "Sincronizar usuarios desde Kerberos hacia Authentik"
 
 #: authentik/sources/kerberos/models.py
 msgid "When a user changes their password, sync it back to Kerberos"
-msgstr ""
-"Cuando un usuario cambie su contraseña, sincronizarla de vuelta a Kerberos."
+msgstr "Cuando un usuario cambia su contraseña, sincronizarlo hacia Kerberos"
 
 #: authentik/sources/kerberos/models.py
 msgid "Principal to authenticate to kadmin for sync."
-msgstr "Principal para autenticarse en kadmin para la sincronización."
+msgstr "Principal para autenticarse como kadmin para la sincronización."
 
 #: authentik/sources/kerberos/models.py
 msgid "Password to authenticate to kadmin for sync"
-msgstr "Contraseña para autenticarse en kadmin para la sincronización"
+msgstr "Contraseña para autenticarse como kadmin para la sincronización"
 
 #: authentik/sources/kerberos/models.py
 msgid ""
 "Keytab to authenticate to kadmin for sync. Must be base64-encoded or in the "
 "form TYPE:residual"
 msgstr ""
-"Keytab para autenticarse en kadmin para la sincronización. Debe estar "
-"codificado en base64 o en el formato TIPO:residuo"
+"Keytab para autenticarse como kadmin para la sincronización. Debe estar "
+"codificado en base64 o en el formato TIPO:residual"
 
 #: authentik/sources/kerberos/models.py
 msgid ""
@@ -2340,7 +2322,7 @@ msgid ""
 "HTTP@hostname"
 msgstr ""
 "Forzar el uso de un nombre de servidor específico para SPNEGO. Debe estar en"
-" el formato HTTP@nombre_de_host"
+" el formato HTTP@nombredelservidor"
 
 #: authentik/sources/kerberos/models.py
 msgid "SPNEGO keytab base64-encoded or path to keytab in the form FILE:path"
@@ -2357,8 +2339,8 @@ msgid ""
 "If enabled, the authentik-stored password will be updated upon login with "
 "the Kerberos password backend"
 msgstr ""
-"Si está habilitado, la contraseña almacenada en authentik se actualizará al "
-"iniciar sesión con el backend de contraseñas de Kerberos."
+"Si está habilitado, la contraseña almacenada por authentik será actualizada "
+"al iniciar sesión con el backend de contraseñas Kerberos"
 
 #: authentik/sources/kerberos/models.py
 msgid "Kerberos Source"
@@ -2406,7 +2388,7 @@ msgid ""
 msgstr ""
 "\n"
 "                    Asegúrate de que tienes entradas válidas\n"
-"                    (obtenibles mediante kinit) \n"
+"                    (se obtienen a través de kinit) \n"
 "                    y de haber configurado correctamente el navegador.\n"
 "                    Por favor, contacta a tu administrador.\n"
 "                "
@@ -2471,10 +2453,6 @@ msgstr "DN de grupo de adición"
 msgid "Consider Objects matching this filter to be Users."
 msgstr "Considere que los objetos que coinciden con este filtro son usuarios."
 
-#: authentik/sources/ldap/models.py
-msgid "Attribute which matches the value of `group_membership_field`."
-msgstr "Atributo que coincide con el valor de `group_membership_field`."
-
 #: authentik/sources/ldap/models.py
 msgid "Field which contains members of a group."
 msgstr "Campo que contiene los miembros de un grupo."
@@ -2507,17 +2485,12 @@ msgid ""
 "attribute. This allows nested group resolution on systems like FreeIPA and "
 "Active Directory"
 msgstr ""
-"Buscar la pertenencia a grupos basándose en un atributo del usuario en lugar"
-" de un atributo del grupo. Esto permite la resolución de grupos anidados en "
-"sistemas como FreeIPA y Active Directory"
 
 #: authentik/sources/ldap/models.py
 msgid ""
 "Delete authentik users and groups which were previously supplied by this "
 "source, but are now missing from it."
 msgstr ""
-"Eliminar usuarios y grupos de authentik que fueron proporcionados "
-"previamente por esta fuente, pero que ahora están ausentes."
 
 #: authentik/sources/ldap/models.py
 msgid "LDAP Source"
@@ -2539,24 +2512,22 @@ msgstr "Asignaciones de Propiedades de Fuente de LDAP"
 msgid ""
 "Unique ID used while checking if this object still exists in the directory."
 msgstr ""
-"ID único utilizado para verificar si este objeto aún existe en el "
-"directorio."
 
 #: authentik/sources/ldap/models.py
 msgid "User LDAP Source Connection"
-msgstr "Conexión de Fuente LDAP de Usuario"
+msgstr ""
 
 #: authentik/sources/ldap/models.py
 msgid "User LDAP Source Connections"
-msgstr "Conexiones de Fuente LDAP de Usuario"
+msgstr ""
 
 #: authentik/sources/ldap/models.py
 msgid "Group LDAP Source Connection"
-msgstr "Conexión de Fuente LDAP de Grupo"
+msgstr ""
 
 #: authentik/sources/ldap/models.py
 msgid "Group LDAP Source Connections"
-msgstr "Conexiones de Fuente LDAP de Grupo"
+msgstr ""
 
 #: authentik/sources/ldap/signals.py
 msgid "Password does not match Active Directory Complexity."
@@ -2568,11 +2539,11 @@ msgstr "No se recibió ningún token."
 
 #: authentik/sources/oauth/models.py
 msgid "HTTP Basic Authentication"
-msgstr "Autenticación Básica HTTP"
+msgstr ""
 
 #: authentik/sources/oauth/models.py
 msgid "Include the client ID and secret as request parameters"
-msgstr "Incluir el ID de cliente y el secreto como parámetros de la solicitud"
+msgstr ""
 
 #: authentik/sources/oauth/models.py
 msgid "Request Token URL"
@@ -2619,8 +2590,6 @@ msgid ""
 "How to perform authentication during an authorization_code token request "
 "flow"
 msgstr ""
-"Cómo realizar la autenticación durante un flujo de solicitud de token con "
-"authorization_code"
 
 #: authentik/sources/oauth/models.py
 msgid "OAuth Source"
@@ -2938,7 +2907,7 @@ msgstr "Conexiones de Fuente de SAML de Grupo"
 #: authentik/sources/saml/views.py
 #, python-brace-format
 msgid "Continue to {source_name}"
-msgstr "Continuar a {source_name}"
+msgstr ""
 
 #: authentik/sources/scim/models.py
 msgid "SCIM Source"
@@ -2974,7 +2943,7 @@ msgstr "Dispositivos Duo"
 
 #: authentik/stages/authenticator_email/models.py
 msgid "Email OTP"
-msgstr "OTP por Correo Electrónico"
+msgstr ""
 
 #: authentik/stages/authenticator_email/models.py
 #: authentik/stages/email/models.py
@@ -2995,11 +2964,11 @@ msgstr ""
 
 #: authentik/stages/authenticator_email/models.py
 msgid "Email Authenticator Setup Stage"
-msgstr "Etapa de Configuración del Autenticador de Correo Electrónico"
+msgstr ""
 
 #: authentik/stages/authenticator_email/models.py
 msgid "Email Authenticator Setup Stages"
-msgstr "Etapas de Configuración del Autenticador de Correo Electrónico"
+msgstr ""
 
 #: authentik/stages/authenticator_email/models.py
 #: authentik/stages/authenticator_email/stage.py
@@ -3010,11 +2979,11 @@ msgstr ""
 
 #: authentik/stages/authenticator_email/models.py
 msgid "Email Device"
-msgstr "Dispositivo de correo electrónico"
+msgstr "Dispositivo de Email"
 
 #: authentik/stages/authenticator_email/models.py
 msgid "Email Devices"
-msgstr "Dispositivos de correo electrónico"
+msgstr "Dispositivos de Email"
 
 #: authentik/stages/authenticator_email/stage.py
 #: authentik/stages/authenticator_sms/stage.py
@@ -3024,7 +2993,7 @@ msgstr "El código no coincide"
 
 #: authentik/stages/authenticator_email/stage.py
 msgid "Invalid email"
-msgstr "Correo electrónico inválido"
+msgstr "Email Inválido"
 
 #: authentik/stages/authenticator_email/templates/email/email_otp.html
 #: authentik/stages/email/templates/email/password_reset.html
@@ -3044,9 +3013,6 @@ msgid ""
 "          Email MFA code.\n"
 "          "
 msgstr ""
-"\n"
-"          Código MFA por correo electrónico.\n"
-"          "
 
 #: authentik/stages/authenticator_email/templates/email/email_otp.html
 #, python-format
@@ -3056,8 +3022,7 @@ msgid ""
 "    "
 msgstr ""
 "\n"
-"    Si no solicitaste este código, por favor ignora este correo. El código anterior es válido por %(expires)s.\n"
-"    "
+"Si no solicitaste este código, por favor ignora este correo. El código anterior es válido por %(expires)s."
 
 #: authentik/stages/authenticator_email/templates/email/email_otp.txt
 #: authentik/stages/email/templates/email/password_reset.txt
@@ -3070,8 +3035,6 @@ msgid ""
 "\n"
 "Email MFA code\n"
 msgstr ""
-"\n"
-"Código MFA por correo electrónico\n"
 
 #: authentik/stages/authenticator_email/templates/email/email_otp.txt
 #, python-format
@@ -3313,8 +3276,8 @@ msgstr "No se pudo validar el token"
 msgid ""
 "Offset after which consent expires. (Format: hours=1;minutes=2;seconds=3)."
 msgstr ""
-"Desfase después del cual expira el consentimiento. (Formato: "
-"hours=1;minutes=2;seconds=3)."
+"Compensación después de la cual caduca el consentimiento. (Formato: horas = "
+"1; minutos = 2; segundos = 3)."
 
 #: authentik/stages/consent/models.py
 msgid "Consent Stage"
@@ -3334,7 +3297,7 @@ msgstr "Consentimientos del usuario"
 
 #: authentik/stages/consent/stage.py
 msgid "Invalid consent token, re-showing prompt"
-msgstr "Token de consentimiento inválido, mostrando el aviso nuevamente"
+msgstr ""
 
 #: authentik/stages/deny/models.py
 msgid "Deny Stage"
@@ -3354,11 +3317,11 @@ msgstr "Etapas ficticias"
 
 #: authentik/stages/email/flow.py
 msgid "Continue to confirm this email address."
-msgstr "Continúa para confirmar esta dirección de correo electrónico."
+msgstr ""
 
 #: authentik/stages/email/flow.py
 msgid "Link was already used, please request a new link."
-msgstr "El enlace ya fue utilizado, por favor, solícita uno nuevo."
+msgstr ""
 
 #: authentik/stages/email/models.py
 msgid "Password Reset"
@@ -3482,8 +3445,7 @@ msgid ""
 "    "
 msgstr ""
 "\n"
-"    Si no solicitaste un cambio de contraseña, por favor ignora este correo. El enlace anterior es válido por %(expires)s.\n"
-"    "
+"Si no solicitaste un cambio de contraseña, por favor ignora este correo. El enlace anterior es válido por %(expires)s."
 
 #: authentik/stages/email/templates/email/password_reset.txt
 msgid ""
@@ -3567,26 +3529,24 @@ msgid ""
 "Show the user the 'Remember me on this device' toggle, allowing repeat users"
 " to skip straight to entering their password."
 msgstr ""
-"Mostrar al usuario la opción \"Recordarme en este dispositivo\", permitiendo"
-" que los usuarios recurrentes pasen directamente a ingresar su contraseña."
 
 #: authentik/stages/identification/models.py
 msgid "Optional enrollment flow, which is linked at the bottom of the page."
 msgstr ""
-"Flujo de inscripción opcional, que se enlaza en la parte inferior de la "
-"página."
+"Flujo de inscripción opcional, que está vinculado en la parte inferior de la"
+" página."
 
 #: authentik/stages/identification/models.py
 msgid "Optional recovery flow, which is linked at the bottom of the page."
 msgstr ""
-"Flujo de recuperación opcional, que se enlaza en la parte inferior de la "
-"página."
+"Flujo de recuperación opcional, que está vinculado en la parte inferior de "
+"la página."
 
 #: authentik/stages/identification/models.py
 msgid "Optional passwordless flow, which is linked at the bottom of the page."
 msgstr ""
-"Flujo opcional sin contraseña, que se enlaza en la parte inferior de la "
-"página."
+"Flujo sin contraseña opcional, el cual está vinculado en la parte inferior "
+"de la página."
 
 #: authentik/stages/identification/models.py
 msgid "Specify which sources should be shown."
@@ -3820,11 +3780,11 @@ msgstr "Las contraseñas no coinciden."
 
 #: authentik/stages/redirect/api.py
 msgid "Target URL should be present when mode is Static."
-msgstr "La URL de destino debe estar presente cuando el modo es Estático."
+msgstr ""
 
 #: authentik/stages/redirect/api.py
 msgid "Target Flow should be present when mode is Flow."
-msgstr "El Flujo de Destino debe estar presente cuando el modo es Flujo."
+msgstr ""
 
 #: authentik/stages/redirect/models.py
 msgid "Redirect Stage"
@@ -3881,6 +3841,10 @@ msgstr "Etapas de inicio de"
 msgid "No Pending user to login."
 msgstr "Ningún usuario pendiente para iniciar sesión."
 
+#: authentik/stages/user_login/stage.py
+msgid "Successfully logged in!"
+msgstr "¡Se ha iniciado sesión correctamente!"
+
 #: authentik/stages/user_logout/models.py
 msgid "User Logout Stage"
 msgstr "Etapa de cierre de sesión del usuario"
@@ -3956,12 +3920,10 @@ msgstr ""
 #: authentik/tenants/models.py
 msgid "Reputation cannot decrease lower than this value. Zero or negative."
 msgstr ""
-"La reputación no puede disminuir por debajo de este valor. Cero o negativo."
 
 #: authentik/tenants/models.py
 msgid "Reputation cannot increase higher than this value. Zero or positive."
 msgstr ""
-"La reputación no puede aumentar por encima de este valor. Cero o positivo."
 
 #: authentik/tenants/models.py
 msgid "The option configures the footer links on the flow executor pages."
@@ -3984,8 +3946,8 @@ msgstr "Personificación habilitada/deshabilitada globalmente."
 #: authentik/tenants/models.py
 msgid "Require administrators to provide a reason for impersonating a user."
 msgstr ""
-"Requerir que los administradores proporcionen una razón para personificar a "
-"un usuario."
+"Requerir a los administradores proporcionar una razón para suplantar un "
+"usuario."
 
