fix ci

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
aaaand its all gone
2025-05-10 17:31:13 +02:00 · 2025-05-10 17:28:53 +02:00 · 2025-05-10 17:21:49 +02:00 · 2025-05-10 17:19:53 +02:00 · 2025-05-10 17:19:41 +02:00 · 2025-05-10 17:16:39 +02:00
525 changed files with 1402 additions and 1298 deletions
--- a/.github/actions/setup/action.yml
+++ b/.github/actions/setup/action.yml
@ -48,7 +48,7 @@ runs:
    - name: Generate config
      shell: uv run python {0}
      run: |
-        from authentik.lib.generators import generate_id
+        from authentik.crypto.generators import generate_id
        from yaml import safe_dump
        with open("local.env.yml", "w") as _config:
--- a/.github/workflows/ci-main.yml
+++ b/.github/workflows/ci-main.yml
@ -70,7 +70,7 @@ jobs:
      - name: checkout stable
        run: |
          # Copy current, latest config to local
-          cp authentik/lib/default.yml local.env.yml
+          cp authentik/common/config/default.yml local.env.yml
          cp -R .github ..
          cp -R scripts ..
          git checkout $(git tag --sort=version:refname | grep '^version/' | grep -vE -- '-rc[0-9]+$' | tail -n1)
--- a/6
+++ b/6
@ -12,9 +12,9 @@ GEN_API_TS = "gen-ts-api"
 GEN_API_PY = "gen-py-api"
 GEN_API_GO = "gen-go-api"
-pg_user := $(shell uv run python -m authentik.lib.config postgresql.user 2>/dev/null)
+pg_user := $(shell uv run python -m authentik.common.config postgresql.user 2>/dev/null)
-pg_host := $(shell uv run python -m authentik.lib.config postgresql.host 2>/dev/null)
+pg_host := $(shell uv run python -m authentik.common.config postgresql.host 2>/dev/null)
-pg_name := $(shell uv run python -m authentik.lib.config postgresql.name 2>/dev/null)
+pg_name := $(shell uv run python -m authentik.common.config postgresql.name 2>/dev/null)
 all: lint-fix lint test gen web  ## Lint, build, and test everything
--- a/authentik/admin/api/meta.py
+++ b/authentik/admin/api/meta.py
@ -7,8 +7,8 @@ from rest_framework.request import Request
 from rest_framework.response import Response
 from rest_framework.viewsets import ViewSet
 from authentik.common.utils.reflection import get_apps
 from authentik.core.api.utils import PassiveSerializer
 from authentik.lib.utils.reflection import get_apps
 from authentik.policies.event_matcher.models import model_choices
--- a/authentik/admin/api/system.py
+++ b/authentik/admin/api/system.py
@ -7,6 +7,7 @@ from sys import version as python_version
 from typing import TypedDict
 from cryptography.hazmat.backends.openssl.backend import backend
 from django.apps import apps
 from django.conf import settings
 from django.utils.timezone import now
 from django.views.debug import SafeExceptionReporterFilter
@ -17,12 +18,10 @@ from rest_framework.response import Response
 from rest_framework.views import APIView
 from authentik import get_full_version
 from authentik.common.config import CONFIG
 from authentik.common.utils.reflection import get_env
 from authentik.core.api.utils import PassiveSerializer
 from authentik.enterprise.license import LicenseKey
 from authentik.lib.config import CONFIG
 from authentik.lib.utils.reflection import get_env
 from authentik.outposts.apps import MANAGED_OUTPOST
 from authentik.outposts.models import Outpost
 from authentik.rbac.permissions import HasPermission
@ -103,6 +102,12 @@ class SystemInfoSerializer(PassiveSerializer):
    def get_embedded_outpost_host(self, request: Request) -> str:
        """Get the FQDN configured on the embedded outpost"""
        if not apps.is_installed("authentik.outposts"):
            return ""
        from authentik.outposts.apps import MANAGED_OUTPOST
        from authentik.outposts.models import Outpost
        outposts = Outpost.objects.filter(managed=MANAGED_OUTPOST)
        if not outposts.exists():  # pragma: no cover
            return ""
--- a/authentik/admin/settings.py
+++ b/authentik/admin/settings.py
@ -2,7 +2,7 @@
 from celery.schedules import crontab
-from authentik.lib.utils.time import fqdn_rand
+from authentik.common.utils.time import fqdn_rand
 CELERY_BEAT_SCHEDULE = {
    "admin_latest_version": {
--- a/authentik/admin/tasks.py
+++ b/authentik/admin/tasks.py
@ -9,10 +9,10 @@ from structlog.stdlib import get_logger
 from authentik import __version__, get_build_hash
 from authentik.admin.apps import PROM_INFO
 from authentik.common.config import CONFIG
 from authentik.common.utils.http import get_http_session
 from authentik.events.models import Event, EventAction, Notification
 from authentik.events.system_tasks import SystemTask, TaskStatus, prefill_task
 from authentik.lib.config import CONFIG
 from authentik.lib.utils.http import get_http_session
 from authentik.root.celery import CELERY_APP
 LOGGER = get_logger()
--- a/authentik/admin/tests/test_api.py
+++ b/authentik/admin/tests/test_api.py
@ -8,7 +8,7 @@ from django.urls import reverse
 from authentik import __version__
 from authentik.blueprints.tests import reconcile_app
 from authentik.core.models import Group, User
-from authentik.lib.generators import generate_id
+from authentik.crypto.generators import generate_id
 class TestAdminAPI(TestCase):
--- a/authentik/admin/tests/test_tasks.py
+++ b/authentik/admin/tests/test_tasks.py
@ -9,8 +9,8 @@ from authentik.admin.tasks import (
    clear_update_notifications,
    update_latest_version,
 )
 from authentik.common.config import CONFIG
 from authentik.events.models import Event, EventAction
 from authentik.lib.config import CONFIG
 RESPONSE_VALID = {
    "$schema": "https://version.goauthentik.io/schema.json",
--- a/authentik/api/authentication.py
+++ b/authentik/api/authentication.py
@ -1,19 +1,16 @@
 """API Authentication"""
 from hmac import compare_digest
 from typing import Any
 from django.conf import settings
 from drf_spectacular.extensions import OpenApiAuthenticationExtension
 from rest_framework.authentication import BaseAuthentication, get_authorization_header
 from rest_framework.exceptions import AuthenticationFailed
 from rest_framework.request import Request
 from structlog.stdlib import get_logger
 from authentik.common.oauth.constants import SCOPE_AUTHENTIK_API
 from authentik.core.middleware import CTX_AUTH_VIA
 from authentik.core.models import Token, TokenIntents, User
 from authentik.outposts.models import Outpost
 from authentik.providers.oauth2.constants import SCOPE_AUTHENTIK_API
 LOGGER = get_logger()
@ -68,28 +65,9 @@ def auth_user_lookup(raw_header: bytes) -> User | None:
            raise AuthenticationFailed("Token invalid/expired")
        CTX_AUTH_VIA.set("jwt")
        return jwt_token.user
    # then try to auth via secret key (for embedded outpost/etc)
    user = token_secret_key(auth_credentials)
    if user:
        CTX_AUTH_VIA.set("secret_key")
        return user
    raise AuthenticationFailed("Token invalid/expired")
 def token_secret_key(value: str) -> User | None:
    """Check if the token is the secret key
    and return the service account for the managed outpost"""
    from authentik.outposts.apps import MANAGED_OUTPOST
    if not compare_digest(value, settings.SECRET_KEY):
        return None
    outposts = Outpost.objects.filter(managed=MANAGED_OUTPOST)
    if not outposts:
        return None
    outpost = outposts.first()
    return outpost.user