 #: authentik/tenants/models.py
 msgid "Default token duration"
@@ -3997,7 +3959,7 @@ msgstr "Longitud predeterminada del token"
 
 #: authentik/tenants/models.py
 msgid "Tenant"
-msgstr "Inquilino"
+msgstr "inquilino"
 
 #: authentik/tenants/models.py
 msgid "Tenants"

manage.py

@@ -1,18 +1,35 @@
 #!/usr/bin/env python
 """Django manage.py"""
-
 import os
 import sys
+import warnings
 
+from authentik.lib.config import CONFIG
+from cryptography.hazmat.backends.openssl.backend import backend
+from defusedxml import defuse_stdlib
 from django.utils.autoreload import DJANGO_AUTORELOAD_ENV
 
-from authentik.root.setup import setup
 from lifecycle.migrate import run_migrations
 from lifecycle.wait_for_db import wait_for_db
 
-setup()
+warnings.filterwarnings("ignore", "SelectableGroups dict interface")
+warnings.filterwarnings(
+    "ignore",
+    "defusedxml.lxml is no longer supported and will be removed in a future release.",
+)
+warnings.filterwarnings(
+    "ignore",
+    "defusedxml.cElementTree is deprecated, import from defusedxml.ElementTree instead.",
+)
+
+defuse_stdlib()
+
+if CONFIG.get_bool("compliance.fips.enabled", False):
+    backend._enable_fips()
+
 
 if __name__ == "__main__":
+    os.environ.setdefault("DJANGO_SETTINGS_MODULE", "authentik.root.settings")
     wait_for_db()
     if (
         len(sys.argv) > 1

package-lock.json

@@ -1,12 +1,12 @@
 {
     "name": "@goauthentik/authentik",
-    "version": "2025.6.2",
+    "version": "2025.6.1",
     "lockfileVersion": 3,
     "requires": true,
     "packages": {
         "": {
             "name": "@goauthentik/authentik",
-            "version": "2025.6.2",
+            "version": "2025.6.1",
             "devDependencies": {
                 "@trivago/prettier-plugin-sort-imports": "^5.2.2",
                 "prettier": "^3.3.3",

package.json

@@ -1,6 +1,6 @@
 {
     "name": "@goauthentik/authentik",
-    "version": "2025.6.2",
+    "version": "2025.6.1",
     "private": true,
     "type": "module",
     "devDependencies": {

packages/docusaurus-config/.prettierignore

@@ -1,10 +0,0 @@
-# Prettier Ignorefile
-
-## Static Files
-**/LICENSE
-
-## Build asset directories
-coverage
-dist
-out
-.docusaurus

packages/docusaurus-config/index.js

@@ -4,5 +4,3 @@
 
 export * from "./lib/theme.js";
 export * from "./lib/common.js";
-export * from "./lib/routing.js";
-export * from "./lib/navbar.js";

packages/docusaurus-config/lib/common.js

@@ -1,8 +1,8 @@
 /**
  * @file Common Docusaurus configuration utilities.
  *
- * @import { Config, DocusaurusConfig } from "@docusaurus/types"
- * @import { UserThemeConfig, UserThemeConfigExtra } from "./theme.js"
+ * @import { Config as DocusaurusConfig } from "@docusaurus/types"
+ * @import { UserThemeConfig } from "./theme.js"
  */
 import { deepmerge } from "deepmerge-ts";
 
@@ -11,14 +11,14 @@ import { createThemeConfig } from "./theme.js";
 //#region Types
 
 /**
- * @typedef {Omit<Config, 'themeConfig'>} DocusaurusConfigBase
+ * @typedef {Omit<DocusaurusConfig, 'themeConfig'>} DocusaurusConfigBase
  *
  * Represents the base configuration for Docusaurus, excluding the theme configuration.
  */
 
 /**
  * @typedef DocusaurusConfigBaseTheme
- * @property {UserThemeConfig & UserThemeConfigExtra} themeConfig The theme configuration.
+ * @property {UserThemeConfig} themeConfig The theme configuration.
  *
  * Represents a configuration object, only including the theme configuration.
  */
@@ -39,66 +39,31 @@ import { createThemeConfig } from "./theme.js";
 //#region Functions
 
 /**
- * Create a default Docusaurus configuration.
+ * Create a Docusaurus configuration.
+ *
+ * @param {DocusaurusConfigInit} [overrides] The options to override.
+ * @returns {DocusaurusConfig}
  */
-export function createDefaultDocusaurusConfig() {
-    const NodeEnvironment = process.env.AK_DOCUSAURUS_ENV || process.env.NODE_ENV || "development";
-    const production = NodeEnvironment === "production";
-
+export function createDocusaurusConfig({ themeConfig, ...overrides } = {}) {
     /**
-     * @satisfies {Config}
+     * @type {DocusaurusConfig}
      */
-    const DEFAULT_CONFIG = /** @type {const} */ ({
-        trailingSlash: true,
-        future: {
-            v4: {
-                removeLegacyPostBuildHeadAttribute: true,
-                useCssCascadeLayers: false,
-            },
-            experimental_faster: {
-                swcJsLoader: true,
-                rspackBundler: true,
-                lightningCssMinimizer: production,
-                swcJsMinimizer: production,
-                swcHtmlMinimizer: production,
-                ssgWorkerThreads: production,
-                mdxCrossCompilerCache: production,
-                rspackPersistentCache: production,
-            },
-        },
+    const config = {
         title: "authentik",
         tagline: "Bring all of your authentication into a unified platform.",
         url: "https://docs.goauthentik.io",
         baseUrl: "/",
         onBrokenLinks: "throw",
         onBrokenAnchors: "throw",
-        onBrokenMarkdownLinks: "throw",
-        onDuplicateRoutes: "throw",
         favicon: "img/icon.png",
         organizationName: "Authentik Security Inc.",
         projectName: "authentik",
         markdown: {
             mermaid: true,
         },
-    });
-
-    return DEFAULT_CONFIG;
-}
-
-/**
- * Create a Docusaurus configuration.
- *
- * @template {Partial<Config>} T
- * @param {T} overrides The options to override.
- * @returns {T & ReturnType<typeof createDefaultDocusaurusConfig>}
- */
-export function createDocusaurusConfig({ themeConfig, ...overrides }) {
-    const config = {
-        ...createDefaultDocusaurusConfig(),
         themeConfig: createThemeConfig(themeConfig),
     };
 
-    // @ts-ignore
     return deepmerge(config, overrides);
 }
 

packages/docusaurus-config/lib/navbar.js

@@ -1,110 +0,0 @@
-/**
- * @file Docusaurus navbar configuration for the authentik website.
- *
- * @import { NavbarItem } from "@docusaurus/theme-common";
- */
-import { DocusaurusURL, SocialURL } from "./routing.js";
-
-/**
- * The navbar items for the authentik website.
- *
- * @type {NavbarItem[]}
- */
-export const SocialNavbarItems = /** @type {const} */ ([
-    {
-        "href": SocialURL.GitHub,
-        "data-icon": "github",
-        "aria-label": "GitHub",
-        "position": "right",
-    },
-    {
-        "href": SocialURL.Discord,
-        "data-icon": "discord",
-        "aria-label": "Discord",
-        "position": "right",
-    },
-]);
-
-/**
- * The navbar items for the authentik website.
- *
- * @satisfies {NavbarItem[]}
- */
-export const NavbarItemsTemplate = /** @type {const} */ ([
-    {
-        to: "{{WWW_URL}}/features",
-        label: "Features",
-        position: "left",
-        target: "_self",
-    },
-    {
-        to: "{{INTEGRATIONS_URL}}",
-        label: "Integrations",
-        target: "_self",
-        position: "left",
-    },
-    {
-        to: "{{DOCS_URL}}",
-
-        label: "Documentation",
-        position: "left",
-        target: "_self",
-    },
-    {
-        to: "{{WWW_URL}}/pricing/",
-        label: "Pricing",
-        position: "left",
-        target: "_self",
-    },
-    {
-        to: "{{WWW_URL}}/blog",
-        label: "Blog",
-        position: "left",
-        target: "_self",
-    },
-    ...SocialNavbarItems,
-]);
-
-/**
- * @typedef {Object} NavbarItemOverrides
- *
- * @prop {string} WWW_URL The URL for the WWW environment.
- * @prop {string} DOCS_URL The URL for the documentation.
- * @prop {string} INTEGRATIONS_URL The URL for the integrations.
- */
-
-const DEFAULT_NAVBAR_REPLACEMENTS = /** @type {const} */ ({
-    DOCS_URL: DocusaurusURL.Docs,
-    INTEGRATIONS_URL: DocusaurusURL.Integrations,
-    WWW_URL: DocusaurusURL.WWW,
-});
-
-/**
- * Creates a navbar item array, replacing placeholders with the given replacements.
- *
- * @param {Partial<NavbarItemOverrides>} [overrides]
- * @returns {NavbarItem[]}
- */
-export function createNavbarItems(overrides) {
-    const replacements = {
-        ...DEFAULT_NAVBAR_REPLACEMENTS,
-        ...overrides,
-    };
-
-    return NavbarItemsTemplate.map((item) => {
-        if (typeof item.to !== "string") return item;
-
-        return {
-            ...item,
-            to: item.to.replace(
-                /{{([^}]+)}}/g,
-                /**
-                 * @param {keyof NavbarItemOverrides}  key
-                 */
-                (_, key) => {
-                    return replacements[key];
-                },
-            ),
-        };
-    });
-}

packages/docusaurus-config/lib/routing.js

@@ -1,35 +0,0 @@
-/**
- * @file Docusaurus routing configuration.
- */
-
-/**
- * @typedef {'production'|'development'} NodeEnvironment
- */
-
-const NodeEnvironment = /** @type {NodeEnvironment} */ (process.env.NODE_ENV || "development");
-
-/**
- * @satisfies {Record<NodeEnvironment, Record<string, string>>}
- */
-export const DocusaurusURLByEnvironment = /** @type {const} */ ({
-    development: {
-        Docs: "http://localhost:3000",
-        Integrations: "http://localhost:3001",
-        WWW: "http://localhost:3002",
-    },
-    production: {
-        Docs: "https://docs.goauthentik.io",
-        Integrations: "https://integrations.goauthentik.io",
-        WWW: "https://goauthentik.io",
-    },
-});
-
-export const DocusaurusURL = DocusaurusURLByEnvironment[NodeEnvironment];
-
-/**
- * @satisfies {Record<string, string>}
- */
-export const SocialURL = /** @type {const} */ ({
-    Discord: "https://goauthentik.io/discord",
-    GitHub: "https://github.com/goauthentik/authentik",
-});

packages/docusaurus-config/lib/theme.js

@@ -3,26 +3,16 @@
  *
  * @import { UserThemeConfig as UserThemeConfigCommon } from "@docusaurus/theme-common";
  * @import { UserThemeConfig as UserThemeConfigAlgolia } from "@docusaurus/theme-search-algolia";
- * @import { NavbarItemOverrides } from "./navbar.js"
  */
 import { deepmerge } from "deepmerge-ts";
 import { themes as prismThemes } from "prism-react-renderer";
 
-import { createNavbarItems } from "./navbar.js";
-
 //#region Types
 
 /**
- * @typedef {Object} UserThemeConfigExtra
- * @property {Partial<NavbarItemOverrides>} [navbarReplacements] The replacements for the navbar.
- *
- */
-
-/**
- * Combined theme configuration for Docusaurus, Algolia, and our own configuration.
+ * Combined theme configuration for Docusaurus and Algolia.
  *
  * @typedef {UserThemeConfigCommon & UserThemeConfigAlgolia} UserThemeConfig
- *
  */
 
 //#endregion
@@ -67,10 +57,10 @@ export function createPrismConfig(overrides = {}) {
 /**
  * Creates a theme configuration for Docusaurus.
  *
- * @param {Partial<UserThemeConfig & UserThemeConfigExtra>} overrides - Overrides for the default theme configuration.
+ * @param {Partial<UserThemeConfig>} overrides - Overrides for the default theme configuration.
  * @returns {UserThemeConfig}
  */
-export function createThemeConfig({ prism, navbarReplacements, ...overrides } = {}) {
+export function createThemeConfig({ prism, ...overrides } = {}) {
     /**
      * @type {UserThemeConfig}
      */
@@ -87,17 +77,6 @@ export function createThemeConfig({ prism, navbarReplacements, ...overrides } =
             appId: "36ROD0O0FV",
             apiKey: "727db511300ca9aec5425645bbbddfb5",
         },
-        footer: {
-            copyright: `Copyright © ${new Date().getFullYear()} Authentik Security Inc. Built with Docusaurus.`,
-        },
-        navbar: {
-            logo: {
-                alt: "authentik logo",
-                src: "img/icon_left_brand.svg",
-            },
-
-            items: createNavbarItems(navbarReplacements),
-        },
         prism: createPrismConfig(prism),
     };
 

packages/docusaurus-config/package-lock.json

@@ -1,51 +1,43 @@
 {
     "name": "@goauthentik/docusaurus-config",
-    "version": "2.1.1",
+    "version": "2.0.0",
     "lockfileVersion": 3,
     "requires": true,
     "packages": {
         "": {
             "name": "@goauthentik/docusaurus-config",
-            "version": "2.1.1",
+            "version": "2.0.0",
             "license": "MIT",
             "dependencies": {
                 "deepmerge-ts": "^7.1.5",
                 "prism-react-renderer": "^2.4.1"
             },
             "devDependencies": {
-                "@docusaurus/theme-common": "^3.8.1",
-                "@docusaurus/theme-search-algolia": "^3.8.1",
-                "@docusaurus/types": "^3.8.1",
+                "@docusaurus/theme-common": "^3.8.0",
+                "@docusaurus/theme-search-algolia": "^3.8.0",
+                "@docusaurus/types": "^3.8.0",
                 "@goauthentik/prettier-config": "^2.0.0",
                 "@goauthentik/tsconfig": "^1.0.4",
                 "@types/react": "^19.1.6",
                 "@types/react-dom": "^19.1.5",
                 "prettier": "^3.5.3",
+                "react": "^19.1.0",
+                "react-dom": "^19.1.0",
                 "typescript": "^5.8.3"
             },
             "engines": {
                 "node": ">=22"
             },
-            "optionalDependencies": {
-                "react": ">=18",
-                "react-dom": ">=18"
-            },
             "peerDependencies": {
-                "@docusaurus/theme-common": "^3.8.1",
-                "@docusaurus/theme-search-algolia": "^3.8.1",
+                "@docusaurus/theme-common": "^3.8.0",
+                "@docusaurus/theme-search-algolia": "^3.8.0",
                 "@docusaurus/types": "^3.8.0",
-                "react": ">=18",
-                "react-dom": ">=18"
+                "react": "^18.0.0 || ^19.0.0",
+                "react-dom": "^18.0.0 || ^19.0.0"
             },
             "peerDependenciesMeta": {
                 "@docusaurus/theme-search-algolia": {
                     "optional": true
-                },
-                "react": {
-                    "optional": true
-                },
-                "react-dom": {
-                    "optional": true
                 }
             }
         },
@@ -328,9 +320,9 @@
             }
         },
         "node_modules/@babel/compat-data": {
-            "version": "7.27.5",
-            "resolved": "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.27.5.tgz",
-            "integrity": "sha512-KiRAp/VoJaWkkte84TvUd9qjdbZAdiqyvMxrGl1N6vzFogKmaLgoM3L1kgtLicp2HP5fBJS8JrZKLVIZGVJAVg==",
+            "version": "7.27.3",
+            "resolved": "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.27.3.tgz",
+            "integrity": "sha512-V42wFfx1ymFte+ecf6iXghnnP8kWTO+ZLXIyZq+1LAXHHvTZdVxicn4yiVYdYMGaCO3tmqub11AorKkv+iodqw==",
             "dev": true,
             "license": "MIT",
             "engines": {
@@ -677,14 +669,14 @@
             }
         },
         "node_modules/@babel/helpers": {
-            "version": "7.27.6",
-            "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.27.6.tgz",
-            "integrity": "sha512-muE8Tt8M22638HU31A3CgfSUciwz1fhATfoVai05aPXGor//CdWDCbnlY1yvBPo07njuVOCNGCSp/GTt12lIug==",
+            "version": "7.27.4",
+            "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.27.4.tgz",
+            "integrity": "sha512-Y+bO6U+I7ZKaM5G5rDUZiYfUvQPUibYmAFe7EnKdnKBbVXDZxvp+MWOH5gYciY0EPk4EScsuFMQBbEfpdRKSCQ==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
                 "@babel/template": "^7.27.2",
-                "@babel/types": "^7.27.6"
+                "@babel/types": "^7.27.3"
             },
             "engines": {
                 "node": ">=6.9.0"
@@ -966,9 +958,9 @@
             }
         },
         "node_modules/@babel/plugin-transform-block-scoping": {
-            "version": "7.27.5",
-            "resolved": "https://registry.npmjs.org/@babel/plugin-transform-block-scoping/-/plugin-transform-block-scoping-7.27.5.tgz",
-            "integrity": "sha512-JF6uE2s67f0y2RZcm2kpAUEbD50vH62TyWVebxwHAlbSdM49VqPz8t4a1uIjp4NIOIZ4xzLfjY5emt/RCyC7TQ==",
+            "version": "7.27.3",
+            "resolved": "https://registry.npmjs.org/@babel/plugin-transform-block-scoping/-/plugin-transform-block-scoping-7.27.3.tgz",
+            "integrity": "sha512-+F8CnfhuLhwUACIJMLWnjz6zvzYM2r0yeIHKlbgfw7ml8rOMJsXNXV/hyRcb3nb493gRs4WvYpQAndWj/qQmkQ==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
@@ -1607,9 +1599,9 @@
             }
         },
         "node_modules/@babel/plugin-transform-regenerator": {
-            "version": "7.27.5",
-            "resolved": "https://registry.npmjs.org/@babel/plugin-transform-regenerator/-/plugin-transform-regenerator-7.27.5.tgz",
-            "integrity": "sha512-uhB8yHerfe3MWnuLAhEbeQ4afVoqv8BQsPqrTv7e/jZ9y00kJL6l9a/f4OWaKxotmjzewfEyXE1vgDJenkQ2/Q==",
+            "version": "7.27.4",
+            "resolved": "https://registry.npmjs.org/@babel/plugin-transform-regenerator/-/plugin-transform-regenerator-7.27.4.tgz",
+            "integrity": "sha512-Glp/0n8xuj+E1588otw5rjJkTXfzW7FjH3IIUrfqiZOPQCd2vbg8e+DQE8jK9g4V5/zrxFW+D9WM9gboRPELpQ==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
@@ -2015,9 +2007,9 @@
             }
         },
         "node_modules/@babel/runtime-corejs3": {
-            "version": "7.27.6",
-            "resolved": "https://registry.npmjs.org/@babel/runtime-corejs3/-/runtime-corejs3-7.27.6.tgz",
-            "integrity": "sha512-vDVrlmRAY8z9Ul/HxT+8ceAru95LQgkSKiXkSYZvqtbkPSfhZJgpRp45Cldbh1GJ1kxzQkI70AqyrTI58KpaWQ==",
+            "version": "7.27.4",
+            "resolved": "https://registry.npmjs.org/@babel/runtime-corejs3/-/runtime-corejs3-7.27.4.tgz",
+            "integrity": "sha512-H7QhL0ucCGOObsUETNbB2PuzF4gAvN8p32P6r91bX7M/hk4bx+3yz2hTwHL9d/Efzwu1upeb4/cd7oSxCzup3w==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
@@ -2062,9 +2054,9 @@
             }
         },
         "node_modules/@babel/types": {
-            "version": "7.27.6",
-            "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.27.6.tgz",
-            "integrity": "sha512-ETyHEk2VHHvl9b9jZP5IHPavHYk57EhanlRRuae9XCpb/j5bDCbPPMOBfCWhnl/7EDJz0jEMCi/RhccCE8r1+Q==",
+            "version": "7.27.3",
+            "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.27.3.tgz",
+            "integrity": "sha512-Y1GkI4ktrtvmawoSq+4FCVHNryea6uR+qUQy0AGxLSsjCX0nVmkYQMBLHDkXZuo5hGx7eYdnIaslsdBFm7zbUw==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
@@ -2627,9 +2619,9 @@
             }
         },
         "node_modules/@csstools/postcss-is-pseudo-class": {
-            "version": "5.0.3",
-            "resolved": "https://registry.npmjs.org/@csstools/postcss-is-pseudo-class/-/postcss-is-pseudo-class-5.0.3.tgz",
-            "integrity": "sha512-jS/TY4SpG4gszAtIg7Qnf3AS2pjcUM5SzxpApOrlndMeGhIbaTzWBzzP/IApXoNWEW7OhcjkRT48jnAUIFXhAQ==",
+            "version": "5.0.1",
+            "resolved": "https://registry.npmjs.org/@csstools/postcss-is-pseudo-class/-/postcss-is-pseudo-class-5.0.1.tgz",
+            "integrity": "sha512-JLp3POui4S1auhDR0n8wHd/zTOWmMsmK3nQd3hhL6FhWPaox5W7j1se6zXOG/aP07wV2ww0lxbKYGwbBszOtfQ==",
             "dev": true,
             "funding": [
                 {
@@ -3313,9 +3305,9 @@
             }
         },
         "node_modules/@docusaurus/babel": {
-            "version": "3.8.1",
-            "resolved": "https://registry.npmjs.org/@docusaurus/babel/-/babel-3.8.1.tgz",
-            "integrity": "sha512-3brkJrml8vUbn9aeoZUlJfsI/GqyFcDgQJwQkmBtclJgWDEQBKKeagZfOgx0WfUQhagL1sQLNW0iBdxnI863Uw==",
+            "version": "3.8.0",
+            "resolved": "https://registry.npmjs.org/@docusaurus/babel/-/babel-3.8.0.tgz",
+            "integrity": "sha512-9EJwSgS6TgB8IzGk1L8XddJLhZod8fXT4ULYMx6SKqyCBqCFpVCEjR/hNXXhnmtVM2irDuzYoVLGWv7srG/VOA==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
@@ -3329,8 +3321,8 @@
                 "@babel/runtime": "^7.25.9",
                 "@babel/runtime-corejs3": "^7.25.9",
                 "@babel/traverse": "^7.25.9",
-                "@docusaurus/logger": "3.8.1",
-                "@docusaurus/utils": "3.8.1",
+                "@docusaurus/logger": "3.8.0",
+                "@docusaurus/utils": "3.8.0",
                 "babel-plugin-dynamic-import-node": "^2.3.3",
                 "fs-extra": "^11.1.1",
                 "tslib": "^2.6.0"
@@ -3340,31 +3332,31 @@
             }
         },
         "node_modules/@docusaurus/bundler": {
-            "version": "3.8.1",
-            "resolved": "https://registry.npmjs.org/@docusaurus/bundler/-/bundler-3.8.1.tgz",
-            "integrity": "sha512-/z4V0FRoQ0GuSLToNjOSGsk6m2lQUG4FRn8goOVoZSRsTrU8YR2aJacX5K3RG18EaX9b+52pN4m1sL3MQZVsQA==",
+            "version": "3.8.0",
+            "resolved": "https://registry.npmjs.org/@docusaurus/bundler/-/bundler-3.8.0.tgz",
+            "integrity": "sha512-Rq4Z/MSeAHjVzBLirLeMcjLIAQy92pF1OI+2rmt18fSlMARfTGLWRE8Vb+ljQPTOSfJxwDYSzsK6i7XloD2rNA==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
                 "@babel/core": "^7.25.9",
-                "@docusaurus/babel": "3.8.1",
-                "@docusaurus/cssnano-preset": "3.8.1",
-                "@docusaurus/logger": "3.8.1",
-                "@docusaurus/types": "3.8.1",
-                "@docusaurus/utils": "3.8.1",
+                "@docusaurus/babel": "3.8.0",
+                "@docusaurus/cssnano-preset": "3.8.0",
+                "@docusaurus/logger": "3.8.0",
+                "@docusaurus/types": "3.8.0",
+                "@docusaurus/utils": "3.8.0",
                 "babel-loader": "^9.2.1",
-                "clean-css": "^5.3.3",
+                "clean-css": "^5.3.2",
                 "copy-webpack-plugin": "^11.0.0",
-                "css-loader": "^6.11.0",
+                "css-loader": "^6.8.1",
                 "css-minimizer-webpack-plugin": "^5.0.1",
                 "cssnano": "^6.1.2",
                 "file-loader": "^6.2.0",
                 "html-minifier-terser": "^7.2.0",
-                "mini-css-extract-plugin": "^2.9.2",
+                "mini-css-extract-plugin": "^2.9.1",
                 "null-loader": "^4.0.1",
-                "postcss": "^8.5.4",
-                "postcss-loader": "^7.3.4",
-                "postcss-preset-env": "^10.2.1",
+                "postcss": "^8.4.26",
+                "postcss-loader": "^7.3.3",
+                "postcss-preset-env": "^10.1.0",
                 "terser-webpack-plugin": "^5.3.9",
                 "tslib": "^2.6.0",
                 "url-loader": "^4.1.1",
@@ -3384,19 +3376,19 @@
             }
         },
         "node_modules/@docusaurus/core": {
-            "version": "3.8.1",
-            "resolved": "https://registry.npmjs.org/@docusaurus/core/-/core-3.8.1.tgz",
-            "integrity": "sha512-ENB01IyQSqI2FLtOzqSI3qxG2B/jP4gQPahl2C3XReiLebcVh5B5cB9KYFvdoOqOWPyr5gXK4sjgTKv7peXCrA==",
+            "version": "3.8.0",
+            "resolved": "https://registry.npmjs.org/@docusaurus/core/-/core-3.8.0.tgz",
+            "integrity": "sha512-c7u6zFELmSGPEP9WSubhVDjgnpiHgDqMh1qVdCB7rTflh4Jx0msTYmMiO91Ez0KtHj4sIsDsASnjwfJ2IZp3Vw==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@docusaurus/babel": "3.8.1",
-                "@docusaurus/bundler": "3.8.1",
-                "@docusaurus/logger": "3.8.1",
-                "@docusaurus/mdx-loader": "3.8.1",
-                "@docusaurus/utils": "3.8.1",
-                "@docusaurus/utils-common": "3.8.1",
-                "@docusaurus/utils-validation": "3.8.1",
+                "@docusaurus/babel": "3.8.0",
+                "@docusaurus/bundler": "3.8.0",
+                "@docusaurus/logger": "3.8.0",
+                "@docusaurus/mdx-loader": "3.8.0",
+                "@docusaurus/utils": "3.8.0",
+                "@docusaurus/utils-common": "3.8.0",
+                "@docusaurus/utils-validation": "3.8.0",
                 "boxen": "^6.2.1",
                 "chalk": "^4.1.2",
                 "chokidar": "^3.5.3",
@@ -3446,14 +3438,14 @@
             }
         },
         "node_modules/@docusaurus/cssnano-preset": {
-            "version": "3.8.1",
-            "resolved": "https://registry.npmjs.org/@docusaurus/cssnano-preset/-/cssnano-preset-3.8.1.tgz",
-            "integrity": "sha512-G7WyR2N6SpyUotqhGznERBK+x84uyhfMQM2MmDLs88bw4Flom6TY46HzkRkSEzaP9j80MbTN8naiL1fR17WQug==",
+            "version": "3.8.0",
+            "resolved": "https://registry.npmjs.org/@docusaurus/cssnano-preset/-/cssnano-preset-3.8.0.tgz",
+            "integrity": "sha512-UJ4hAS2T0R4WNy+phwVff2Q0L5+RXW9cwlH6AEphHR5qw3m/yacfWcSK7ort2pMMbDn8uGrD38BTm4oLkuuNoQ==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
                 "cssnano-preset-advanced": "^6.1.2",
-                "postcss": "^8.5.4",
+                "postcss": "^8.4.38",
                 "postcss-sort-media-queries": "^5.2.0",
                 "tslib": "^2.6.0"
             },
@@ -3462,9 +3454,9 @@
             }
         },
         "node_modules/@docusaurus/logger": {
-            "version": "3.8.1",
-            "resolved": "https://registry.npmjs.org/@docusaurus/logger/-/logger-3.8.1.tgz",
-            "integrity": "sha512-2wjeGDhKcExEmjX8k1N/MRDiPKXGF2Pg+df/bDDPnnJWHXnVEZxXj80d6jcxp1Gpnksl0hF8t/ZQw9elqj2+ww==",
+            "version": "3.8.0",
+            "resolved": "https://registry.npmjs.org/@docusaurus/logger/-/logger-3.8.0.tgz",
+            "integrity": "sha512-7eEMaFIam5Q+v8XwGqF/n0ZoCld4hV4eCCgQkfcN9Mq5inoZa6PHHW9Wu6lmgzoK5Kx3keEeABcO2SxwraoPDQ==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
@@ -3476,15 +3468,15 @@
             }
         },
         "node_modules/@docusaurus/mdx-loader": {
-            "version": "3.8.1",
-            "resolved": "https://registry.npmjs.org/@docusaurus/mdx-loader/-/mdx-loader-3.8.1.tgz",
-            "integrity": "sha512-DZRhagSFRcEq1cUtBMo4TKxSNo/W6/s44yhr8X+eoXqCLycFQUylebOMPseHi5tc4fkGJqwqpWJLz6JStU9L4w==",
+            "version": "3.8.0",
+            "resolved": "https://registry.npmjs.org/@docusaurus/mdx-loader/-/mdx-loader-3.8.0.tgz",
+            "integrity": "sha512-mDPSzssRnpjSdCGuv7z2EIAnPS1MHuZGTaRLwPn4oQwszu4afjWZ/60sfKjTnjBjI8Vl4OgJl2vMmfmiNDX4Ng==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@docusaurus/logger": "3.8.1",
-                "@docusaurus/utils": "3.8.1",
-                "@docusaurus/utils-validation": "3.8.1",
+                "@docusaurus/logger": "3.8.0",
+                "@docusaurus/utils": "3.8.0",
+                "@docusaurus/utils-validation": "3.8.0",
                 "@mdx-js/mdx": "^3.0.0",
                 "@slorber/remark-comment": "^1.0.0",
                 "escape-html": "^1.0.3",
@@ -3516,13 +3508,13 @@
             }
         },
         "node_modules/@docusaurus/module-type-aliases": {
-            "version": "3.8.1",
-            "resolved": "https://registry.npmjs.org/@docusaurus/module-type-aliases/-/module-type-aliases-3.8.1.tgz",
-            "integrity": "sha512-6xhvAJiXzsaq3JdosS7wbRt/PwEPWHr9eM4YNYqVlbgG1hSK3uQDXTVvQktasp3VO6BmfYWPozueLWuj4gB+vg==",
+            "version": "3.8.0",
+            "resolved": "https://registry.npmjs.org/@docusaurus/module-type-aliases/-/module-type-aliases-3.8.0.tgz",
+            "integrity": "sha512-/uMb4Ipt5J/QnD13MpnoC/A4EYAe6DKNWqTWLlGrqsPJwJv73vSwkA25xnYunwfqWk0FlUQfGv/Swdh5eCCg7g==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@docusaurus/types": "3.8.1",
+                "@docusaurus/types": "3.8.0",
                 "@types/history": "^4.7.11",
                 "@types/react": "*",
                 "@types/react-router-config": "*",
@@ -3536,21 +3528,21 @@
             }
         },
         "node_modules/@docusaurus/plugin-content-docs": {
-            "version": "3.8.1",
-            "resolved": "https://registry.npmjs.org/@docusaurus/plugin-content-docs/-/plugin-content-docs-3.8.1.tgz",
-            "integrity": "sha512-oByRkSZzeGNQByCMaX+kif5Nl2vmtj2IHQI2fWjCfCootsdKZDPFLonhIp5s3IGJO7PLUfe0POyw0Xh/RrGXJA==",
+            "version": "3.8.0",
+            "resolved": "https://registry.npmjs.org/@docusaurus/plugin-content-docs/-/plugin-content-docs-3.8.0.tgz",
+            "integrity": "sha512-fRDMFLbUN6eVRXcjP8s3Y7HpAt9pzPYh1F/7KKXOCxvJhjjCtbon4VJW0WndEPInVz4t8QUXn5QZkU2tGVCE2g==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@docusaurus/core": "3.8.1",
-                "@docusaurus/logger": "3.8.1",
-                "@docusaurus/mdx-loader": "3.8.1",
-                "@docusaurus/module-type-aliases": "3.8.1",
-                "@docusaurus/theme-common": "3.8.1",
-                "@docusaurus/types": "3.8.1",
-                "@docusaurus/utils": "3.8.1",
-                "@docusaurus/utils-common": "3.8.1",
-                "@docusaurus/utils-validation": "3.8.1",
+                "@docusaurus/core": "3.8.0",
+                "@docusaurus/logger": "3.8.0",
+                "@docusaurus/mdx-loader": "3.8.0",
+                "@docusaurus/module-type-aliases": "3.8.0",
+                "@docusaurus/theme-common": "3.8.0",
+                "@docusaurus/types": "3.8.0",
+                "@docusaurus/utils": "3.8.0",