 class TokenAuthentication(BaseAuthentication):
    """Token-based authentication using HTTP Bearer authentication"""
--- a/authentik/api/tests/test_auth.py
+++ b/authentik/api/tests/test_auth.py
@ -3,19 +3,15 @@
 import json
 from base64 import b64encode
 from django.conf import settings
 from django.test import TestCase
 from django.utils import timezone
 from rest_framework.exceptions import AuthenticationFailed
 from authentik.api.authentication import bearer_auth
-from authentik.blueprints.tests import reconcile_app
+from authentik.common.oauth.constants import SCOPE_AUTHENTIK_API
-from authentik.core.models import Token, TokenIntents, User, UserTypes
+from authentik.core.models import Token, TokenIntents
 from authentik.core.tests.utils import create_test_admin_user, create_test_flow
-from authentik.lib.generators import generate_id
+from authentik.crypto.generators import generate_id
 from authentik.outposts.apps import MANAGED_OUTPOST
 from authentik.outposts.models import Outpost
 from authentik.providers.oauth2.constants import SCOPE_AUTHENTIK_API
 from authentik.providers.oauth2.models import AccessToken, OAuth2Provider
@ -52,21 +48,6 @@ class TestAPIAuth(TestCase):
        with self.assertRaises(AuthenticationFailed):
            bearer_auth(f"Bearer {token.key}".encode())
    @reconcile_app("authentik_outposts")
    def test_managed_outpost_fail(self):
        """Test managed outpost"""
        outpost = Outpost.objects.filter(managed=MANAGED_OUTPOST).first()
        outpost.user.delete()
        outpost.delete()
        with self.assertRaises(AuthenticationFailed):
            bearer_auth(f"Bearer {settings.SECRET_KEY}".encode())
    @reconcile_app("authentik_outposts")
    def test_managed_outpost_success(self):
        """Test managed outpost"""
        user: User = bearer_auth(f"Bearer {settings.SECRET_KEY}".encode())
        self.assertEqual(user.type, UserTypes.INTERNAL_SERVICE_ACCOUNT)
    def test_jwt_valid(self):
        """Test valid JWT"""
        provider = OAuth2Provider.objects.create(
--- a/authentik/api/v3/config.py
+++ b/authentik/api/v3/config.py
@ -19,9 +19,9 @@ from rest_framework.request import Request
 from rest_framework.response import Response
 from rest_framework.views import APIView
 from authentik.common.config import CONFIG
 from authentik.core.api.utils import PassiveSerializer
 from authentik.events.context_processors.base import get_context_processors
 from authentik.lib.config import CONFIG
 capabilities = Signal()
--- a/authentik/api/v3/urls.py
+++ b/authentik/api/v3/urls.py
@ -11,7 +11,7 @@ from structlog.stdlib import get_logger
 from authentik.api.v3.config import ConfigView
 from authentik.api.views import APIBrowserView
-from authentik.lib.utils.reflection import get_apps
+from authentik.common.utils.reflection import get_apps
 LOGGER = get_logger()
--- a/authentik/blueprints/management/commands/blueprint_shell.py
+++ b/authentik/blueprints/management/commands/blueprint_shell.py
@ -12,8 +12,8 @@ from structlog.stdlib import get_logger
 from yaml import load
 from authentik.blueprints.v1.common import BlueprintLoader, EntryInvalidError
 from authentik.common.utils.errors import exception_to_string
 from authentik.core.management.commands.shell import get_banner_text
 from authentik.lib.utils.errors import exception_to_string
 LOGGER = get_logger()
--- a/authentik/blueprints/management/commands/make_blueprint_schema.py
+++ b/authentik/blueprints/management/commands/make_blueprint_schema.py
@ -15,7 +15,7 @@ from authentik import __version__
 from authentik.blueprints.v1.common import BlueprintEntryDesiredState
 from authentik.blueprints.v1.importer import SERIALIZER_CONTEXT_BLUEPRINT, is_model_allowed
 from authentik.blueprints.v1.meta.registry import BaseMetaModel, registry
-from authentik.lib.models import SerializerModel
+from authentik.common.models import SerializerModel
 LOGGER = get_logger()
--- a/authentik/blueprints/migrations/0001_initial.py
+++ b/authentik/blueprints/migrations/0001_initial.py
@ -11,7 +11,7 @@ from django.db.backends.base.schema import BaseDatabaseSchemaEditor
 from yaml import load
 from authentik.blueprints.v1.labels import LABEL_AUTHENTIK_SYSTEM
-from authentik.lib.config import CONFIG
+from authentik.common.config import CONFIG
 def check_blueprint_v1_file(BlueprintInstance: type, db_alias, path: Path):
--- a/authentik/blueprints/migrations/0003_alter_blueprintinstance_name.py
+++ b/authentik/blueprints/migrations/0003_alter_blueprintinstance_name.py
@ -2,7 +2,7 @@
 from django.db import migrations, models
-from authentik.lib.migrations import fallback_names
+from authentik.common.migrations import fallback_names
 class Migration(migrations.Migration):
--- a/authentik/blueprints/models.py
+++ b/authentik/blueprints/models.py
@ -10,14 +10,14 @@ from rest_framework.serializers import Serializer
 from structlog import get_logger
 from authentik.blueprints.v1.oci import OCI_PREFIX, BlueprintOCIClient, OCIException
-from authentik.lib.config import CONFIG
+from authentik.common.config import CONFIG
-from authentik.lib.models import CreatedUpdatedModel, SerializerModel
+from authentik.common.exceptions import NotReportedException
-from authentik.lib.sentry import SentryIgnoredException
+from authentik.common.models import CreatedUpdatedModel, SerializerModel
 LOGGER = get_logger()
-class BlueprintRetrievalFailed(SentryIgnoredException):
+class BlueprintRetrievalFailed(NotReportedException):
    """Error raised when we are unable to fetch the blueprint contents, whether it be HTTP files
    not being accessible or local files not being readable"""
--- a/authentik/blueprints/settings.py
+++ b/authentik/blueprints/settings.py
@ -2,7 +2,7 @@
 from celery.schedules import crontab
-from authentik.lib.utils.time import fqdn_rand
+from authentik.common.utils.time import fqdn_rand
 CELERY_BEAT_SCHEDULE = {
    "blueprints_v1_discover": {
--- a/authentik/blueprints/tests/test_models.py
+++ b/authentik/blueprints/tests/test_models.py
@ -3,7 +3,7 @@
 from django.test import TestCase
 from authentik.blueprints.models import BlueprintInstance, BlueprintRetrievalFailed
-from authentik.lib.generators import generate_id
+from authentik.crypto.generators import generate_id
 class TestModels(TestCase):
--- a/authentik/blueprints/tests/test_serializer_models.py
+++ b/authentik/blueprints/tests/test_serializer_models.py
@ -6,7 +6,7 @@ from django.apps import apps
 from django.test import TestCase
 from authentik.blueprints.v1.importer import is_model_allowed
-from authentik.lib.models import SerializerModel
+from authentik.common.models import SerializerModel
 from authentik.providers.oauth2.models import RefreshToken
--- a/authentik/blueprints/tests/test_v1.py
+++ b/authentik/blueprints/tests/test_v1.py
@ -6,10 +6,10 @@ from django.test import TransactionTestCase
 from authentik.blueprints.v1.exporter import FlowExporter
 from authentik.blueprints.v1.importer import Importer, transaction_rollback
 from authentik.common.tests import load_fixture
 from authentik.core.models import Group
 from authentik.crypto.generators import generate_id
 from authentik.flows.models import Flow, FlowDesignation, FlowStageBinding
 from authentik.lib.generators import generate_id
 from authentik.lib.tests.utils import load_fixture