+                "@docusaurus/utils-common": "3.8.0",
+                "@docusaurus/utils-validation": "3.8.0",
                 "@types/react-router-config": "^5.0.7",
                 "combine-promises": "^1.1.0",
                 "fs-extra": "^11.1.1",
@@ -3570,16 +3562,16 @@
             }
         },
         "node_modules/@docusaurus/theme-common": {
-            "version": "3.8.1",
-            "resolved": "https://registry.npmjs.org/@docusaurus/theme-common/-/theme-common-3.8.1.tgz",
-            "integrity": "sha512-UswMOyTnPEVRvN5Qzbo+l8k4xrd5fTFu2VPPfD6FcW/6qUtVLmJTQCktbAL3KJ0BVXGm5aJXz/ZrzqFuZERGPw==",
+            "version": "3.8.0",
+            "resolved": "https://registry.npmjs.org/@docusaurus/theme-common/-/theme-common-3.8.0.tgz",
+            "integrity": "sha512-YqV2vAWpXGLA+A3PMLrOMtqgTHJLDcT+1Caa6RF7N4/IWgrevy5diY8oIHFkXR/eybjcrFFjUPrHif8gSGs3Tw==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@docusaurus/mdx-loader": "3.8.1",
-                "@docusaurus/module-type-aliases": "3.8.1",
-                "@docusaurus/utils": "3.8.1",
-                "@docusaurus/utils-common": "3.8.1",
+                "@docusaurus/mdx-loader": "3.8.0",
+                "@docusaurus/module-type-aliases": "3.8.0",
+                "@docusaurus/utils": "3.8.0",
+                "@docusaurus/utils-common": "3.8.0",
                 "@types/history": "^4.7.11",
                 "@types/react": "*",
                 "@types/react-router-config": "*",
@@ -3599,20 +3591,20 @@
             }
         },
         "node_modules/@docusaurus/theme-search-algolia": {
-            "version": "3.8.1",
-            "resolved": "https://registry.npmjs.org/@docusaurus/theme-search-algolia/-/theme-search-algolia-3.8.1.tgz",
-            "integrity": "sha512-NBFH5rZVQRAQM087aYSRKQ9yGEK9eHd+xOxQjqNpxMiV85OhJDD4ZGz6YJIod26Fbooy54UWVdzNU0TFeUUUzQ==",
+            "version": "3.8.0",
+            "resolved": "https://registry.npmjs.org/@docusaurus/theme-search-algolia/-/theme-search-algolia-3.8.0.tgz",
+            "integrity": "sha512-GBZ5UOcPgiu6nUw153+0+PNWvFKweSnvKIL6Rp04H9olKb475jfKjAwCCtju5D2xs5qXHvCMvzWOg5o9f6DtuQ==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
                 "@docsearch/react": "^3.9.0",
-                "@docusaurus/core": "3.8.1",
-                "@docusaurus/logger": "3.8.1",
-                "@docusaurus/plugin-content-docs": "3.8.1",
-                "@docusaurus/theme-common": "3.8.1",
-                "@docusaurus/theme-translations": "3.8.1",
-                "@docusaurus/utils": "3.8.1",
-                "@docusaurus/utils-validation": "3.8.1",
+                "@docusaurus/core": "3.8.0",
+                "@docusaurus/logger": "3.8.0",
+                "@docusaurus/plugin-content-docs": "3.8.0",
+                "@docusaurus/theme-common": "3.8.0",
+                "@docusaurus/theme-translations": "3.8.0",
+                "@docusaurus/utils": "3.8.0",
+                "@docusaurus/utils-validation": "3.8.0",
                 "algoliasearch": "^5.17.1",
                 "algoliasearch-helper": "^3.22.6",
                 "clsx": "^2.0.0",
@@ -3631,9 +3623,9 @@
             }
         },
         "node_modules/@docusaurus/theme-translations": {
-            "version": "3.8.1",
-            "resolved": "https://registry.npmjs.org/@docusaurus/theme-translations/-/theme-translations-3.8.1.tgz",
-            "integrity": "sha512-OTp6eebuMcf2rJt4bqnvuwmm3NVXfzfYejL+u/Y1qwKhZPrjPoKWfk1CbOP5xH5ZOPkiAsx4dHdQBRJszK3z2g==",
+            "version": "3.8.0",
+            "resolved": "https://registry.npmjs.org/@docusaurus/theme-translations/-/theme-translations-3.8.0.tgz",
+            "integrity": "sha512-1DTy/snHicgkCkryWq54fZvsAglTdjTx4qjOXgqnXJ+DIty1B+aPQrAVUu8LiM+6BiILfmNxYsxhKTj+BS3PZg==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
@@ -3645,9 +3637,9 @@
             }
         },
         "node_modules/@docusaurus/types": {
-            "version": "3.8.1",
-            "resolved": "https://registry.npmjs.org/@docusaurus/types/-/types-3.8.1.tgz",
-            "integrity": "sha512-ZPdW5AB+pBjiVrcLuw3dOS6BFlrG0XkS2lDGsj8TizcnREQg3J8cjsgfDviszOk4CweNfwo1AEELJkYaMUuOPg==",
+            "version": "3.8.0",
+            "resolved": "https://registry.npmjs.org/@docusaurus/types/-/types-3.8.0.tgz",
+            "integrity": "sha512-RDEClpwNxZq02c+JlaKLWoS13qwWhjcNsi2wG1UpzmEnuti/z1Wx4SGpqbUqRPNSd8QWWePR8Cb7DvG0VN/TtA==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
@@ -3682,15 +3674,15 @@
             }
         },
         "node_modules/@docusaurus/utils": {
-            "version": "3.8.1",
-            "resolved": "https://registry.npmjs.org/@docusaurus/utils/-/utils-3.8.1.tgz",
-            "integrity": "sha512-P1ml0nvOmEFdmu0smSXOqTS1sxU5tqvnc0dA4MTKV39kye+bhQnjkIKEE18fNOvxjyB86k8esoCIFM3x4RykOQ==",
+            "version": "3.8.0",
+            "resolved": "https://registry.npmjs.org/@docusaurus/utils/-/utils-3.8.0.tgz",
+            "integrity": "sha512-2wvtG28ALCN/A1WCSLxPASFBFzXCnP0YKCAFIPcvEb6imNu1wg7ni/Svcp71b3Z2FaOFFIv4Hq+j4gD7gA0yfQ==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@docusaurus/logger": "3.8.1",
-                "@docusaurus/types": "3.8.1",
-                "@docusaurus/utils-common": "3.8.1",
+                "@docusaurus/logger": "3.8.0",
+                "@docusaurus/types": "3.8.0",
+                "@docusaurus/utils-common": "3.8.0",
                 "escape-string-regexp": "^4.0.0",
                 "execa": "5.1.1",
                 "file-loader": "^6.2.0",
@@ -3715,13 +3707,13 @@
             }
         },
         "node_modules/@docusaurus/utils-common": {
-            "version": "3.8.1",
-            "resolved": "https://registry.npmjs.org/@docusaurus/utils-common/-/utils-common-3.8.1.tgz",
-            "integrity": "sha512-zTZiDlvpvoJIrQEEd71c154DkcriBecm4z94OzEE9kz7ikS3J+iSlABhFXM45mZ0eN5pVqqr7cs60+ZlYLewtg==",
+            "version": "3.8.0",
+            "resolved": "https://registry.npmjs.org/@docusaurus/utils-common/-/utils-common-3.8.0.tgz",
+            "integrity": "sha512-3TGF+wVTGgQ3pAc9+5jVchES4uXUAhAt9pwv7uws4mVOxL4alvU3ue/EZ+R4XuGk94pDy7CNXjRXpPjlfZXQfw==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@docusaurus/types": "3.8.1",
+                "@docusaurus/types": "3.8.0",
                 "tslib": "^2.6.0"
             },
             "engines": {
@@ -3729,15 +3721,15 @@
             }
         },
         "node_modules/@docusaurus/utils-validation": {
-            "version": "3.8.1",
-            "resolved": "https://registry.npmjs.org/@docusaurus/utils-validation/-/utils-validation-3.8.1.tgz",
-            "integrity": "sha512-gs5bXIccxzEbyVecvxg6upTwaUbfa0KMmTj7HhHzc016AGyxH2o73k1/aOD0IFrdCsfJNt37MqNI47s2MgRZMA==",
+            "version": "3.8.0",
+            "resolved": "https://registry.npmjs.org/@docusaurus/utils-validation/-/utils-validation-3.8.0.tgz",
+            "integrity": "sha512-MrnEbkigr54HkdFeg8e4FKc4EF+E9dlVwsY3XQZsNkbv3MKZnbHQ5LsNJDIKDROFe8PBf5C4qCAg5TPBpsjrjg==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@docusaurus/logger": "3.8.1",
-                "@docusaurus/utils": "3.8.1",
-                "@docusaurus/utils-common": "3.8.1",
+                "@docusaurus/logger": "3.8.0",
+                "@docusaurus/utils": "3.8.0",
+                "@docusaurus/utils-common": "3.8.0",
                 "fs-extra": "^11.2.0",
                 "joi": "^17.9.2",
                 "js-yaml": "^4.1.0",
@@ -5410,9 +5402,9 @@
             }
         },
         "node_modules/browserslist": {
-            "version": "4.25.0",
-            "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.25.0.tgz",
-            "integrity": "sha512-PJ8gYKeS5e/whHBh8xrwYK+dAvEj7JXtz6uTucnMRB8OiGTsKccFekoRrjajPBHV8oOY+2tI4uxeceSimKwMFA==",
+            "version": "4.24.5",
+            "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.24.5.tgz",
+            "integrity": "sha512-FDToo4Wo82hIdgc1CQ+NQD0hEhmpPjrZ3hiUgwgOG6IuTdlpr8jdjyG24P6cNP1yJpTLzS5OcGgSw0xmDU1/Tw==",
             "dev": true,
             "funding": [
                 {
@@ -5430,8 +5422,8 @@
             ],
             "license": "MIT",
             "dependencies": {
-                "caniuse-lite": "^1.0.30001718",
-                "electron-to-chromium": "^1.5.160",
+                "caniuse-lite": "^1.0.30001716",
+                "electron-to-chromium": "^1.5.149",
                 "node-releases": "^2.0.19",
                 "update-browserslist-db": "^1.1.3"
             },
@@ -6185,13 +6177,13 @@
             }
         },
         "node_modules/core-js-compat": {
-            "version": "3.43.0",
-            "resolved": "https://registry.npmjs.org/core-js-compat/-/core-js-compat-3.43.0.tgz",
-            "integrity": "sha512-2GML2ZsCc5LR7hZYz4AXmjQw8zuy2T//2QntwdnpuYI7jteT6GVYJL7F6C2C57R7gSYrcqVW3lAALefdbhBLDA==",
+            "version": "3.42.0",
+            "resolved": "https://registry.npmjs.org/core-js-compat/-/core-js-compat-3.42.0.tgz",
+            "integrity": "sha512-bQasjMfyDGyaeWKBIu33lHh9qlSR0MFE/Nmc6nMjf/iU9b3rSMdAYz1Baxrv4lPdGUsTqZudHA4jIGSJy0SWZQ==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "browserslist": "^4.25.0"
+                "browserslist": "^4.24.4"
             },
             "funding": {
                 "type": "opencollective",
@@ -6199,9 +6191,9 @@
             }
         },
         "node_modules/core-js-pure": {
-            "version": "3.43.0",
-            "resolved": "https://registry.npmjs.org/core-js-pure/-/core-js-pure-3.43.0.tgz",
-            "integrity": "sha512-i/AgxU2+A+BbJdMxh3v7/vxi2SbFqxiFmg6VsDwYB4jkucrd1BZNA9a9gphC0fYMG5IBSgQcbQnk865VCLe7xA==",
+            "version": "3.42.0",
+            "resolved": "https://registry.npmjs.org/core-js-pure/-/core-js-pure-3.42.0.tgz",
+            "integrity": "sha512-007bM04u91fF4kMgwom2I5cQxAFIy8jVulgr9eozILl/SZE53QOqnW/+vviC+wQWLv+AunBG+8Q0TLoeSsSxRQ==",
             "dev": true,
             "hasInstallScript": true,
             "license": "MIT",
@@ -7148,9 +7140,9 @@
             "license": "MIT"
         },
         "node_modules/electron-to-chromium": {
-            "version": "1.5.170",
-            "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.170.tgz",
-            "integrity": "sha512-GP+M7aeluQo9uAyiTCxgIj/j+PrWhMlY7LFVj8prlsPljd0Fdg9AprlfUi+OCSFWy9Y5/2D/Jrj9HS8Z4rpKWA==",
+            "version": "1.5.155",
+            "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.155.tgz",
+            "integrity": "sha512-ps5KcGGmwL8VaeJlvlDlu4fORQpv3+GIcF5I3f9tUKUlJ/wsysh6HU8P5L1XWRYeXfA0oJd4PyM8ds8zTFf6Ng==",
             "dev": true,
             "license": "ISC"
         },
@@ -13127,9 +13119,9 @@
             }
         },
         "node_modules/postcss": {
-            "version": "8.5.6",
-            "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.6.tgz",
-            "integrity": "sha512-3Ybi1tAuwAP9s0r1UQ2J4n5Y0G05bJkpUIO0/bI9MhwmD70S5aTWbXGBwxHrelT+XM1k6dM0pk+SwNkpTRN7Pg==",
+            "version": "8.5.4",
+            "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.4.tgz",
+            "integrity": "sha512-QSa9EBe+uwlGTFmHsPKokv3B/oEMQZxfqW0QqNCyhpa6mB1afzulwn8hihglqAb2pOw+BJgNlmXQ8la2VeHB7w==",
             "dev": true,
             "funding": [
                 {
@@ -13378,9 +13370,9 @@
             }
         },
         "node_modules/postcss-custom-properties": {
-            "version": "14.0.6",
-            "resolved": "https://registry.npmjs.org/postcss-custom-properties/-/postcss-custom-properties-14.0.6.tgz",
-            "integrity": "sha512-fTYSp3xuk4BUeVhxCSJdIPhDLpJfNakZKoiTDx7yRGCdlZrSJR7mWKVOBS4sBF+5poPQFMj2YdXx1VHItBGihQ==",
+            "version": "14.0.5",
+            "resolved": "https://registry.npmjs.org/postcss-custom-properties/-/postcss-custom-properties-14.0.5.tgz",
+            "integrity": "sha512-UWf/vhMapZatv+zOuqlfLmYXeOhhHLh8U8HAKGI2VJ00xLRYoAJh4xv8iX6FB6+TLXeDnm0DBLMi00E0hodbQw==",
             "dev": true,
             "funding": [
                 {
@@ -14018,9 +14010,9 @@
             }
         },
         "node_modules/postcss-nesting": {
-            "version": "13.0.2",
-            "resolved": "https://registry.npmjs.org/postcss-nesting/-/postcss-nesting-13.0.2.tgz",
-            "integrity": "sha512-1YCI290TX+VP0U/K/aFxzHzQWHWURL+CtHMSbex1lCdpXD1SoR2sYuxDu5aNI9lPoXpKTCggFZiDJbwylU0LEQ==",
+            "version": "13.0.1",
+            "resolved": "https://registry.npmjs.org/postcss-nesting/-/postcss-nesting-13.0.1.tgz",
+            "integrity": "sha512-VbqqHkOBOt4Uu3G8Dm8n6lU5+9cJFxiuty9+4rcoyRPO9zZS1JIs6td49VIoix3qYqELHlJIn46Oih9SAKo+yQ==",
             "dev": true,
             "funding": [
                 {
@@ -14034,7 +14026,7 @@
             ],
             "license": "MIT-0",
             "dependencies": {
-                "@csstools/selector-resolve-nested": "^3.1.0",
+                "@csstools/selector-resolve-nested": "^3.0.0",
                 "@csstools/selector-specificity": "^5.0.0",
                 "postcss-selector-parser": "^7.0.0"
             },
@@ -14046,9 +14038,9 @@
             }
         },
         "node_modules/postcss-nesting/node_modules/@csstools/selector-resolve-nested": {
-            "version": "3.1.0",
-            "resolved": "https://registry.npmjs.org/@csstools/selector-resolve-nested/-/selector-resolve-nested-3.1.0.tgz",
-            "integrity": "sha512-mf1LEW0tJLKfWyvn5KdDrhpxHyuxpbNwTIwOYLIvsTffeyOf85j5oIzfG0yosxDgx/sswlqBnESYUcQH0vgZ0g==",
+            "version": "3.0.0",
+            "resolved": "https://registry.npmjs.org/@csstools/selector-resolve-nested/-/selector-resolve-nested-3.0.0.tgz",
+            "integrity": "sha512-ZoK24Yku6VJU1gS79a5PFmC8yn3wIapiKmPgun0hZgEI5AOqgH2kiPRsPz1qkGv4HL+wuDLH83yQyk6inMYrJQ==",
             "dev": true,
             "funding": [
                 {
@@ -14350,9 +14342,9 @@
             }
         },
         "node_modules/postcss-preset-env": {
-            "version": "10.2.3",
-            "resolved": "https://registry.npmjs.org/postcss-preset-env/-/postcss-preset-env-10.2.3.tgz",
-            "integrity": "sha512-zlQN1yYmA7lFeM1wzQI14z97mKoM8qGng+198w1+h6sCud/XxOjcKtApY9jWr7pXNS3yHDEafPlClSsWnkY8ow==",
+            "version": "10.2.0",
+            "resolved": "https://registry.npmjs.org/postcss-preset-env/-/postcss-preset-env-10.2.0.tgz",
+            "integrity": "sha512-cl13sPBbSqo1Q7Ryb19oT5NZO5IHFolRbIMdgDq4f9w1MHYiL6uZS7uSsjXJ1KzRIcX5BMjEeyxmAevVXENa3Q==",
             "dev": true,
             "funding": [
                 {
@@ -14378,7 +14370,7 @@
                 "@csstools/postcss-hwb-function": "^4.0.10",
                 "@csstools/postcss-ic-unit": "^4.0.2",
                 "@csstools/postcss-initial": "^2.0.1",
-                "@csstools/postcss-is-pseudo-class": "^5.0.3",
+                "@csstools/postcss-is-pseudo-class": "^5.0.1",
                 "@csstools/postcss-light-dark-function": "^2.0.9",
                 "@csstools/postcss-logical-float-and-clear": "^3.0.0",
                 "@csstools/postcss-logical-overflow": "^2.0.0",
@@ -14400,7 +14392,7 @@
                 "@csstools/postcss-trigonometric-functions": "^4.0.9",
                 "@csstools/postcss-unset-value": "^4.0.0",
                 "autoprefixer": "^10.4.21",
-                "browserslist": "^4.25.0",
+                "browserslist": "^4.24.5",
                 "css-blank-pseudo": "^7.0.1",
                 "css-has-pseudo": "^7.0.2",
                 "css-prefers-color-scheme": "^10.0.0",
@@ -14411,7 +14403,7 @@
                 "postcss-color-hex-alpha": "^10.0.0",
                 "postcss-color-rebeccapurple": "^10.0.0",
                 "postcss-custom-media": "^11.0.6",
-                "postcss-custom-properties": "^14.0.6",
+                "postcss-custom-properties": "^14.0.5",
                 "postcss-custom-selectors": "^8.0.5",
                 "postcss-dir-pseudo-class": "^9.0.1",
                 "postcss-double-position-gradients": "^6.0.2",
@@ -14422,7 +14414,7 @@
                 "postcss-image-set-function": "^7.0.0",
                 "postcss-lab-function": "^7.0.10",
                 "postcss-logical": "^8.1.0",
-                "postcss-nesting": "^13.0.2",
+                "postcss-nesting": "^13.0.1",
                 "postcss-opacity-percentage": "^3.0.0",
                 "postcss-overflow-shorthand": "^6.0.0",
                 "postcss-page-break": "^3.0.4",
@@ -14997,7 +14989,7 @@
             "version": "19.1.0",
             "resolved": "https://registry.npmjs.org/react-dom/-/react-dom-19.1.0.tgz",
             "integrity": "sha512-Xs1hdnE+DyKgeHJeJznQmYMIBG3TKIHJJT95Q58nHLSrElKlGQqDTR2HQ9fx5CN/Gk6Vh/kupBTDLU11/nDk/g==",
-            "devOptional": true,
+            "dev": true,
             "license": "MIT",
             "dependencies": {
                 "scheduler": "^0.26.0"
@@ -15796,7 +15788,7 @@
             "version": "0.26.0",
             "resolved": "https://registry.npmjs.org/scheduler/-/scheduler-0.26.0.tgz",
             "integrity": "sha512-NlHwttCI/l5gCPR3D1nNXtWABUmBwvZpEQiD4IXSbIDq8BzLIK/7Ir5gTFSGZDUu37K5cMNp0hFtzO38sC7gWA==",
-            "devOptional": true,
+            "dev": true,
             "license": "MIT"
         },
         "node_modules/schema-dts": {

packages/docusaurus-config/package.json

@@ -1,12 +1,10 @@
 {
     "name": "@goauthentik/docusaurus-config",
-    "version": "2.1.1",
+    "version": "2.0.0",
     "description": "authentik's Docusaurus config",
     "license": "MIT",
     "scripts": {
-        "build": "tsc -p .",
-        "prettier": "prettier --write .",
-        "prettier-check": "prettier --check ."
+        "build": "tsc -p ."
     },
     "type": "module",
     "exports": {
@@ -22,26 +20,24 @@
         "prism-react-renderer": "^2.4.1"
     },
     "devDependencies": {
-        "@docusaurus/theme-common": "^3.8.1",
-        "@docusaurus/theme-search-algolia": "^3.8.1",
-        "@docusaurus/types": "^3.8.1",
+        "@docusaurus/theme-common": "^3.8.0",
+        "@docusaurus/theme-search-algolia": "^3.8.0",
+        "@docusaurus/types": "^3.8.0",
         "@goauthentik/prettier-config": "^2.0.0",
         "@goauthentik/tsconfig": "^1.0.4",
         "@types/react": "^19.1.6",
         "@types/react-dom": "^19.1.5",
         "prettier": "^3.5.3",
+        "react": "^19.1.0",
+        "react-dom": "^19.1.0",
         "typescript": "^5.8.3"
     },
     "peerDependencies": {
-        "@docusaurus/theme-common": "^3.8.1",
-        "@docusaurus/theme-search-algolia": "^3.8.1",
+        "@docusaurus/theme-common": "^3.8.0",
+        "@docusaurus/theme-search-algolia": "^3.8.0",
         "@docusaurus/types": "^3.8.0",
-        "react": ">=18",
-        "react-dom": ">=18"
-    },
-    "optionalDependencies": {
-        "react": ">=18",
-        "react-dom": ">=18"
+        "react": "^18.0.0 || ^19.0.0",
+        "react-dom": "^18.0.0 || ^19.0.0"
     },
     "engines": {
         "node": ">=22"
@@ -57,12 +53,6 @@
     "peerDependenciesMeta": {
         "@docusaurus/theme-search-algolia": {
             "optional": true
-        },
-        "react": {
-            "optional": true
-        },
-        "react-dom": {
-            "optional": true
         }
     },
     "publishConfig": {