 from authentik.policies.expression.models import ExpressionPolicy
 from authentik.policies.models import PolicyBinding
 from authentik.sources.oauth.models import OAuthSource
--- a/authentik/blueprints/tests/test_v1_api.py
+++ b/authentik/blueprints/tests/test_v1_api.py
@ -7,8 +7,8 @@ from django.urls import reverse
 from rest_framework.test import APITestCase
 from yaml import dump
 from authentik.common.config import CONFIG
 from authentik.core.tests.utils import create_test_admin_user
 from authentik.lib.config import CONFIG
 TMP = mkdtemp("authentik-blueprints")
--- a/authentik/blueprints/tests/test_v1_conditional_fields.py
+++ b/authentik/blueprints/tests/test_v1_conditional_fields.py
@ -3,11 +3,11 @@
 from django.test import TransactionTestCase
 from authentik.blueprints.v1.importer import Importer
 from authentik.common.tests import load_fixture
 from authentik.core.models import Application, Token, User
 from authentik.core.tests.utils import create_test_admin_user
 from authentik.crypto.generators import generate_id
 from authentik.flows.models import Flow
 from authentik.lib.generators import generate_id
 from authentik.lib.tests.utils import load_fixture
 from authentik.sources.oauth.models import OAuthSource
--- a/authentik/blueprints/tests/test_v1_conditions.py
+++ b/authentik/blueprints/tests/test_v1_conditions.py
@ -3,9 +3,9 @@
 from django.test import TransactionTestCase
 from authentik.blueprints.v1.importer import Importer
 from authentik.common.tests import load_fixture
 from authentik.crypto.generators import generate_id
 from authentik.flows.models import Flow
 from authentik.lib.generators import generate_id
 from authentik.lib.tests.utils import load_fixture
 class TestBlueprintsV1Conditions(TransactionTestCase):
--- a/authentik/blueprints/tests/test_v1_rbac.py
+++ b/authentik/blueprints/tests/test_v1_rbac.py
@ -4,10 +4,10 @@ from django.test import TransactionTestCase
 from guardian.shortcuts import get_perms
 from authentik.blueprints.v1.importer import Importer
 from authentik.common.tests import load_fixture
 from authentik.core.models import User
 from authentik.crypto.generators import generate_id
 from authentik.flows.models import Flow
 from authentik.lib.generators import generate_id
 from authentik.lib.tests.utils import load_fixture
 from authentik.rbac.models import Role
--- a/authentik/blueprints/tests/test_v1_state.py
+++ b/authentik/blueprints/tests/test_v1_state.py
@ -3,9 +3,9 @@
 from django.test import TransactionTestCase
 from authentik.blueprints.v1.importer import Importer
 from authentik.common.tests import load_fixture
 from authentik.crypto.generators import generate_id
 from authentik.flows.models import Flow
 from authentik.lib.generators import generate_id
 from authentik.lib.tests.utils import load_fixture
 class TestBlueprintsV1State(TransactionTestCase):
--- a/authentik/blueprints/tests/test_v1_tasks.py
+++ b/authentik/blueprints/tests/test_v1_tasks.py
@ -8,8 +8,8 @@ from yaml import dump
 from authentik.blueprints.models import BlueprintInstance, BlueprintInstanceStatus
 from authentik.blueprints.v1.tasks import apply_blueprint, blueprints_discovery, blueprints_find
-from authentik.lib.config import CONFIG
+from authentik.common.config import CONFIG
-from authentik.lib.generators import generate_id
+from authentik.crypto.generators import generate_id
 TMP = mkdtemp("authentik-blueprints")
--- a/authentik/blueprints/v1/common.py
+++ b/authentik/blueprints/v1/common.py
@ -19,8 +19,8 @@ from rest_framework.fields import Field
 from rest_framework.serializers import Serializer
 from yaml import SafeDumper, SafeLoader, ScalarNode, SequenceNode
-from authentik.lib.models import SerializerModel
+from authentik.common.exceptions import NotReportedException
-from authentik.lib.sentry import SentryIgnoredException
+from authentik.common.models import SerializerModel
 from authentik.policies.models import PolicyBindingModel
@ -661,7 +661,7 @@ class BlueprintLoader(SafeLoader):
        self.add_constructor("!AtIndex", AtIndex)
-class EntryInvalidError(SentryIgnoredException):
+class EntryInvalidError(NotReportedException):
    """Error raised when an entry is invalid"""
    entry_model: str | None
--- a/authentik/blueprints/v1/importer.py
+++ b/authentik/blueprints/v1/importer.py
@ -8,14 +8,11 @@ from dacite.config import Config
 from dacite.core import from_dict
 from dacite.exceptions import DaciteError
 from deepmerge import always_merger
 from django.contrib.auth.models import Permission
 from django.contrib.contenttypes.models import ContentType
 from django.core.exceptions import FieldError
 from django.db.models import Model
 from django.db.models.query_utils import Q
 from django.db.transaction import atomic
 from django.db.utils import IntegrityError
 from guardian.models import UserObjectPermission
 from guardian.shortcuts import assign_perm
 from rest_framework.exceptions import ValidationError
 from rest_framework.serializers import BaseSerializer, Serializer
@ -31,119 +28,26 @@ from authentik.blueprints.v1.common import (
    EntryInvalidError,
 )
 from authentik.blueprints.v1.meta.registry import BaseMetaModel, registry
-from authentik.core.models import (
+from authentik.common.exceptions import NotReportedException
-    AuthenticatedSession,
+from authentik.common.models import SerializerModel, excluded_models
-    GroupSourceConnection,
+from authentik.common.utils.reflection import get_apps
-    PropertyMapping,
+from authentik.core.models import User
    Provider,
    Session,
    Source,
    User,
    UserSourceConnection,
 )
 from authentik.enterprise.license import LicenseKey
 from authentik.enterprise.models import LicenseUsage
 from authentik.enterprise.providers.google_workspace.models import (
    GoogleWorkspaceProviderGroup,
    GoogleWorkspaceProviderUser,
 )
 from authentik.enterprise.providers.microsoft_entra.models import (
    MicrosoftEntraProviderGroup,
    MicrosoftEntraProviderUser,
 )
 from authentik.enterprise.providers.ssf.models import StreamEvent
 from authentik.enterprise.stages.authenticator_endpoint_gdtc.models import (
    EndpointDevice,
    EndpointDeviceConnection,
 )
 from authentik.events.logs import LogEvent, capture_logs
 from authentik.events.models import SystemTask
 from authentik.events.utils import cleanse_dict
 from authentik.flows.models import FlowToken, Stage
 from authentik.lib.models import SerializerModel
 from authentik.lib.sentry import SentryIgnoredException
 from authentik.lib.utils.reflection import get_apps
 from authentik.outposts.models import OutpostServiceConnection
 from authentik.policies.models import Policy, PolicyBindingModel
 from authentik.policies.reputation.models import Reputation
 from authentik.providers.oauth2.models import (
    AccessToken,
    AuthorizationCode,
    DeviceToken,
    RefreshToken,
 )
 from authentik.providers.rac.models import ConnectionToken
 from authentik.providers.scim.models import SCIMProviderGroup, SCIMProviderUser
 from authentik.rbac.models import Role
 from authentik.sources.scim.models import SCIMSourceGroup, SCIMSourceUser
 from authentik.stages.authenticator_webauthn.models import WebAuthnDeviceType
 from authentik.tenants.models import Tenant
 # Context set when the serializer is created in a blueprint context
 # Update website/docs/customize/blueprints/v1/models.md when used
 SERIALIZER_CONTEXT_BLUEPRINT = "blueprint_entry"
 def excluded_models() -> list[type[Model]]:
    """Return a list of all excluded models that shouldn't be exposed via API
    or other means (internal only, base classes, non-used objects, etc)"""
    from django.contrib.auth.models import Group as DjangoGroup
    from django.contrib.auth.models import User as DjangoUser
    return (
        # Django only classes
        DjangoUser,
        DjangoGroup,
        ContentType,
        Permission,
        UserObjectPermission,
        # Base classes
        Provider,
        Source,
        PropertyMapping,
        UserSourceConnection,
        GroupSourceConnection,
        Stage,
        OutpostServiceConnection,
        Policy,
        PolicyBindingModel,
        # Classes that have other dependencies
        Session,
        AuthenticatedSession,
        # Classes which are only internally managed
        # FIXME: these shouldn't need to be explicitly listed, but rather based off of a mixin
        FlowToken,
        LicenseUsage,
        SCIMProviderGroup,
        SCIMProviderUser,
        Tenant,
        SystemTask,
        ConnectionToken,
        AuthorizationCode,
        AccessToken,
        RefreshToken,
        Reputation,
        WebAuthnDeviceType,
        SCIMSourceUser,
        SCIMSourceGroup,
        GoogleWorkspaceProviderUser,
        GoogleWorkspaceProviderGroup,
        MicrosoftEntraProviderUser,
        MicrosoftEntraProviderGroup,
        EndpointDevice,
        EndpointDeviceConnection,
        DeviceToken,
        StreamEvent,
    )
 def is_model_allowed(model: type[Model]) -> bool:
    """Check if model is allowed"""
    return model not in excluded_models() and issubclass(model, SerializerModel | BaseMetaModel)
-class DoRollback(SentryIgnoredException):
+class DoRollback(NotReportedException):
    """Exception to trigger a rollback"""
--- a/authentik/blueprints/v1/oci.py
+++ b/authentik/blueprints/v1/oci.py
@ -16,14 +16,14 @@ from requests.exceptions import RequestException
 from structlog import get_logger
 from structlog.stdlib import BoundLogger
-from authentik.lib.sentry import SentryIgnoredException
+from authentik.common.exceptions import NotReportedException
-from authentik.lib.utils.http import authentik_user_agent
+from authentik.common.utils.http import authentik_user_agent
 OCI_MEDIA_TYPE = "application/vnd.goauthentik.blueprint.v1+yaml"
 OCI_PREFIX = "oci://"
-class OCIException(SentryIgnoredException):
+class OCIException(NotReportedException):
    """OCI-related errors"""
--- a/authentik/blueprints/v1/tasks.py
+++ b/authentik/blueprints/v1/tasks.py
@ -30,11 +30,11 @@ from authentik.blueprints.v1.common import BlueprintLoader, BlueprintMetadata, E
 from authentik.blueprints.v1.importer import Importer
 from authentik.blueprints.v1.labels import LABEL_AUTHENTIK_INSTANTIATE
 from authentik.blueprints.v1.oci import OCI_PREFIX
 from authentik.common.config import CONFIG
 from authentik.events.logs import capture_logs
 from authentik.events.models import TaskStatus
 from authentik.events.system_tasks import SystemTask, prefill_task
 from authentik.events.utils import sanitize_dict
 from authentik.lib.config import CONFIG
 from authentik.root.celery import CELERY_APP
 from authentik.tenants.models import Tenant
--- a/authentik/brands/migrations/0001_squashed_0005_tenant_web_certificate.py
+++ b/authentik/brands/migrations/0001_squashed_0005_tenant_web_certificate.py
@ -5,7 +5,7 @@ import uuid
 import django.db.models.deletion
 from django.db import migrations, models
-import authentik.lib.utils.time
+import authentik.common.utils.time
 class Migration(migrations.Migration):
@ -104,7 +104,7 @@ class Migration(migrations.Migration):
                    "Events will be deleted after this duration.(Format:"
                    " weeks=3;days=2;hours=3,seconds=2)."
                ),
-                validators=[authentik.lib.utils.time.timedelta_string_validator],
+                validators=[authentik.common.utils.time.timedelta_string_validator],
            ),
        ),
        migrations.AddField(
--- a/authentik/brands/models.py
+++ b/authentik/brands/models.py
@ -8,10 +8,10 @@ from django.utils.translation import gettext_lazy as _
 from rest_framework.serializers import Serializer
 from structlog.stdlib import get_logger
 from authentik.common.config import CONFIG
 from authentik.common.models import SerializerModel
 from authentik.crypto.models import CertificateKeyPair
 from authentik.flows.models import Flow
 from authentik.lib.config import CONFIG
 from authentik.lib.models import SerializerModel
 LOGGER = get_logger()
--- a/authentik/brands/tests.py
+++ b/authentik/brands/tests.py
@ -7,7 +7,7 @@ from authentik.brands.api import Themes
 from authentik.brands.models import Brand
 from authentik.core.models import Application
 from authentik.core.tests.utils import create_test_admin_user, create_test_brand
-from authentik.lib.generators import generate_id
+from authentik.crypto.generators import generate_id
 from authentik.providers.oauth2.models import OAuth2Provider
 from authentik.providers.saml.models import SAMLProvider
--- a/authentik/common/init.py
+++ b/authentik/common/init.py
--- a/authentik/lib/expression/init.py
+++ b/authentik/lib/expression/init.py
--- a/authentik/common/api/validators.py
+++ b/authentik/common/api/validators.py
--- a/authentik/common/config/init.py
+++ b/authentik/common/config/init.py
@ -18,11 +18,11 @@ from typing import Any
 from urllib.parse import quote_plus, urlparse
 import yaml
-from django.conf import ImproperlyConfigured
+from django.core.exceptions import ImproperlyConfigured
-from authentik.lib.utils.dict import get_path_from_dict, set_path_in_dict
+from authentik.common.utils.dict import get_path_from_dict, set_path_in_dict
-SEARCH_PATHS = ["authentik/lib/default.yml", "/etc/authentik/config.yml", ""] + glob(
+SEARCH_PATHS = ["authentik/common/config/default.yml", "/etc/authentik/config.yml", ""] + glob(
    "/etc/authentik/config.d/*.yml", recursive=True
 )
 ENV_PREFIX = "AUTHENTIK"
@ -100,7 +100,7 @@ class ConfigLoader:
    def __init__(self, **kwargs):
        super().__init__()
        self.__config = {}
-        base_dir = Path(__file__).parent.joinpath(Path("../..")).resolve()
+        base_dir = Path(__file__).parent.joinpath(Path("../../..")).resolve()
        for _path in SEARCH_PATHS:
            path = Path(_path)
            # Check if path is relative, and if so join with base_dir
--- a/authentik/common/config/config.go
+++ b/authentik/common/config/config.go
@ -1,4 +1,4 @@
-package lib
+package config
 import _ "embed"
--- a/authentik/common/config/default.yml
+++ b/authentik/common/config/default.yml
@ -8,12 +8,12 @@
 # make gen-dev-config
 # ```
 #
-# You may edit the generated file to override the configuration below.  
+# You may edit the generated file to override the configuration below.
 #
-# When making modifying the default configuration file, 
+# When making modifying the default configuration file,
 # ensure that the corresponding documentation is updated to match.
 #
-# @see {@link ../../website/docs/install-config/configuration/configuration.mdx Configuration documentation} for more information.