packages/eslint-config/package-lock.json

@@ -216,9 +216,9 @@
             }
         },
         "node_modules/@eslint/config-array": {
-            "version": "0.20.1",
-            "resolved": "https://registry.npmjs.org/@eslint/config-array/-/config-array-0.20.1.tgz",
-            "integrity": "sha512-OL0RJzC/CBzli0DrrR31qzj6d6i6Mm3HByuhflhl4LOBiWxN+3i6/t/ZQQNii4tjksXi8r2CRW1wMpWA2ULUEw==",
+            "version": "0.20.0",
+            "resolved": "https://registry.npmjs.org/@eslint/config-array/-/config-array-0.20.0.tgz",
+            "integrity": "sha512-fxlS1kkIjx8+vy2SjuCB94q3htSNrufYTXubwiBFeaQHbH6Ipi43gFJq2zCMt6PHhImH3Xmr0NksKDvchWlpQQ==",
             "license": "Apache-2.0",
             "dependencies": {
                 "@eslint/object-schema": "^2.1.6",
@@ -274,9 +274,9 @@
             }
         },
         "node_modules/@eslint/js": {
-            "version": "9.29.0",
-            "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.29.0.tgz",
-            "integrity": "sha512-3PIF4cBw/y+1u2EazflInpV+lYsSG0aByVIQzAgb1m1MhHFSbqTyNqtBKHgWf/9Ykud+DhILS9EGkmekVhbKoQ==",
+            "version": "9.28.0",
+            "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.28.0.tgz",
+            "integrity": "sha512-fnqSjGWd/CoIp4EXIxWVK/sHA6DOHN4+8Ix2cX5ycOY7LG0UY8nHCU5pIp2eaE1Mc7Qd8kHspYNzYXT2ojPLzg==",
             "license": "MIT",
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -576,17 +576,17 @@
             "license": "MIT"
         },
         "node_modules/@typescript-eslint/eslint-plugin": {
-            "version": "8.34.1",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.34.1.tgz",
-            "integrity": "sha512-STXcN6ebF6li4PxwNeFnqF8/2BNDvBupf2OPx2yWNzr6mKNGF7q49VM00Pz5FaomJyqvbXpY6PhO+T9w139YEQ==",
+            "version": "8.34.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.34.0.tgz",
+            "integrity": "sha512-QXwAlHlbcAwNlEEMKQS2RCgJsgXrTJdjXT08xEgbPFa2yYQgVjBymxP5DrfrE7X7iodSzd9qBUHUycdyVJTW1w==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
                 "@eslint-community/regexpp": "^4.10.0",
-                "@typescript-eslint/scope-manager": "8.34.1",
-                "@typescript-eslint/type-utils": "8.34.1",
-                "@typescript-eslint/utils": "8.34.1",
-                "@typescript-eslint/visitor-keys": "8.34.1",
+                "@typescript-eslint/scope-manager": "8.34.0",
+                "@typescript-eslint/type-utils": "8.34.0",
+                "@typescript-eslint/utils": "8.34.0",
+                "@typescript-eslint/visitor-keys": "8.34.0",
                 "graphemer": "^1.4.0",
                 "ignore": "^7.0.0",
                 "natural-compare": "^1.4.0",
@@ -600,7 +600,7 @@
                 "url": "https://opencollective.com/typescript-eslint"
             },
             "peerDependencies": {
-                "@typescript-eslint/parser": "^8.34.1",
+                "@typescript-eslint/parser": "^8.34.0",
                 "eslint": "^8.57.0 || ^9.0.0",
                 "typescript": ">=4.8.4 <5.9.0"
             }
@@ -616,16 +616,16 @@
             }
         },
         "node_modules/@typescript-eslint/parser": {
-            "version": "8.34.1",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.34.1.tgz",
-            "integrity": "sha512-4O3idHxhyzjClSMJ0a29AcoK0+YwnEqzI6oz3vlRf3xw0zbzt15MzXwItOlnr5nIth6zlY2RENLsOPvhyrKAQA==",
+            "version": "8.34.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.34.0.tgz",
+            "integrity": "sha512-vxXJV1hVFx3IXz/oy2sICsJukaBrtDEQSBiV48/YIV5KWjX1dO+bcIr/kCPrW6weKXvsaGKFNlwH0v2eYdRRbA==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/scope-manager": "8.34.1",
-                "@typescript-eslint/types": "8.34.1",
-                "@typescript-eslint/typescript-estree": "8.34.1",
-                "@typescript-eslint/visitor-keys": "8.34.1",
+                "@typescript-eslint/scope-manager": "8.34.0",
+                "@typescript-eslint/types": "8.34.0",
+                "@typescript-eslint/typescript-estree": "8.34.0",
+                "@typescript-eslint/visitor-keys": "8.34.0",
                 "debug": "^4.3.4"
             },
             "engines": {
@@ -641,14 +641,14 @@
             }
         },
         "node_modules/@typescript-eslint/project-service": {
-            "version": "8.34.1",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.34.1.tgz",
-            "integrity": "sha512-nuHlOmFZfuRwLJKDGQOVc0xnQrAmuq1Mj/ISou5044y1ajGNp2BNliIqp7F2LPQ5sForz8lempMFCovfeS1XoA==",
+            "version": "8.34.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.34.0.tgz",
+            "integrity": "sha512-iEgDALRf970/B2YExmtPMPF54NenZUf4xpL3wsCRx/lgjz6ul/l13R81ozP/ZNuXfnLCS+oPmG7JIxfdNYKELw==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/tsconfig-utils": "^8.34.1",
-                "@typescript-eslint/types": "^8.34.1",
+                "@typescript-eslint/tsconfig-utils": "^8.34.0",
+                "@typescript-eslint/types": "^8.34.0",
                 "debug": "^4.3.4"
             },
             "engines": {
@@ -663,14 +663,14 @@
             }
         },
         "node_modules/@typescript-eslint/scope-manager": {
-            "version": "8.34.1",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.34.1.tgz",
-            "integrity": "sha512-beu6o6QY4hJAgL1E8RaXNC071G4Kso2MGmJskCFQhRhg8VOH/FDbC8soP8NHN7e/Hdphwp8G8cE6OBzC8o41ZA==",
+            "version": "8.34.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.34.0.tgz",
+            "integrity": "sha512-9Ac0X8WiLykl0aj1oYQNcLZjHgBojT6cW68yAgZ19letYu+Hxd0rE0veI1XznSSst1X5lwnxhPbVdwjDRIomRw==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/types": "8.34.1",
-                "@typescript-eslint/visitor-keys": "8.34.1"
+                "@typescript-eslint/types": "8.34.0",
+                "@typescript-eslint/visitor-keys": "8.34.0"
             },
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -681,9 +681,9 @@
             }
         },
         "node_modules/@typescript-eslint/tsconfig-utils": {
-            "version": "8.34.1",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.34.1.tgz",
-            "integrity": "sha512-K4Sjdo4/xF9NEeA2khOb7Y5nY6NSXBnod87uniVYW9kHP+hNlDV8trUSFeynA2uxWam4gIWgWoygPrv9VMWrYg==",
+            "version": "8.34.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.34.0.tgz",
+            "integrity": "sha512-+W9VYHKFIzA5cBeooqQxqNriAP0QeQ7xTiDuIOr71hzgffm3EL2hxwWBIIj4GuofIbKxGNarpKqIq6Q6YrShOA==",
             "dev": true,
             "license": "MIT",
             "engines": {
@@ -698,14 +698,14 @@
             }
         },
         "node_modules/@typescript-eslint/type-utils": {
-            "version": "8.34.1",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.34.1.tgz",
-            "integrity": "sha512-Tv7tCCr6e5m8hP4+xFugcrwTOucB8lshffJ6zf1mF1TbU67R+ntCc6DzLNKM+s/uzDyv8gLq7tufaAhIBYeV8g==",
+            "version": "8.34.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.34.0.tgz",
+            "integrity": "sha512-n7zSmOcUVhcRYC75W2pnPpbO1iwhJY3NLoHEtbJwJSNlVAZuwqu05zY3f3s2SDWWDSo9FdN5szqc73DCtDObAg==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/typescript-estree": "8.34.1",
-                "@typescript-eslint/utils": "8.34.1",
+                "@typescript-eslint/typescript-estree": "8.34.0",
+                "@typescript-eslint/utils": "8.34.0",
                 "debug": "^4.3.4",
                 "ts-api-utils": "^2.1.0"
             },
@@ -722,9 +722,9 @@
             }
         },
         "node_modules/@typescript-eslint/types": {
-            "version": "8.34.1",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.34.1.tgz",
-            "integrity": "sha512-rjLVbmE7HR18kDsjNIZQHxmv9RZwlgzavryL5Lnj2ujIRTeXlKtILHgRNmQ3j4daw7zd+mQgy+uyt6Zo6I0IGA==",
+            "version": "8.34.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.34.0.tgz",
+            "integrity": "sha512-9V24k/paICYPniajHfJ4cuAWETnt7Ssy+R0Rbcqo5sSFr3QEZ/8TSoUi9XeXVBGXCaLtwTOKSLGcInCAvyZeMA==",
             "dev": true,
             "license": "MIT",
             "engines": {
@@ -736,16 +736,16 @@
             }
         },
         "node_modules/@typescript-eslint/typescript-estree": {
-            "version": "8.34.1",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.34.1.tgz",
-            "integrity": "sha512-rjCNqqYPuMUF5ODD+hWBNmOitjBWghkGKJg6hiCHzUvXRy6rK22Jd3rwbP2Xi+R7oYVvIKhokHVhH41BxPV5mA==",
+            "version": "8.34.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.34.0.tgz",
+            "integrity": "sha512-rOi4KZxI7E0+BMqG7emPSK1bB4RICCpF7QD3KCLXn9ZvWoESsOMlHyZPAHyG04ujVplPaHbmEvs34m+wjgtVtg==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/project-service": "8.34.1",
-                "@typescript-eslint/tsconfig-utils": "8.34.1",
-                "@typescript-eslint/types": "8.34.1",
-                "@typescript-eslint/visitor-keys": "8.34.1",
+                "@typescript-eslint/project-service": "8.34.0",
+                "@typescript-eslint/tsconfig-utils": "8.34.0",
+                "@typescript-eslint/types": "8.34.0",
+                "@typescript-eslint/visitor-keys": "8.34.0",
                 "debug": "^4.3.4",
                 "fast-glob": "^3.3.2",
                 "is-glob": "^4.0.3",
@@ -765,9 +765,9 @@
             }
         },
         "node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion": {
-            "version": "2.0.2",
-            "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
-            "integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
+            "version": "2.0.1",
+            "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
+            "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
@@ -804,16 +804,16 @@
             }
         },
         "node_modules/@typescript-eslint/utils": {
-            "version": "8.34.1",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.34.1.tgz",
-            "integrity": "sha512-mqOwUdZ3KjtGk7xJJnLbHxTuWVn3GO2WZZuM+Slhkun4+qthLdXx32C8xIXbO1kfCECb3jIs3eoxK3eryk7aoQ==",
+            "version": "8.34.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.34.0.tgz",
+            "integrity": "sha512-8L4tWatGchV9A1cKbjaavS6mwYwp39jql8xUmIIKJdm+qiaeHy5KMKlBrf30akXAWBzn2SqKsNOtSENWUwg7XQ==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
                 "@eslint-community/eslint-utils": "^4.7.0",
-                "@typescript-eslint/scope-manager": "8.34.1",
-                "@typescript-eslint/types": "8.34.1",
-                "@typescript-eslint/typescript-estree": "8.34.1"
+                "@typescript-eslint/scope-manager": "8.34.0",
+                "@typescript-eslint/types": "8.34.0",
+                "@typescript-eslint/typescript-estree": "8.34.0"
             },
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -828,14 +828,14 @@
             }
         },
         "node_modules/@typescript-eslint/visitor-keys": {
-            "version": "8.34.1",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.34.1.tgz",
-            "integrity": "sha512-xoh5rJ+tgsRKoXnkBPFRLZ7rjKM0AfVbC68UZ/ECXoDbfggb9RbEySN359acY1vS3qZ0jVTVWzbtfapwm5ztxw==",
+            "version": "8.34.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.34.0.tgz",
+            "integrity": "sha512-qHV7pW7E85A0x6qyrFn+O+q1k1p3tQCsqIZ1KZ5ESLXY57aTvUd3/a4rdPTeXisvhXn2VQG0VSKUqs8KHF2zcA==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/types": "8.34.1",
-                "eslint-visitor-keys": "^4.2.1"
+                "@typescript-eslint/types": "8.34.0",
+                "eslint-visitor-keys": "^4.2.0"
             },
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -846,9 +846,9 @@
             }
         },
         "node_modules/acorn": {
-            "version": "8.15.0",
-            "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.15.0.tgz",
-            "integrity": "sha512-NZyJarBfL7nWwIq+FDL6Zp/yHEhePMNnnJ0y3qfieCrmNvYct8uvtiV41UvlSe6apAfk0fY1FbWx+NwfmpvtTg==",
+            "version": "8.14.1",
+            "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.14.1.tgz",
+            "integrity": "sha512-OvQ/2pUDKmgfCg++xsTX1wGxfTaszcHVcTctW4UJB4hibJx2HXxxO5UmVgyjMa+ZDsiaf5wWLXYpRWMmBI0QHg==",
             "license": "MIT",
             "bin": {
                 "acorn": "bin/acorn"
@@ -1554,18 +1554,18 @@
             }
         },
         "node_modules/eslint": {
-            "version": "9.29.0",
-            "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.29.0.tgz",
-            "integrity": "sha512-GsGizj2Y1rCWDu6XoEekL3RLilp0voSePurjZIkxL3wlm5o5EC9VpgaP7lrCvjnkuLvzFBQWB3vWB3K5KQTveQ==",
+            "version": "9.28.0",
+            "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.28.0.tgz",
+            "integrity": "sha512-ocgh41VhRlf9+fVpe7QKzwLj9c92fDiqOj8Y3Sd4/ZmVA4Btx4PlUYPq4pp9JDyupkf1upbEXecxL2mwNV7jPQ==",
             "license": "MIT",
             "dependencies": {
                 "@eslint-community/eslint-utils": "^4.2.0",
                 "@eslint-community/regexpp": "^4.12.1",
-                "@eslint/config-array": "^0.20.1",
+                "@eslint/config-array": "^0.20.0",
                 "@eslint/config-helpers": "^0.2.1",
                 "@eslint/core": "^0.14.0",
                 "@eslint/eslintrc": "^3.3.1",
-                "@eslint/js": "9.29.0",
+                "@eslint/js": "9.28.0",
                 "@eslint/plugin-kit": "^0.3.1",
                 "@humanfs/node": "^0.16.6",
                 "@humanwhocodes/module-importer": "^1.0.1",
@@ -1577,9 +1577,9 @@
                 "cross-spawn": "^7.0.6",
                 "debug": "^4.3.2",
                 "escape-string-regexp": "^4.0.0",
-                "eslint-scope": "^8.4.0",
-                "eslint-visitor-keys": "^4.2.1",
-                "espree": "^10.4.0",
+                "eslint-scope": "^8.3.0",
+                "eslint-visitor-keys": "^4.2.0",
+                "espree": "^10.3.0",
                 "esquery": "^1.5.0",
                 "esutils": "^2.0.2",
                 "fast-deep-equal": "^3.1.3",
@@ -1792,9 +1792,9 @@
             }
         },
         "node_modules/eslint-scope": {
-            "version": "8.4.0",
-            "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-8.4.0.tgz",
-            "integrity": "sha512-sNXOfKCn74rt8RICKMvJS7XKV/Xk9kA7DyJr8mJik3S7Cwgy3qlkkmyS2uQB3jiJg6VNdZd/pDBJu0nvG2NlTg==",
+            "version": "8.3.0",
+            "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-8.3.0.tgz",
+            "integrity": "sha512-pUNxi75F8MJ/GdeKtVLSbYg4ZI34J6C0C7sbL4YOp2exGwen7ZsuBqKzUhXd0qMQ362yET3z+uPwKeg/0C2XCQ==",
             "license": "BSD-2-Clause",
             "dependencies": {
                 "esrecurse": "^4.3.0",
@@ -1808,9 +1808,9 @@
             }
         },
         "node_modules/eslint-visitor-keys": {
-            "version": "4.2.1",
-            "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-4.2.1.tgz",
-            "integrity": "sha512-Uhdk5sfqcee/9H/rCOJikYz67o0a2Tw2hGRPOG2Y1R2dg7brRe1uG0yaNQDHu+TO/uQPF/5eCapvYSmHUjt7JQ==",
+            "version": "4.2.0",
+            "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-4.2.0.tgz",
+            "integrity": "sha512-UyLnSehNt62FFhSwjZlHmeokpRK59rcz29j+F1/aDgbkbRTk7wIc9XzdoasMUbRNKDM0qQt/+BJ4BrpFeABemw==",
             "license": "Apache-2.0",
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -1820,14 +1820,14 @@
             }
         },
         "node_modules/espree": {
-            "version": "10.4.0",
-            "resolved": "https://registry.npmjs.org/espree/-/espree-10.4.0.tgz",
-            "integrity": "sha512-j6PAQ2uUr79PZhBjP5C5fhl8e39FmRnOjsD5lGnWrFU8i2G776tBK7+nP8KuQUTTyAZUwfQqXAgrVH5MbH9CYQ==",
+            "version": "10.3.0",
+            "resolved": "https://registry.npmjs.org/espree/-/espree-10.3.0.tgz",
+            "integrity": "sha512-0QYC8b24HWY8zjRnDTL6RiHfDbAWn63qb4LMj1Z4b076A4une81+z03Kg7l7mn/48PUTqoLptSXez8oknU8Clg==",
             "license": "BSD-2-Clause",
             "dependencies": {
-                "acorn": "^8.15.0",
+                "acorn": "^8.14.0",
                 "acorn-jsx": "^5.3.2",
-                "eslint-visitor-keys": "^4.2.1"
+                "eslint-visitor-keys": "^4.2.0"
             },
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -4035,15 +4035,15 @@
             }
         },
         "node_modules/typescript-eslint": {
-            "version": "8.34.1",
-            "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.34.1.tgz",
-            "integrity": "sha512-XjS+b6Vg9oT1BaIUfkW3M3LvqZE++rbzAMEHuccCfO/YkP43ha6w3jTEMilQxMF92nVOYCcdjv1ZUhAa1D/0ow==",
+            "version": "8.34.0",
+            "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.34.0.tgz",
+            "integrity": "sha512-MRpfN7uYjTrTGigFCt8sRyNqJFhjN0WwZecldaqhWm+wy0gaRt8Edb/3cuUy0zdq2opJWT6iXINKAtewnDOltQ==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/eslint-plugin": "8.34.1",
-                "@typescript-eslint/parser": "8.34.1",
-                "@typescript-eslint/utils": "8.34.1"
+                "@typescript-eslint/eslint-plugin": "8.34.0",
+                "@typescript-eslint/parser": "8.34.0",
+                "@typescript-eslint/utils": "8.34.0"
             },
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"

packages/prettier-config/.prettierignore

@@ -1,9 +0,0 @@
-# Prettier Ignorefile
-
-## Static Files
-**/LICENSE
-
-## Build asset directories
-coverage
-dist
-out

packages/prettier-config/lib/constants.js

@@ -45,6 +45,7 @@ export const AuthentikPrettierConfig = {
         "^(@goauthentik/|#)user.+",
         "^(@goauthentik/|#)admin.+",
         "^(@goauthentik/|#)flow.+",
+        "^(@goauthentik/|#)flow.+",
 
         "^#.+",
         "^@goauthentik.+",

packages/prettier-config/package-lock.json

@@ -1,29 +1,29 @@
 {
     "name": "@goauthentik/prettier-config",
-    "version": "2.0.1",
+    "version": "2.0.0",
     "lockfileVersion": 3,
     "requires": true,
     "packages": {
         "": {
             "name": "@goauthentik/prettier-config",
-            "version": "2.0.1",
+            "version": "2.0.0",
             "license": "MIT",
             "devDependencies": {
                 "@goauthentik/tsconfig": "^1.0.1",
                 "@trivago/prettier-plugin-sort-imports": "^5.2.2",
                 "prettier": "^3.5.3",
                 "prettier-plugin-organize-imports": "^4.1.0",
-                "prettier-plugin-packagejson": "^2.5.15",
-                "typescript": "^5.8.3"
+                "prettier-plugin-packagejson": "^2.5.14",
+                "typescript": "^5.8.2"
             },
             "engines": {
-                "node": ">=22"
+                "node": ">=20.11"
             },
             "peerDependencies": {
                 "@trivago/prettier-plugin-sort-imports": "^5.2.2",
                 "prettier": "^3.5.3",
                 "prettier-plugin-organize-imports": "^4.1.0",
-                "prettier-plugin-packagejson": "^2.5.15"
+                "prettier-plugin-packagejson": "^2.5.14"
             }
         },
         "node_modules/@babel/code-frame": {
@@ -206,9 +206,9 @@
             }
         },
         "node_modules/@pkgr/core": {
-            "version": "0.2.7",
-            "resolved": "https://registry.npmjs.org/@pkgr/core/-/core-0.2.7.tgz",
-            "integrity": "sha512-YLT9Zo3oNPJoBjBc4q8G2mjU4tqIbf5CEOORbUUr48dCD9q3umJ3IPlVqOqDakPfd2HuwccBaqlGhN4Gmr5OWg==",
+            "version": "0.2.4",
+            "resolved": "https://registry.npmjs.org/@pkgr/core/-/core-0.2.4.tgz",
+            "integrity": "sha512-ROFF39F6ZrnzSUEmQQZUar0Jt4xVoP9WnDRdWwF4NNcXs3xBTLgBUDoOwW141y1jP+S8nahIbdxbFC7IShw9Iw==",
             "dev": true,
             "license": "MIT",
             "engines": {
@@ -437,14 +437,14 @@
             }
         },
         "node_modules/prettier-plugin-packagejson": {
-            "version": "2.5.15",
-            "resolved": "https://registry.npmjs.org/prettier-plugin-packagejson/-/prettier-plugin-packagejson-2.5.15.tgz",
-            "integrity": "sha512-2QSx6y4IT6LTwXtCvXAopENW5IP/aujC8fobEM2pDbs0IGkiVjW/ipPuYAHuXigbNe64aGWF7vIetukuzM3CBw==",
+            "version": "2.5.14",
+            "resolved": "https://registry.npmjs.org/prettier-plugin-packagejson/-/prettier-plugin-packagejson-2.5.14.tgz",
+            "integrity": "sha512-h+3tSpr2nVpp+YOK1MDIYtYhHVXr8/0V59UUbJpIJFaqi3w4fvUokJo6eV8W+vELrUXIZzJ+DKm5G7lYzrMcKQ==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
                 "sort-package-json": "3.2.1",
-                "synckit": "0.11.8"
+                "synckit": "0.11.6"
             },
             "peerDependencies": {
                 "prettier": ">= 1.16.0"
@@ -495,9 +495,9 @@
             }
         },
         "node_modules/synckit": {
-            "version": "0.11.8",
-            "resolved": "https://registry.npmjs.org/synckit/-/synckit-0.11.8.tgz",
-            "integrity": "sha512-+XZ+r1XGIJGeQk3VvXhT6xx/VpbHsRzsTkGgF6E5RX9TTXD0118l87puaEBZ566FhqblC6U0d4XnubznJDm30A==",
+            "version": "0.11.6",
+            "resolved": "https://registry.npmjs.org/synckit/-/synckit-0.11.6.tgz",
+            "integrity": "sha512-2pR2ubZSV64f/vqm9eLPz/KOvR9Dm+Co/5ChLgeHl0yEDRc6h5hXHoxEQH8Y5Ljycozd3p1k5TTSVdzYGkPvLw==",
             "dev": true,
             "license": "MIT",
             "dependencies": {