+# @see {@link ../../../website/docs/install-config/configuration/configuration.mdx Configuration documentation} for more information.
 postgresql:
  host: localhost
--- a/authentik/lib/tests/test_config.py
+++ b/authentik/lib/tests/test_config.py
@ -6,10 +6,10 @@ from os import chmod, environ, unlink, write
 from tempfile import mkstemp
 from unittest import mock
-from django.conf import ImproperlyConfigured
+from django.core.exceptions import ImproperlyConfigured
 from django.test import TestCase
-from authentik.lib.config import (
+from authentik.common.config import (
    ENV_PREFIX,
    UNSET,
    Attr,
--- a/authentik/common/exceptions/init.py
+++ b/authentik/common/exceptions/init.py
@ -0,0 +1,7 @@
 class AuthentikException(Exception):
    """Base class for authentik exceptions"""
 class NotReportedException(AuthentikException):
    """Exception base class for all errors that are suppressed,
    and not sent to any kind of monitoring."""
--- a/authentik/common/exceptions/tests.py
+++ b/authentik/common/exceptions/tests.py
@ -2,7 +2,8 @@
 from django.test import TestCase
-from authentik.lib.sentry import SentryIgnoredException, before_send
+from authentik.common.exceptions import NotReportedException
 from authentik.root.sentry import before_send
 class TestSentry(TestCase):
@ -10,7 +11,7 @@ class TestSentry(TestCase):
    def test_error_not_sent(self):
        """Test SentryIgnoredError not sent"""
-        self.assertIsNone(before_send({}, {"exc_info": (0, SentryIgnoredException(), 0)}))
+        self.assertIsNone(before_send({}, {"exc_info": (0, NotReportedException(), 0)}))
    def test_error_sent(self):
        """Test error sent"""
--- a/authentik/common/expression/init.py
+++ b/authentik/common/expression/init.py
--- a/authentik/common/expression/evaluator.py
+++ b/authentik/common/expression/evaluator.py
@ -18,11 +18,11 @@ from sentry_sdk import start_span
 from sentry_sdk.tracing import Span
 from structlog.stdlib import get_logger
 from authentik.common.expression.exceptions import ControlFlowException
 from authentik.common.utils.http import get_http_session
 from authentik.common.utils.time import timedelta_from_string
 from authentik.core.models import User
 from authentik.events.models import Event
 from authentik.lib.expression.exceptions import ControlFlowException
 from authentik.lib.utils.http import get_http_session
 from authentik.lib.utils.time import timedelta_from_string
 from authentik.policies.models import Policy, PolicyBinding
 from authentik.policies.process import PolicyProcess
 from authentik.policies.types import PolicyRequest, PolicyResult
@ -234,7 +234,7 @@ class BaseEvaluator:
        """Parse and evaluate expression. If the syntax is incorrect, a SyntaxError is raised.
        If any exception is raised during execution, it is raised.
        The result is returned without any type-checking."""
-        with start_span(op="authentik.lib.evaluator.evaluate") as span:
+        with start_span(op="authentik.common.evaluator.evaluate") as span:
            span: Span
            span.description = self._filename
            span.set_data("expression", expression_source)
--- a/authentik/common/expression/exceptions.py
+++ b/authentik/common/expression/exceptions.py
@ -0,0 +1,6 @@
 from authentik.common.exceptions import NotReportedException
 class ControlFlowException(NotReportedException):
    """Exceptions used to control the flow from exceptions, not reported as a warning/
    error in logs"""
--- a/authentik/lib/tests/test_evaluator.py
+++ b/authentik/lib/tests/test_evaluator.py
@ -5,10 +5,10 @@ from django.urls import reverse
 from jwt import decode
 from authentik.blueprints.tests import apply_blueprint
 from authentik.common.expression.evaluator import BaseEvaluator
 from authentik.core.tests.utils import create_test_admin_user, create_test_flow, create_test_user
 from authentik.crypto.generators import generate_id
 from authentik.events.models import Event
 from authentik.lib.expression.evaluator import BaseEvaluator
 from authentik.lib.generators import generate_id
 from authentik.providers.oauth2.models import OAuth2Provider, ScopeMapping
--- a/authentik/common/ldap/init.py
+++ b/authentik/common/ldap/init.py
--- a/authentik/common/ldap/constants.py
+++ b/authentik/common/ldap/constants.py
@ -0,0 +1 @@
 LDAP_DISTINGUISHED_NAME = "distinguishedName"
--- a/authentik/common/migrations.py
+++ b/authentik/common/migrations.py
--- a/authentik/common/models/init.py
+++ b/authentik/common/models/init.py
@ -2,11 +2,15 @@
 import re
 from django.contrib.auth.models import Permission
 from django.contrib.contenttypes.models import ContentType
 from django.core.validators import URLValidator
 from django.db import models
 from django.db.models import Model
 from django.utils.regex_helper import _lazy_re_compile
 from guardian.models import UserObjectPermission
 from model_utils.managers import InheritanceManager
-from rest_framework.serializers import BaseSerializer
+from rest_framework.serializers import Serializer
 class SerializerModel(models.Model):
@ -16,17 +20,8 @@ class SerializerModel(models.Model):
        abstract = True
    @property
-    def serializer(self) -> type[BaseSerializer]:
+    def serializer(self) -> type[Serializer]:
-        """Get serializer for this model"""
+        """Get serializer type for this model"""
        # Special handling for built-in source
        if (
            hasattr(self, "managed")
            and hasattr(self, "MANAGED_INBUILT")
            and self.managed == self.MANAGED_INBUILT
        ):
            from authentik.core.api.sources import SourceSerializer
            return SourceSerializer
        raise NotImplementedError
@ -103,3 +98,32 @@ class DomainlessFormattedURLValidator(DomainlessURLValidator):
            re.IGNORECASE,
        )
        self.schemes = ["http", "https", "blank"] + list(self.schemes)
 __internal_models = []
 def internal_model(cls):
    """Mark a model class as an internal model, which means it cannot be
    managed by blueprints, and creations/changes will not be logged in the events."""
    __internal_models.append(cls)
    return cls
 def excluded_models() -> list[type[Model]]:
    """Return a list of all excluded models that shouldn't be exposed via API
    or other means (internal only, base classes, non-used objects, etc)"""
    from django.apps import apps
    from django.contrib.auth.models import Group as DjangoGroup
    from django.contrib.auth.models import User as DjangoUser
    static = [
        # Django only classes
        DjangoUser,
        DjangoGroup,
        ContentType,
        Permission,
        UserObjectPermission,
    ]
    return tuple(static + [x for x in apps.get_models() if x in __internal_models])
--- a/authentik/lib/tests/test_serializer_model.py
+++ b/authentik/lib/tests/test_serializer_model.py
@ -5,9 +5,9 @@ from collections.abc import Callable
 from django.test import TestCase
 from rest_framework.serializers import BaseSerializer
 from authentik.common.models import SerializerModel
 from authentik.common.utils.reflection import all_subclasses
 from authentik.flows.models import Stage
 from authentik.lib.models import SerializerModel
 from authentik.lib.utils.reflection import all_subclasses
 class TestModels(TestCase):
--- a/authentik/common/oauth/init.py
+++ b/authentik/common/oauth/init.py
--- a/authentik/providers/oauth2/constants.py
+++ b/authentik/providers/oauth2/constants.py
--- a/authentik/providers/oauth2/errors.py
+++ b/authentik/providers/oauth2/errors.py
@ -4,13 +4,13 @@ from urllib.parse import quote, urlparse
 from django.http import HttpRequest, HttpResponse, HttpResponseRedirect
 from authentik.common.exceptions import NotReportedException
 from authentik.common.views import bad_request_message
 from authentik.events.models import Event, EventAction
 from authentik.lib.sentry import SentryIgnoredException
 from authentik.lib.views import bad_request_message
 from authentik.providers.oauth2.models import GrantTypes, RedirectURI
-class OAuth2Error(SentryIgnoredException):
+class OAuth2Error(NotReportedException):
    """Base class for all OAuth2 Errors"""
    error: str
--- a/authentik/common/saml/init.py
+++ b/authentik/common/saml/init.py
--- a/authentik/common/saml/api.py
+++ b/authentik/common/saml/api.py
@ -0,0 +1,10 @@
 from rest_framework.fields import CharField
 from authentik.core.api.utils import PassiveSerializer
 class SAMLMetadataSerializer(PassiveSerializer):
    """SAML Provider Metadata serializer"""
    metadata = CharField(read_only=True)
    download_url = CharField(read_only=True, required=False)
--- a/authentik/sources/saml/processors/constants.py
+++ b/authentik/sources/saml/processors/constants.py
--- a/authentik/providers/saml/utils/encoding.py
+++ b/authentik/providers/saml/utils/encoding.py
--- a/authentik/sources/saml/exceptions.py
+++ b/authentik/sources/saml/exceptions.py
@ -1,9 +1,9 @@
 """authentik saml source exceptions"""
-from authentik.lib.sentry import SentryIgnoredException
+from authentik.common.exceptions import NotReportedException
-class SAMLException(SentryIgnoredException):
+class SAMLException(NotReportedException):
    """Base SAML Exception"""
--- a/authentik/providers/saml/utils/init.py
+++ b/authentik/providers/saml/utils/init.py
--- a/authentik/providers/saml/utils/time.py
+++ b/authentik/providers/saml/utils/time.py
--- a/authentik/common/saml/xml.py
+++ b/authentik/common/saml/xml.py
--- a/authentik/common/scim/init.py
+++ b/authentik/common/scim/init.py
--- a/authentik/providers/scim/clients/schema.py
+++ b/authentik/providers/scim/clients/schema.py
--- a/authentik/common/sync/init.py
+++ b/authentik/common/sync/init.py
--- a/authentik/common/sync/mapper.py
+++ b/authentik/common/sync/mapper.py
@ -3,12 +3,12 @@ from collections.abc import Generator
 from django.db.models import QuerySet
 from django.http import HttpRequest
 from authentik.common.expression.exceptions import ControlFlowException
 from authentik.core.expression.evaluator import PropertyMappingEvaluator
 from authentik.core.expression.exceptions import (
    PropertyMappingExpressionException,
 )
 from authentik.core.models import PropertyMapping, User
 from authentik.lib.expression.exceptions import ControlFlowException
 class PropertyMappingManager:
--- a/authentik/common/sync/outgoing/init.py
+++ b/authentik/common/sync/outgoing/init.py
--- a/authentik/common/sync/outgoing/api.py
+++ b/authentik/common/sync/outgoing/api.py
@ -7,12 +7,12 @@ from rest_framework.fields import BooleanField, CharField, ChoiceField
 from rest_framework.request import Request
 from rest_framework.response import Response
 from authentik.common.sync.outgoing.models import OutgoingSyncProvider
 from authentik.common.utils.reflection import class_to_path
 from authentik.core.api.utils import ModelSerializer, PassiveSerializer
 from authentik.core.models import Group, User
 from authentik.events.api.tasks import SystemTaskSerializer
 from authentik.events.logs import LogEvent, LogEventSerializer
 from authentik.lib.sync.outgoing.models import OutgoingSyncProvider
 from authentik.lib.utils.reflection import class_to_path
 from authentik.rbac.filters import ObjectFilter
--- a/authentik/common/sync/outgoing/base.py
+++ b/authentik/common/sync/outgoing/base.py
@ -7,19 +7,19 @@ from deepmerge import always_merger
 from django.db import DatabaseError
 from structlog.stdlib import get_logger
 from authentik.common.expression.exceptions import ControlFlowException
 from authentik.common.sync.mapper import PropertyMappingManager
 from authentik.common.sync.outgoing.exceptions import NotFoundSyncException, StopSync
 from authentik.common.utils.errors import exception_to_string
 from authentik.core.expression.exceptions import (
    PropertyMappingExpressionException,
 )
 from authentik.events.models import Event, EventAction
 from authentik.lib.expression.exceptions import ControlFlowException
 from authentik.lib.sync.mapper import PropertyMappingManager
 from authentik.lib.sync.outgoing.exceptions import NotFoundSyncException, StopSync
 from authentik.lib.utils.errors import exception_to_string
 if TYPE_CHECKING:
    from django.db.models import Model
-    from authentik.lib.sync.outgoing.models import OutgoingSyncProvider
+    from authentik.common.sync.outgoing.models import OutgoingSyncProvider
 class Direction(StrEnum):
--- a/authentik/common/sync/outgoing/exceptions.py
+++ b/authentik/common/sync/outgoing/exceptions.py
@ -1,7 +1,7 @@
-from authentik.lib.sentry import SentryIgnoredException
+from authentik.common.exceptions import NotReportedException
-class BaseSyncException(SentryIgnoredException):
+class BaseSyncException(NotReportedException):
    """Base class for all sync exceptions"""
--- a/authentik/common/sync/outgoing/models.py
+++ b/authentik/common/sync/outgoing/models.py
@ -5,8 +5,8 @@ from django.db import connection, models
 from django.db.models import Model, QuerySet, TextChoices
 from django.utils.translation import gettext_lazy as _
 from authentik.common.sync.outgoing.base import BaseOutgoingSyncClient
 from authentik.core.models import Group, User
 from authentik.lib.sync.outgoing.base import BaseOutgoingSyncClient
 class OutgoingSyncDeleteAction(TextChoices):
--- a/authentik/common/sync/outgoing/signals.py
+++ b/authentik/common/sync/outgoing/signals.py
@ -5,11 +5,11 @@ from django.db.models import Model
 from django.db.models.query import Q
 from django.db.models.signals import m2m_changed, post_save, pre_delete
 from authentik.common.sync.outgoing import PAGE_SIZE, PAGE_TIMEOUT
 from authentik.common.sync.outgoing.base import Direction
 from authentik.common.sync.outgoing.models import OutgoingSyncProvider
 from authentik.common.utils.reflection import class_to_path
 from authentik.core.models import Group, User
 from authentik.lib.sync.outgoing import PAGE_SIZE, PAGE_TIMEOUT
 from authentik.lib.sync.outgoing.base import Direction
 from authentik.lib.sync.outgoing.models import OutgoingSyncProvider