packages/prettier-config/package.json

@@ -1,12 +1,10 @@
 {
     "name": "@goauthentik/prettier-config",
-    "version": "2.0.1",
+    "version": "2.0.0",
     "description": "authentik's Prettier config",
     "license": "MIT",
     "scripts": {
-        "build": "tsc -p .",
-        "prettier": "prettier --write .",
-        "prettier-check": "prettier --check ."
+        "build": "tsc -p ."
     },
     "type": "module",
     "exports": "./index.js",
@@ -15,17 +13,17 @@
         "@trivago/prettier-plugin-sort-imports": "^5.2.2",
         "prettier": "^3.5.3",
         "prettier-plugin-organize-imports": "^4.1.0",
-        "prettier-plugin-packagejson": "^2.5.15",
-        "typescript": "^5.8.3"
+        "prettier-plugin-packagejson": "^2.5.14",
+        "typescript": "^5.8.2"
     },
     "peerDependencies": {
         "@trivago/prettier-plugin-sort-imports": "^5.2.2",
         "prettier": "^3.5.3",
         "prettier-plugin-organize-imports": "^4.1.0",
-        "prettier-plugin-packagejson": "^2.5.15"
+        "prettier-plugin-packagejson": "^2.5.14"
     },
     "engines": {
-        "node": ">=22"
+        "node": ">=20.11"
     },
     "types": "./out/index.d.ts",
     "files": [

pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "authentik"
-version = "2025.6.2"
+version = "2025.6.1"
 description = ""
 authors = [{ name = "authentik Team", email = "hello@goauthentik.io" }]
 requires-python = "==3.13.*"
@@ -15,18 +15,17 @@ dependencies = [
     "defusedxml==0.7.1",
     "django==5.1.11",
     "django-countries==7.6.1",
-    "django-cte==2.0.0",
+    "django-cte==1.3.3",
     "django-filter==25.1",
     "django-guardian==3.0.0",
     "django-model-utils==5.0.0",
     "django-pglock==1.7.2",
-    "django-prometheus==2.4.0",
-    "django-redis==6.0.0",
+    "django-prometheus==2.3.1",
+    "django-redis==5.4.0",
     "django-storages[s3]==1.14.6",
     "django-tenants==3.8.0",
-    "djangoql==0.18.1",
-    "djangorestframework-guardian==0.3.0",
     "djangorestframework==3.16.0",
+    "djangorestframework-guardian==0.3.0",
     "docker==7.1.0",
     "drf-orjson-renderer==1.7.3",
     "drf-spectacular==0.28.0",
@@ -36,40 +35,40 @@ dependencies = [
     "flower==2.0.1",
     "geoip2==5.1.0",
     "geopy==2.4.1",
-    "google-api-python-client==2.173.0",
+    "google-api-python-client==2.172.0",
     "gssapi==1.9.0",
     "gunicorn==23.0.0",
     "jsonpatch==1.33",
     "jwcrypto==1.5.6",
-    "kubernetes==33.1.0",
+    "kubernetes==32.0.1",
     "ldap3==2.9.1",
     "lxml==5.4.0",
-    "msgraph-sdk==1.34.0",
+    "msgraph-sdk==1.33.0",
     "opencontainers==0.0.14",
     "packaging==25.0",
     "paramiko==3.5.1",
     "psycopg[c,pool]==3.2.9",
-    "pydantic==2.11.7",
+    "pydantic==2.11.5",
     "pydantic-scim==0.0.8",
     "pyjwt==2.10.1",
     "pyrad==2.4",
-    "python-kadmin-rs==0.6.1",
+    "python-kadmin-rs==0.6.0",
     "pyyaml==6.0.2",
     "requests-oauthlib==2.0.0",
     "scim2-filter-parser==0.7.0",
-    "sentry-sdk==2.30.0",
+    "sentry-sdk==2.29.1",
     "service-identity==24.2.0",
     "setproctitle==1.3.6",
     "structlog==25.4.0",
     "swagger-spec-validator==3.0.4",
     "tenant-schemas-celery==3.0.0",
-    "twilio==9.6.3",
+    "twilio==9.6.2",
     "ua-parser==1.0.1",
     "unidecode==1.4.0",
     "urllib3<3",
     "uvicorn[standard]==0.34.3",
     "watchdog==6.0.0",
-    "webauthn==2.6.0",
+    "webauthn==2.5.2",
     "wsproto==1.2.0",
     "xmlsec==1.3.15",
     "zxcvbn==4.5.0",

tests/e2e/docker-compose.yml

@@ -7,7 +7,7 @@ services:
     network_mode: host
     restart: always
   mailpit:
-    image: docker.io/axllent/mailpit:v1.26.1
+    image: docker.io/axllent/mailpit:v1.26.0
     ports:
       - 1025:1025
       - 8025:8025

tests/e2e/test_provider_ldap.py

@@ -2,6 +2,7 @@
 
 from dataclasses import asdict
 from time import sleep
+from unittest.mock import patch
 
 from guardian.shortcuts import assign_perm
 from ldap3 import ALL, ALL_ATTRIBUTES, ALL_OPERATIONAL_ATTRIBUTES, SUBTREE, Connection, Server
@@ -15,10 +16,12 @@ from authentik.flows.models import Flow
 from authentik.lib.generators import generate_id
 from authentik.outposts.apps import MANAGED_OUTPOST
 from authentik.outposts.models import Outpost, OutpostConfig, OutpostType
+from authentik.outposts.tests.test_ws import patched__get_ct_cached
 from authentik.providers.ldap.models import APIAccessMode, LDAPProvider
 from tests.e2e.utils import SeleniumTestCase, retry
 
 
+@patch("guardian.shortcuts._get_ct_cached", patched__get_ct_cached)
 class TestProviderLDAP(SeleniumTestCase):
     """LDAP and Outpost e2e tests"""
 

tests/e2e/test_provider_proxy.py

@@ -6,6 +6,7 @@ from json import loads
 from sys import platform
 from time import sleep
 from unittest.case import skip, skipUnless
+from unittest.mock import patch
 
 from channels.testing import ChannelsLiveServerTestCase
 from jwt import decode
@@ -17,10 +18,12 @@ from authentik.flows.models import Flow
 from authentik.lib.generators import generate_id
 from authentik.outposts.models import DockerServiceConnection, Outpost, OutpostConfig, OutpostType
 from authentik.outposts.tasks import outpost_connection_discovery
+from authentik.outposts.tests.test_ws import patched__get_ct_cached
 from authentik.providers.proxy.models import ProxyProvider
 from tests.e2e.utils import SeleniumTestCase, retry
 
 
+@patch("guardian.shortcuts._get_ct_cached", patched__get_ct_cached)
 class TestProviderProxy(SeleniumTestCase):
     """Proxy and Outpost e2e tests"""
 

tests/e2e/test_provider_proxy_forward.py

@@ -4,6 +4,7 @@ from json import loads
 from pathlib import Path
 from time import sleep
 from unittest import skip
+from unittest.mock import patch
 
 from selenium.webdriver.common.by import By
 
@@ -12,10 +13,12 @@ from authentik.core.models import Application
 from authentik.flows.models import Flow
 from authentik.lib.generators import generate_id
 from authentik.outposts.models import Outpost, OutpostType
+from authentik.outposts.tests.test_ws import patched__get_ct_cached
 from authentik.providers.proxy.models import ProxyMode, ProxyProvider
 from tests.e2e.utils import SeleniumTestCase, retry
 
 
+@patch("guardian.shortcuts._get_ct_cached", patched__get_ct_cached)
 class TestProviderProxyForward(SeleniumTestCase):
     """Proxy and Outpost e2e tests"""
 

tests/e2e/test_provider_radius.py

@@ -2,6 +2,7 @@
 
 from dataclasses import asdict
 from time import sleep
+from unittest.mock import patch
 
 from pyrad.client import Client
 from pyrad.dictionary import Dictionary
@@ -12,10 +13,12 @@ from authentik.core.models import Application, User
 from authentik.flows.models import Flow
 from authentik.lib.generators import generate_id, generate_key
 from authentik.outposts.models import Outpost, OutpostConfig, OutpostType
+from authentik.outposts.tests.test_ws import patched__get_ct_cached
 from authentik.providers.radius.models import RadiusProvider
 from tests.e2e.utils import SeleniumTestCase, retry
 
 
+@patch("guardian.shortcuts._get_ct_cached", patched__get_ct_cached)
 class TestProviderRadius(SeleniumTestCase):
     """Radius Outpost e2e tests"""
 

tests/e2e/utils.py

@@ -1,6 +1,7 @@
 """authentik e2e testing utilities"""
 
 import json
+import os
 import socket
 from collections.abc import Callable
 from functools import lru_cache, wraps
@@ -36,12 +37,22 @@ from authentik.core.api.users import UserSerializer
 from authentik.core.models import User
 from authentik.core.tests.utils import create_test_admin_user
 from authentik.lib.generators import generate_id
-from authentik.root.test_runner import get_docker_tag
 
 IS_CI = "CI" in environ
 RETRIES = int(environ.get("RETRIES", "3")) if IS_CI else 1
 
 
+def get_docker_tag() -> str:
+    """Get docker-tag based off of CI variables"""
+    env_pr_branch = "GITHUB_HEAD_REF"
+    default_branch = "GITHUB_REF"
+    branch_name = os.environ.get(default_branch, "main")
+    if os.environ.get(env_pr_branch, "") != "":
+        branch_name = os.environ[env_pr_branch]
+    branch_name = branch_name.replace("refs/heads/", "").replace("/", "-")
+    return f"gh-{branch_name}"
+
+
 def get_local_ip() -> str:
     """Get the local machine's IP"""
     hostname = socket.gethostname()

web/package.json

@@ -93,20 +93,17 @@
         "@floating-ui/dom": "^1.6.11",
         "@formatjs/intl-listformat": "^7.7.11",
         "@fortawesome/fontawesome-free": "^6.7.2",
-        "@goauthentik/api": "^2025.6.2-1750246811",
+        "@goauthentik/api": "^2025.6.1-1749515784",
         "@lit/context": "^1.1.2",
         "@lit/localize": "^0.12.2",
         "@lit/reactive-element": "^2.0.4",
         "@lit/task": "^1.0.2",
         "@mdx-js/mdx": "^3.1.0",
-        "@mrmarble/djangoql-completion": "^0.8.3",
         "@open-wc/lit-helpers": "^0.7.0",
-        "@openlayers-elements/core": "^0.4.0",
-        "@openlayers-elements/maps": "^0.4.0",
         "@patternfly/elements": "^4.1.0",
         "@patternfly/patternfly": "^4.224.2",
-        "@sentry/browser": "^9.30.0",
-        "@spotlightjs/spotlight": "^3.0.1",
+        "@sentry/browser": "^9.28.0",
+        "@spotlightjs/spotlight": "^2.13.3",
         "@webcomponents/webcomponentsjs": "^2.8.0",
         "base64-js": "^1.5.1",
         "change-case": "^5.4.4",
@@ -173,16 +170,16 @@
         "@types/react-dom": "^19.1.5",
         "@typescript-eslint/eslint-plugin": "^8.8.0",
         "@typescript-eslint/parser": "^8.8.0",
-        "@wdio/browser-runner": "9.15",
-        "@wdio/cli": "9.15",
-        "@wdio/spec-reporter": "^9.15.0",
+        "@wdio/browser-runner": "9.4",
+        "@wdio/cli": "9.4",
+        "@wdio/spec-reporter": "^9.1.2",
         "@web/test-runner": "^0.20.2",
         "chromedriver": "^136.0.3",
         "esbuild": "^0.25.5",
         "esbuild-plugin-copy": "^2.1.1",
         "esbuild-plugin-polyfill-node": "^0.3.0",
         "esbuild-plugins-node-modules-polyfill": "^1.7.0",
-        "eslint": "^9.29.0",
+        "eslint": "^9.28.0",
         "eslint-plugin-lit": "^2.1.1",
         "eslint-plugin-wc": "^3.0.1",
         "github-slugger": "^2.0.0",
@@ -197,7 +194,7 @@
         "storybook-addon-mock": "^5.0.0",
         "turnstile-types": "^1.2.3",
         "typescript": "^5.8.3",
-        "typescript-eslint": "^8.34.1",
+        "typescript-eslint": "^8.34.0",
         "vite-plugin-lit-css": "^2.0.0",
         "vite-tsconfig-paths": "^5.0.1",
         "wireit": "^0.14.12"

web/packages/core/types/node.d.ts

@@ -14,7 +14,7 @@ declare module "module" {
          * const relativeDirname = dirname(fileURLToPath(import.meta.url));
          * ```
          */
-
+        // eslint-disable-next-line no-var
         var __dirname: string;
     }
 }

web/src/admin/admin-overview/cards/RecentEventsCard.ts

@@ -88,8 +88,7 @@ export class RecentEventsCard extends Table<Event> {
         }
 
         return super.renderEmpty(
-            html`<ak-empty-state
-                ><span slot="header">${msg("No Events found.")}</span>
+            html`<ak-empty-state header=${msg("No Events found.")}>
                 <div slot="body">${msg("No matching events could be found.")}</div>
             </ak-empty-state>`,
         );

web/src/admin/applications/ApplicationForm.ts

@@ -5,7 +5,6 @@ import { policyEngineModes } from "@goauthentik/admin/policies/PolicyEngineModes
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import "@goauthentik/components/ak-file-input";
 import "@goauthentik/components/ak-radio-input";
-import "@goauthentik/components/ak-slug-input";
 import "@goauthentik/components/ak-switch-input";
 import "@goauthentik/components/ak-text-input";
 import "@goauthentik/components/ak-textarea-input";
@@ -131,14 +130,14 @@ export class ApplicationForm extends WithCapabilitiesConfig(ModelForm<Applicatio
                 required
                 help=${msg("Application's display Name.")}
             ></ak-text-input>
-            <ak-slug-input
+            <ak-text-input
                 name="slug"
                 value=${ifDefined(this.instance?.slug)}
                 label=${msg("Slug")}
                 required
                 help=${msg("Internal application name used in URLs.")}
                 input-hint="code"
-            ></ak-slug-input>
+            ></ak-text-input>
             <ak-text-input
                 name="group"
                 value=${ifDefined(this.instance?.group)}

web/src/admin/applications/wizard/steps/ak-application-wizard-application-step.ts