 from authentik.lib.utils.reflection import class_to_path
 def register_signals(
--- a/authentik/common/sync/outgoing/tasks.py
+++ b/authentik/common/sync/outgoing/tasks.py
@ -10,22 +10,22 @@ from django.utils.text import slugify
 from django.utils.translation import gettext_lazy as _
 from structlog.stdlib import BoundLogger, get_logger
 from authentik.common.sync.outgoing import PAGE_SIZE, PAGE_TIMEOUT
 from authentik.common.sync.outgoing.base import Direction
 from authentik.common.sync.outgoing.exceptions import (
    BadRequestSyncException,
    DryRunRejected,
    StopSync,
    TransientSyncException,
 )
 from authentik.common.sync.outgoing.models import OutgoingSyncProvider
 from authentik.common.utils.reflection import class_to_path, path_to_class
 from authentik.core.expression.exceptions import SkipObjectException
 from authentik.core.models import Group, User
 from authentik.events.logs import LogEvent
 from authentik.events.models import TaskStatus
 from authentik.events.system_tasks import SystemTask
 from authentik.events.utils import sanitize_item
 from authentik.lib.sync.outgoing import PAGE_SIZE, PAGE_TIMEOUT
 from authentik.lib.sync.outgoing.base import Direction
 from authentik.lib.sync.outgoing.exceptions import (
    BadRequestSyncException,
    DryRunRejected,
    StopSync,
    TransientSyncException,
 )
 from authentik.lib.sync.outgoing.models import OutgoingSyncProvider
 from authentik.lib.utils.reflection import class_to_path, path_to_class
 class SyncTasks:
--- a/authentik/lib/tests/utils.py
+++ b/authentik/lib/tests/utils.py
--- a/authentik/common/utils/init.py
+++ b/authentik/common/utils/init.py
--- a/authentik/common/utils/dict.py
+++ b/authentik/common/utils/dict.py
--- a/authentik/common/utils/email.py
+++ b/authentik/common/utils/email.py
--- a/authentik/common/utils/errors.py
+++ b/authentik/common/utils/errors.py
@ -2,7 +2,7 @@
 from traceback import extract_tb
-from authentik.lib.utils.reflection import class_to_path
+from authentik.common.utils.reflection import class_to_path
 TRACEBACK_HEADER = "Traceback (most recent call last):"
--- a/authentik/common/utils/file.py
+++ b/authentik/common/utils/file.py
--- a/authentik/common/utils/http.py
+++ b/authentik/common/utils/http.py
@ -6,7 +6,7 @@ from requests.sessions import PreparedRequest, Session
 from structlog.stdlib import get_logger
 from authentik import get_full_version
-from authentik.lib.config import CONFIG
+from authentik.common.config import CONFIG
 LOGGER = get_logger()
--- a/authentik/common/utils/reflection.py
+++ b/authentik/common/utils/reflection.py
@ -7,7 +7,7 @@ from tempfile import gettempdir
 from django.conf import settings
-from authentik.lib.config import CONFIG
+from authentik.common.config import CONFIG
 SERVICE_HOST_ENV_NAME = "KUBERNETES_SERVICE_HOST"
--- a/authentik/common/utils/tests/init.py
+++ b/authentik/common/utils/tests/init.py
--- a/authentik/common/utils/tests/test_utils_reflection.py
+++ b/authentik/common/utils/tests/test_utils_reflection.py
@ -4,7 +4,7 @@ from datetime import datetime
 from django.test import TestCase
-from authentik.lib.utils.reflection import path_to_class
+from authentik.common.utils.reflection import path_to_class
 class TestReflectionUtils(TestCase):
--- a/authentik/common/utils/tests/test_utils_time.py
+++ b/authentik/common/utils/tests/test_utils_time.py
@ -5,7 +5,7 @@ from datetime import timedelta
 from django.core.exceptions import ValidationError
 from django.test import TestCase
-from authentik.lib.utils.time import timedelta_from_string, timedelta_string_validator
+from authentik.common.utils.time import timedelta_from_string, timedelta_string_validator
 class TestTimeUtils(TestCase):
--- a/authentik/common/utils/time.py
+++ b/authentik/common/utils/time.py
--- a/authentik/common/utils/urls.py
+++ b/authentik/common/utils/urls.py
--- a/authentik/common/views/init.py
+++ b/authentik/common/views/init.py
--- a/authentik/common/views/tests.py
+++ b/authentik/common/views/tests.py
@ -0,0 +1,19 @@
 """Test HTTP Helpers"""
 from django.test import RequestFactory, TestCase
 from authentik.common.views import bad_request_message
 from authentik.core.tests.utils import create_test_admin_user
 class TestViews(TestCase):
    """Test Views Helpers"""
    def setUp(self) -> None:
        self.user = create_test_admin_user()
        self.factory = RequestFactory()
    def test_bad_request_message(self):
        """test bad_request_message"""
        request = self.factory.get("/")
        self.assertEqual(bad_request_message(request, "foo").status_code, 400)
--- a/authentik/core/api/applications.py
+++ b/authentik/core/api/applications.py
@ -23,18 +23,18 @@ from structlog.stdlib import get_logger
 from authentik.admin.api.metrics import CoordinateSerializer
 from authentik.api.pagination import Pagination
 from authentik.blueprints.v1.importer import SERIALIZER_CONTEXT_BLUEPRINT
 from authentik.common.utils.file import (
    FilePathSerializer,
    FileUploadSerializer,
    set_file,
    set_file_url,
 )
 from authentik.core.api.providers import ProviderSerializer
 from authentik.core.api.used_by import UsedByMixin
 from authentik.core.api.utils import ModelSerializer
 from authentik.core.models import Application, User
 from authentik.events.logs import LogEventSerializer, capture_logs
 from authentik.events.models import EventAction
 from authentik.lib.utils.file import (
    FilePathSerializer,
    FileUploadSerializer,
    set_file,
    set_file_url,
 )
 from authentik.policies.api.exec import PolicyTestResultSerializer
 from authentik.policies.engine import PolicyEngine
 from authentik.policies.types import CACHE_PREFIX, PolicyResult
--- a/authentik/core/api/object_types.py
+++ b/authentik/core/api/object_types.py
@ -9,9 +9,9 @@ from rest_framework.fields import (
 from rest_framework.request import Request
 from rest_framework.response import Response
 from authentik.common.utils.reflection import all_subclasses
 from authentik.core.api.utils import PassiveSerializer
 from authentik.enterprise.apps import EnterpriseConfig
 from authentik.lib.utils.reflection import all_subclasses
 class TypeCreateSerializer(PassiveSerializer):
--- a/authentik/core/api/property_mappings.py
+++ b/authentik/core/api/property_mappings.py
@ -22,6 +22,7 @@ from rest_framework.response import Response
 from rest_framework.viewsets import GenericViewSet
 from authentik.blueprints.api import ManagedSerializer
 from authentik.common.utils.errors import exception_to_string
 from authentik.core.api.object_types import TypesMixin
 from authentik.core.api.used_by import UsedByMixin
 from authentik.core.api.utils import (
@ -33,7 +34,6 @@ from authentik.core.expression.evaluator import PropertyMappingEvaluator
 from authentik.core.expression.exceptions import PropertyMappingExpressionException
 from authentik.core.models import Group, PropertyMapping, User
 from authentik.events.utils import sanitize_item
 from authentik.lib.utils.errors import exception_to_string
 from authentik.policies.api.exec import PolicyTestSerializer
 from authentik.rbac.decorators import permission_required
--- a/authentik/core/api/sources.py
+++ b/authentik/core/api/sources.py
@ -14,17 +14,17 @@ from rest_framework.viewsets import GenericViewSet
 from structlog.stdlib import get_logger
 from authentik.blueprints.v1.importer import SERIALIZER_CONTEXT_BLUEPRINT
-from authentik.core.api.object_types import TypesMixin
+from authentik.common.utils.file import (
 from authentik.core.api.used_by import UsedByMixin
 from authentik.core.api.utils import MetaNameSerializer, ModelSerializer
 from authentik.core.models import GroupSourceConnection, Source, UserSourceConnection
 from authentik.core.types import UserSettingSerializer
 from authentik.lib.utils.file import (
    FilePathSerializer,
    FileUploadSerializer,
    set_file,
    set_file_url,
 )
 from authentik.core.api.object_types import TypesMixin
 from authentik.core.api.used_by import UsedByMixin