@@ -117,11 +117,13 @@ export class ApplicationWizardApplicationStep extends ApplicationWizardStep {
                     ?invalid=${this.errors.has("name")}
                     .errorMessages=${errors.name ?? this.errorMessages("name")}
                     help=${msg("Application's display Name.")}
+                    id="ak-application-wizard-details-name"
                 ></ak-text-input>
                 <ak-slug-input
                     name="slug"
                     value=${ifDefined(app.slug)}
                     label=${msg("Slug")}
+                    source="#ak-application-wizard-details-name"
                     required
                     ?invalid=${errors.slug ?? this.errors.has("slug")}
                     .errorMessages=${this.errorMessages("slug")}

web/src/admin/applications/wizard/steps/ak-application-wizard-bindings-step.ts

@@ -115,8 +115,7 @@ export class ApplicationWizardBindingsStep extends ApplicationWizardStep {
                     .columns=${COLUMNS}
                     .content=${[]}
                 ></ak-select-table>
-                <ak-empty-state icon="pf-icon-module"
-                    ><span slot="header">${msg("No bound policies.")} </span>
+                <ak-empty-state header=${msg("No bound policies.")} icon="pf-icon-module">
                     <div slot="body">${msg("No policies are currently bound to this object.")}</div>
                     <div slot="primary">
                         <button

web/src/admin/crypto/CertificateKeyPairForm.ts

@@ -1,5 +1,5 @@
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
-import "@goauthentik/components/ak-secret-textarea-input.js";
+import "@goauthentik/components/ak-private-textarea-input.js";
 import "@goauthentik/elements/CodeMirror";
 import "@goauthentik/elements/forms/HorizontalFormElement";
 import { ModelForm } from "@goauthentik/elements/forms/ModelForm";
@@ -46,7 +46,7 @@ export class CertificateKeyPairForm extends ModelForm<CertificateKeyPair, string
                     required
                 />
             </ak-form-element-horizontal>
-            <ak-secret-textarea-input
+            <ak-private-textarea-input
                 label=${msg("Certificate")}
                 name="certificateData"
                 input-hint="code"
@@ -54,8 +54,8 @@ export class CertificateKeyPairForm extends ModelForm<CertificateKeyPair, string
                 required
                 ?revealed=${this.instance === undefined}
                 help=${msg("PEM-encoded Certificate data.")}
-            ></ak-secret-textarea-input>
-            <ak-secret-textarea-input
+            ></ak-private-textarea-input>
+            <ak-private-textarea-input
                 label=${msg("Private Key")}
                 name="keyData"
                 input-hint="code"
@@ -63,7 +63,7 @@ export class CertificateKeyPairForm extends ModelForm<CertificateKeyPair, string
                 help=${msg(
                     "Optional Private Key. If this is set, you can use this keypair for encryption.",
                 )}
-            ></ak-secret-textarea-input>`;
+            ></ak-private-textarea-input>`;
     }
 }
 

web/src/admin/enterprise/EnterpriseLicenseForm.ts

@@ -1,6 +1,6 @@
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import { EVENT_REFRESH_ENTERPRISE } from "@goauthentik/common/constants";
-import "@goauthentik/components/ak-secret-textarea-input.js";
+import "@goauthentik/components/ak-private-textarea-input.js";
 import "@goauthentik/elements/CodeMirror";
 import "@goauthentik/elements/forms/HorizontalFormElement";
 import { ModelForm } from "@goauthentik/elements/forms/ModelForm";
@@ -62,13 +62,13 @@ export class EnterpriseLicenseForm extends ModelForm<License, string> {
                     value="${ifDefined(this.installID)}"
                 />
             </ak-form-element-horizontal>
-            <ak-secret-textarea-input
+            <ak-private-textarea-input
                 name="key"
                 ?revealed=${this.instance === undefined}
                 label=${msg("License key")}
                 input-hint="code"
             >
-            </ak-secret-textarea-input>`;
+            </ak-private-textarea-input>`;
     }
 }
 

web/src/admin/events/EventListPage.ts

@@ -1,7 +1,3 @@
-import "#elements/Tabs";
-import { WithLicenseSummary } from "#elements/mixins/license";
-import { updateURLParams } from "#elements/router/RouteMatch";
-import "@goauthentik/admin/events/EventMap";
 import "@goauthentik/admin/events/EventVolumeChart";
 import { EventGeo, EventUser } from "@goauthentik/admin/events/utils";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
@@ -19,14 +15,11 @@ import { msg } from "@lit/localize";
 import { CSSResult, TemplateResult, css, html } from "lit";
 import { customElement, property } from "lit/decorators.js";
 
-import PFGrid from "@patternfly/patternfly/layouts/Grid/grid.css";
-
-import { Event, EventsApi, LicenseSummaryStatusEnum } from "@goauthentik/api";
+import { Event, EventsApi } from "@goauthentik/api";
 
 @customElement("ak-event-list")
-export class EventListPage extends WithLicenseSummary(TablePage<Event>) {
+export class EventListPage extends TablePage<Event> {
     expandable = true;
-    supportsQL = true;
 
     pageTitle(): string {
         return msg("Event Log");
@@ -45,15 +38,11 @@ export class EventListPage extends WithLicenseSummary(TablePage<Event>) {
     order = "-created";
 
     static get styles(): CSSResult[] {
-        // @ts-expect-error
-        return super.styles.concat(
-            PFGrid,
-            css`
-                .pf-m-no-padding-bottom {
-                    padding-bottom: 0;
-                }
-            `,
-        );
+        return super.styles.concat(css`
+            .pf-m-no-padding-bottom {
+                padding-bottom: 0;
+            }
+        `);
     }
 
     async apiEndpoint(): Promise<PaginatedResponse<Event>> {
@@ -72,41 +61,16 @@ export class EventListPage extends WithLicenseSummary(TablePage<Event>) {
     }
 
     renderSectionBefore(): TemplateResult {
-        if (this.licenseSummary?.status !== LicenseSummaryStatusEnum.Unlicensed) {
-            return html`<div
-                class="pf-l-grid pf-m-gutter pf-c-page__main-section pf-m-no-padding-bottom"
-            >
+        return html`
+            <div class="pf-c-page__main-section pf-m-no-padding-bottom">
                 <ak-events-volume-chart
-                    class="pf-l-grid__item pf-m-12-col pf-m-4-col-on-xl pf-m-4-col-on-2xl "
                     .query=${{
                         page: this.page,
                         search: this.search,
                     }}
-                    with-map
                 ></ak-events-volume-chart>
-                <ak-events-map
-                    class="pf-l-grid__item pf-m-12-col pf-m-8-col-on-xl pf-m-8-col-on-2xl "
-                    .events=${this.data}
-                    @select-event=${(ev: CustomEvent<{ eventId: string }>) => {
-                        this.search = `event_uuid = "${ev.detail.eventId}"`;
-                        this.page = 1;
-                        updateURLParams({
-                            search: this.search,
-                            tablePage: this.page,
-                        });
-                        this.fetch();
-                    }}
-                ></ak-events-map>
-            </div>`;
-        }
-        return html`<div class="pf-c-page__main-section pf-m-no-padding-bottom">
-            <ak-events-volume-chart
-                .query=${{
-                    page: this.page,
-                    search: this.search,
-                }}
-            ></ak-events-volume-chart>
-        </div>`;
+            </div>
+        `;
     }
 
     row(item: EventWithContext): SlottedTemplateResult[] {

web/src/admin/events/EventMap.ts

@@ -1,161 +0,0 @@
-import { EventWithContext } from "#common/events";
-import { globalAK } from "#common/global";
-import { PaginatedResponse } from "#elements/table/Table";
-import { AKElement } from "@goauthentik/elements/Base";
-import "@openlayers-elements/core/ol-layer-vector";
-import type OlLayerVector from "@openlayers-elements/core/ol-layer-vector";
-import OlMap from "@openlayers-elements/core/ol-map";
-import "@openlayers-elements/maps/ol-layer-openstreetmap";
-import "@openlayers-elements/maps/ol-select";
-import Feature from "ol/Feature";
-import { Point } from "ol/geom";
-import { fromLonLat } from "ol/proj";
-import Icon from "ol/style/Icon";
-import Style from "ol/style/Style";
-
-import { CSSResult, PropertyValues, TemplateResult, css, html } from "lit";
-import { customElement, property, query } from "lit/decorators.js";
-
-import PFCard from "@patternfly/patternfly/components/Card/card.css";
-import PFBase from "@patternfly/patternfly/patternfly-base.css";
-import OL from "ol/ol.css";
-
-import { Event } from "@goauthentik/api";
-
-@customElement("ak-map")
-export class Map extends OlMap {
-    public render() {
-        return html`
-            <style>
-                ${OL}
-            </style>
-            <style>
-                :host {
-                    display: block;
-                }
-
-                #map {
-                    height: 100%;
-                }
-            </style>
-            <div id="map"></div>
-            <slot></slot>
-        `;
-    }
-}
-
-/**
- *
- * @event {select-event} - Fired when an event is selected on the map. ID of the event is contained
- *      in the `Event.detail` field.
- *
- */
-@customElement("ak-events-map")
-export class EventMap extends AKElement {
-    @property({ attribute: false })
-    events?: PaginatedResponse<Event>;
-
-    @query("ol-layer-vector")
-    vectorLayer?: OlLayerVector;
-
-    @query("ak-map")
-    map?: Map;
-
-    @property({ type: Number })
-    zoomPaddingPx = 100;
-
-    static get styles(): CSSResult[] {
-        return [
-            PFBase,
-            PFCard,
-            css`
-                .pf-c-card,
-                ol-map {
-                    height: 24rem;
-                }
-                :host([theme="dark"]) ol-map {
-                    filter: invert(100%) hue-rotate(180deg);
-                }
-            `,
-        ];
-    }
-
-    updated(_changedProperties: PropertyValues<this>): void {
-        if (!_changedProperties.has("events")) {
-            return;
-        }
-        if (!this.vectorLayer?.source || !this.map?.map) {
-            return;
-        }
-        // Remove all existing points
-        this.vectorLayer.source.clear();
-        // Re-add them
-        this.events?.results
-            .filter((event) => {
-                if (!Object.hasOwn(event.context, "geo")) {
-                    return false;
-                }
-                const geo = (event as EventWithContext).context.geo;
-                if (!geo?.lat || !geo.long) {
-                    return false;
-                }
-                return true;
-            })
-            .forEach((event) => {
-                const geo = (event as EventWithContext).context.geo!;
-                const point = new Point(fromLonLat([geo.long!, geo.lat!]));
-                const feature = new Feature({
-                    geometry: point,
-                });
-                feature.setStyle(
-                    new Style({
-                        image: new Icon({
-                            anchor: [0.5, 1],
-                            offset: [0, 0],
-                            opacity: 1,
-                            scale: 1,
-                            rotateWithView: false,
-                            rotation: 0,
-                            src: `${globalAK().api.base}static/dist/assets/images/map_pin.svg`,
-                        }),
-                    }),
-                );
-                feature.setId(event.pk);
-                this.vectorLayer?.source?.addFeature(feature);
-            });
-        // Zoom to show points better
-        this.map.map.getView().fit(this.vectorLayer.source.getExtent(), {
-            padding: [
-                this.zoomPaddingPx,
-                this.zoomPaddingPx,
-                this.zoomPaddingPx,
-                this.zoomPaddingPx,
-            ],
-            duration: 500,
-            maxZoom: 4.5,
-        });
-    }
-
-    render(): TemplateResult {
-        return html`<div class="pf-c-card">
-            <ak-map>
-                <ol-select
-                    @feature-selected=${(ev: CustomEvent<{ feature: Feature }>) => {
-                        const eventId = ev.detail.feature.getId();
-                        this.dispatchEvent(
-                            new CustomEvent("select-event", {
-                                composed: true,
-                                bubbles: true,
-                                detail: {
-                                    eventId: eventId,
-                                },
-                            }),
-                        );
-                    }}
-                ></ol-select>
-                <ol-layer-openstreetmap></ol-layer-openstreetmap>
-                <ol-layer-vector></ol-layer-vector>
-            </ak-map>
-        </div>`;
-    }
-}

web/src/admin/events/EventVolumeChart.ts

@@ -11,14 +11,11 @@ import { EventVolume, EventsApi, EventsEventsListRequest } from "@goauthentik/ap
 
 @customElement("ak-events-volume-chart")
 export class EventVolumeChart extends EventChart {
-    @property({ attribute: "with-map", type: Boolean })
-    withMap = false;
-
     _query?: EventsEventsListRequest;
 
     @property({ attribute: false })
     set query(value: EventsEventsListRequest | undefined) {
-        if (JSON.stringify(value) !== JSON.stringify(this._query)) return;
+        if (JSON.stringify(this._query) === JSON.stringify(value)) return;
         this._query = value;
         this.refreshHandler();
     }
@@ -27,9 +24,6 @@ export class EventVolumeChart extends EventChart {
         return super.styles.concat(
             PFCard,
             css`
-                :host([with-map]) .pf-c-card {
-                    height: 24rem;
-                }
                 .pf-c-card {
                     height: 20rem;
                 }

web/src/admin/events/RuleForm.ts

@@ -66,7 +66,7 @@ export class RuleForm extends ModelForm<NotificationRule, string> {
                     required
                 />
             </ak-form-element-horizontal>
-            <ak-form-element-horizontal label=${msg("Group")} name="destinationGroup">
+            <ak-form-element-horizontal label=${msg("Group")} name="group">
                 <ak-search-select
                     .fetchObjects=${async (query?: string): Promise<Group[]> => {
                         const args: CoreGroupsListRequest = {
@@ -86,44 +86,14 @@ export class RuleForm extends ModelForm<NotificationRule, string> {
                         return group?.pk;
                     }}
                     .selected=${(group: Group): boolean => {
-                        return group.pk === this.instance?.destinationGroup;
+                        return group.pk === this.instance?.group;
                     }}
                     blankable
                 >
                 </ak-search-select>
-                <p class="pf-c-form__helper-text">
-                    ${msg("Select the group of users which the alerts are sent to. ")}
-                </p>
                 <p class="pf-c-form__helper-text">
                     ${msg(
-                        "If no group is selected and 'Send notification to event user' is disabled the rule is disabled. ",
-                    )}
-                </p>
-            </ak-form-element-horizontal>
-            <ak-form-element-horizontal name="destinationEventUser">
-                <label class="pf-c-switch">
-                    <input
-                        class="pf-c-switch__input"
-                        type="checkbox"
-                        ?checked=${this.instance?.destinationEventUser ?? false}
-                    />
-                    <span class="pf-c-switch__toggle">
-                        <span class="pf-c-switch__toggle-icon">
-                            <i class="fas fa-check" aria-hidden="true"></i>
-                        </span>
-                    </span>
-                    <span class="pf-c-switch__label"
-                        >${msg("Send notification to event user")}</span
-                    >
-                </label>
-                <p class="pf-c-form__helper-text">
-                    ${msg(
-                        "When enabled, notification will be sent to the user that triggered the event in addition to any users in the group above. The event user will always be the first user, to send a notification only to the event user enabled 'Send once' in the notification transport.",
-                    )}
-                </p>
-                <p class="pf-c-form__helper-text">
-                    ${msg(
-                        "If no group is selected and 'Send notification to event user' is disabled the rule is disabled. ",
+                        "Select the group of users which the alerts are sent to. If no group is selected the rule is disabled.",
                     )}
                 </p>
             </ak-form-element-horizontal>

web/src/admin/events/RuleListPage.ts

@@ -3,7 +3,6 @@ import "@goauthentik/admin/policies/BoundPoliciesList";
 import "@goauthentik/admin/rbac/ObjectPermissionModal";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import { severityToLabel } from "@goauthentik/common/labels";
-import "@goauthentik/components/ak-status-label";
 import "@goauthentik/elements/buttons/SpinnerButton";
 import "@goauthentik/elements/forms/DeleteBulkForm";
 import "@goauthentik/elements/forms/ModalForm";
@@ -52,7 +51,6 @@ export class RuleListPage extends TablePage<NotificationRule> {
 
     columns(): TableColumn[] {
         return [
-            new TableColumn(msg("Enabled")),
             new TableColumn(msg("Name"), "name"),
             new TableColumn(msg("Severity"), "severity"),
             new TableColumn(msg("Sent to group"), "group"),
@@ -83,16 +81,12 @@ export class RuleListPage extends TablePage<NotificationRule> {
     }
 
     row(item: NotificationRule): TemplateResult[] {
-        const enabled = !!item.destinationGroupObj || item.destinationEventUser;
         return [
-            html`<ak-status-label type="warning" ?good=${enabled}></ak-status-label>`,
             html`${item.name}`,
             html`${severityToLabel(item.severity)}`,
-            html`${item.destinationGroupObj
-                ? html`<a href="#/identity/groups/${item.destinationGroupObj.pk}"
-                      >${item.destinationGroupObj.name}</a
-                  >`
-                : msg("-")}`,
+            html`${item.groupObj
+                ? html`<a href="#/identity/groups/${item.groupObj.pk}">${item.groupObj.name}</a>`
+                : msg("None (rule disabled)")}`,
             html`<ak-forms-modal>
                     <span slot="submit"> ${msg("Update")} </span>
                     <span slot="header"> ${msg("Update Notification Rule")} </span>