 from authentik.core.api.utils import MetaNameSerializer, ModelSerializer
 from authentik.core.models import GroupSourceConnection, Source, UserSourceConnection
 from authentik.core.types import UserSettingSerializer
 from authentik.policies.engine import PolicyEngine
 from authentik.rbac.decorators import permission_required
--- a/authentik/core/api/tokens.py
+++ b/authentik/core/api/tokens.py
@ -14,6 +14,7 @@ from rest_framework.viewsets import ModelViewSet
 from authentik.blueprints.api import ManagedSerializer
 from authentik.blueprints.v1.importer import SERIALIZER_CONTEXT_BLUEPRINT
 from authentik.common.utils.time import timedelta_from_string
 from authentik.core.api.used_by import UsedByMixin
 from authentik.core.api.users import UserSerializer
 from authentik.core.api.utils import ModelSerializer, PassiveSerializer
@ -27,7 +28,6 @@ from authentik.core.models import (
 )
 from authentik.events.models import Event, EventAction
 from authentik.events.utils import model_to_dict
 from authentik.lib.utils.time import timedelta_from_string
 from authentik.rbac.decorators import permission_required
--- a/authentik/core/api/transactional_applications.py
+++ b/authentik/core/api/transactional_applications.py
@ -20,10 +20,10 @@ from authentik.blueprints.v1.common import (
    KeyOf,
 )
 from authentik.blueprints.v1.importer import Importer
 from authentik.common.utils.reflection import all_subclasses
 from authentik.core.api.applications import ApplicationSerializer
 from authentik.core.api.utils import PassiveSerializer
 from authentik.core.models import Application, Provider
 from authentik.lib.utils.reflection import all_subclasses
 from authentik.policies.api.bindings import PolicyBindingSerializer
--- a/authentik/core/api/users.py
+++ b/authentik/core/api/users.py
@ -62,6 +62,7 @@ from authentik.core.api.utils import (
    ModelSerializer,
    PassiveSerializer,
 )
 from authentik.core.avatars import get_avatar
 from authentik.core.middleware import (
    SESSION_KEY_IMPERSONATE_ORIGINAL_USER,
    SESSION_KEY_IMPERSONATE_USER,
@ -81,7 +82,6 @@ from authentik.flows.exceptions import FlowNonApplicableException
 from authentik.flows.models import FlowToken
 from authentik.flows.planner import PLAN_CONTEXT_PENDING_USER, FlowPlanner
 from authentik.flows.views.executor import QS_KEY_TOKEN
 from authentik.lib.avatars import get_avatar
 from authentik.rbac.decorators import permission_required
 from authentik.rbac.models import get_permission_choices
 from authentik.stages.email.models import EmailStage
--- a/authentik/core/avatars.py
+++ b/authentik/core/avatars.py
@ -13,8 +13,8 @@ from lxml import etree  # nosec
 from lxml.etree import Element, SubElement  # nosec
 from requests.exceptions import ConnectionError, HTTPError, RequestException, Timeout
-from authentik.lib.utils.dict import get_path_from_dict
+from authentik.common.utils.dict import get_path_from_dict
-from authentik.lib.utils.http import get_http_session
+from authentik.common.utils.http import get_http_session
 from authentik.tenants.utils import get_current_tenant
 if TYPE_CHECKING:
--- a/authentik/core/expression/evaluator.py
+++ b/authentik/core/expression/evaluator.py
@ -7,11 +7,11 @@ from django.db.models import Model
 from django.http import HttpRequest
 from prometheus_client import Histogram
 from authentik.common.expression.evaluator import BaseEvaluator
 from authentik.common.utils.errors import exception_to_string
 from authentik.core.expression.exceptions import SkipObjectException
 from authentik.core.models import User
 from authentik.events.models import Event, EventAction
 from authentik.lib.expression.evaluator import BaseEvaluator
 from authentik.lib.utils.errors import exception_to_string
 from authentik.policies.types import PolicyRequest
 PROPERTY_MAPPING_TIME = Histogram(
--- a/authentik/core/expression/exceptions.py
+++ b/authentik/core/expression/exceptions.py
@ -1,10 +1,10 @@
 """authentik core exceptions"""
-from authentik.lib.expression.exceptions import ControlFlowException
+from authentik.common.exceptions import NotReportedException
-from authentik.lib.sentry import SentryIgnoredException
+from authentik.common.expression.exceptions import ControlFlowException
-class PropertyMappingExpressionException(SentryIgnoredException):
+class PropertyMappingExpressionException(NotReportedException):
    """Error when a PropertyMapping Exception expression could not be parsed or evaluated."""
    def __init__(self, exc: Exception, mapping) -> None:
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Jens Langhammer	17adf23c79	fix ci Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-05-10 17:31:13 +02:00
Jens Langhammer	39c54de2b5	aaaand its all gone Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-05-10 17:28:53 +02:00
Jens Langhammer	417023e098	move more Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-05-10 17:21:49 +02:00
Jens Langhammer	6376e4a44b	move app specific code out of lib Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-05-10 17:19:53 +02:00
Jens Langhammer	c692f91b72	move migrations Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-05-10 17:19:41 +02:00
Jens Langhammer	95db1ecf62	move config...? Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-05-10 17:16:39 +02:00
Jens Langhammer	e28968c896	move more Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-05-10 17:11:06 +02:00
Jens Langhammer	ca0a4cb34f	move more stuff out of lib Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-05-10 17:06:14 +02:00
Jens Langhammer	e204a3fe16	more moving Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-05-10 16:54:41 +02:00
Jens Langhammer	c47a9a6286	Revert "refactor" This reverts commit ecdc8ff3fe25df3062f2adf4295ed506b774da2e.	2025-05-10 16:45:28 +02:00
Jens Langhammer	cf78fad6ec	move more to stuff Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-05-10 16:45:28 +02:00
Jens Langhammer	8996630eff	refactor Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-05-10 16:44:27 +02:00
Jens Langhammer	fb93847860	fix rebase leftovers Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-05-10 16:44:27 +02:00
Jens Langhammer	bb7404e884	fix Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-05-10 16:44:27 +02:00
Jens Langhammer	e4c54c2d1f	fix Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-05-10 16:44:27 +02:00
Jens Langhammer	b48d5892a8	fix stuff that was accidentally removed Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-05-10 16:44:27 +02:00
Jens Langhammer	eb87941f61	fix more Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-05-10 16:44:27 +02:00
Jens Langhammer	62e2684ecd	fix Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-05-10 16:44:27 +02:00
Jens Langhammer	5a59513d0b	separate outpost auth Signed-off-by: Jens Langhammer <jens@goauthentik.io> # Conflicts: # authentik/api/authentication.py # authentik/api/tests/test_auth.py	2025-05-10 16:44:26 +02:00
Jens Langhammer	c3ff834ea7	move ldap Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-05-10 16:44:26 +02:00
Jens Langhammer	9f74d2cb09	make extended login challenges not hardcoded Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-05-10 16:43:40 +02:00
Jens Langhammer	30a9e597e9	use decorator for excluded models Signed-off-by: Jens Langhammer <jens@goauthentik.io> # Conflicts: # authentik/blueprints/v1/importer.py # authentik/core/models.py # authentik/sources/scim/models.py	2025-05-10 16:43:22 +02:00
Jens Langhammer	12d94c8c5e	move scim Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-05-10 16:41:40 +02:00
Jens Langhammer	221cb029d8	move oauth common things Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-05-10 16:41:40 +02:00
Jens Langhammer	7f4fbf354e	move common saml code Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-05-10 16:40:46 +02:00
`@ -1,4 +1,4 @@`
	`package lib`	`package config`

	`import _ "embed"`	`import _ "embed"`
		`@ -0,0 +1 @@`
							`LDAP_DISTINGUISHED_NAME = "distinguishedName"`