Compare commits
	
		
			5 Commits
		
	
	
		
			policies-e
			...
			version/20
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| fe5d22ce6c | |||
| 0e30b6ee55 | |||
| 6cbba45291 | |||
| ba023a3bba | |||
| 6c805bcf32 | 
| @ -1,5 +1,5 @@ | ||||
| [bumpversion] | ||||
| current_version = 2021.8.4 | ||||
| current_version = 2021.8.5 | ||||
| tag = True | ||||
| commit = True | ||||
| parse = (?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)\-?(?P<release>.*) | ||||
|  | ||||
							
								
								
									
										20
									
								
								.github/workflows/release-publish.yml
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										20
									
								
								.github/workflows/release-publish.yml
									
									
									
									
										vendored
									
									
								
							| @ -33,14 +33,14 @@ jobs: | ||||
|         with: | ||||
|           push: ${{ github.event_name == 'release' }} | ||||
|           tags: | | ||||
|             beryju/authentik:2021.8.4, | ||||
|             beryju/authentik:2021.8.5, | ||||
|             beryju/authentik:latest, | ||||
|             ghcr.io/goauthentik/server:2021.8.4, | ||||
|             ghcr.io/goauthentik/server:2021.8.5, | ||||
|             ghcr.io/goauthentik/server:latest | ||||
|           platforms: linux/amd64,linux/arm64 | ||||
|           context: . | ||||
|       - name: Building Docker Image (stable) | ||||
|         if: ${{ github.event_name == 'release' && !contains('2021.8.4', 'rc') }} | ||||
|         if: ${{ github.event_name == 'release' && !contains('2021.8.5', 'rc') }} | ||||
|         run: | | ||||
|           docker pull beryju/authentik:latest | ||||
|           docker tag beryju/authentik:latest beryju/authentik:stable | ||||
| @ -75,14 +75,14 @@ jobs: | ||||
|         with: | ||||
|           push: ${{ github.event_name == 'release' }} | ||||
|           tags: | | ||||
|             beryju/authentik-proxy:2021.8.4, | ||||
|             beryju/authentik-proxy:2021.8.5, | ||||
|             beryju/authentik-proxy:latest, | ||||
|             ghcr.io/goauthentik/proxy:2021.8.4, | ||||
|             ghcr.io/goauthentik/proxy:2021.8.5, | ||||
|             ghcr.io/goauthentik/proxy:latest | ||||
|           file: proxy.Dockerfile | ||||
|           platforms: linux/amd64,linux/arm64 | ||||
|       - name: Building Docker Image (stable) | ||||
|         if: ${{ github.event_name == 'release' && !contains('2021.8.4', 'rc') }} | ||||
|         if: ${{ github.event_name == 'release' && !contains('2021.8.5', 'rc') }} | ||||
|         run: | | ||||
|           docker pull beryju/authentik-proxy:latest | ||||
|           docker tag beryju/authentik-proxy:latest beryju/authentik-proxy:stable | ||||
| @ -117,14 +117,14 @@ jobs: | ||||
|         with: | ||||
|           push: ${{ github.event_name == 'release' }} | ||||
|           tags: | | ||||
|             beryju/authentik-ldap:2021.8.4, | ||||
|             beryju/authentik-ldap:2021.8.5, | ||||
|             beryju/authentik-ldap:latest, | ||||
|             ghcr.io/goauthentik/ldap:2021.8.4, | ||||
|             ghcr.io/goauthentik/ldap:2021.8.5, | ||||
|             ghcr.io/goauthentik/ldap:latest | ||||
|           file: ldap.Dockerfile | ||||
|           platforms: linux/amd64,linux/arm64 | ||||
|       - name: Building Docker Image (stable) | ||||
|         if: ${{ github.event_name == 'release' && !contains('2021.8.4', 'rc') }} | ||||
|         if: ${{ github.event_name == 'release' && !contains('2021.8.5', 'rc') }} | ||||
|         run: | | ||||
|           docker pull beryju/authentik-ldap:latest | ||||
|           docker tag beryju/authentik-ldap:latest beryju/authentik-ldap:stable | ||||
| @ -175,7 +175,7 @@ jobs: | ||||
|           SENTRY_PROJECT: authentik | ||||
|           SENTRY_URL: https://sentry.beryju.org | ||||
|         with: | ||||
|           version: authentik@2021.8.4 | ||||
|           version: authentik@2021.8.5 | ||||
|           environment: beryjuorg-prod | ||||
|           sourcemaps: './web/dist' | ||||
|           url_prefix: '~/static/dist' | ||||
|  | ||||
| @ -1,3 +1,3 @@ | ||||
| """authentik""" | ||||
| __version__ = "2021.8.4" | ||||
| __version__ = "2021.8.5" | ||||
| ENV_GIT_HASH_KEY = "GIT_BUILD_HASH" | ||||
|  | ||||
| @ -6,7 +6,6 @@ from django.urls import reverse | ||||
| from django.views.generic import RedirectView | ||||
| from structlog.stdlib import get_logger | ||||
|  | ||||
| from authentik.flows.views import FlowExecutorView | ||||
| from authentik.sources.oauth.models import OAuthSource | ||||
| from authentik.sources.oauth.views.base import OAuthClientMixin | ||||
|  | ||||
| @ -43,5 +42,4 @@ class OAuthRedirect(OAuthClientMixin, RedirectView): | ||||
|                 raise Http404(f"source {slug} is not enabled.") | ||||
|             client = self.get_client(source, callback=self.get_callback_url(source)) | ||||
|             params = self.get_additional_parameters(source) | ||||
|             FlowExecutorView(request=self.request).cancel() | ||||
|             return client.get_redirect_url(params) | ||||
|  | ||||
| @ -21,7 +21,7 @@ services: | ||||
|     networks: | ||||
|       - internal | ||||
|   server: | ||||
|     image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2021.8.4} | ||||
|     image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2021.8.5} | ||||
|     restart: unless-stopped | ||||
|     command: server | ||||
|     environment: | ||||
| @ -44,7 +44,7 @@ services: | ||||
|       - "0.0.0.0:9000:9000" | ||||
|       - "0.0.0.0:9443:9443" | ||||
|   worker: | ||||
|     image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2021.8.4} | ||||
|     image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2021.8.5} | ||||
|     restart: unless-stopped | ||||
|     command: worker | ||||
|     networks: | ||||
|  | ||||
| @ -17,4 +17,4 @@ func OutpostUserAgent() string { | ||||
| 	return fmt.Sprintf("authentik-outpost@%s (%s)", VERSION, BUILD()) | ||||
| } | ||||
|  | ||||
| const VERSION = "2021.8.4" | ||||
| const VERSION = "2021.8.5" | ||||
|  | ||||
| @ -107,8 +107,24 @@ func (a *APIController) Start() error { | ||||
| 	return nil | ||||
| } | ||||
|  | ||||
| func (a *APIController) OnRefresh() error { | ||||
| 	// Because we don't know the outpost UUID, we simply do a list and pick the first | ||||
| 	// The service account this token belongs to should only have access to a single outpost | ||||
| 	outposts, _, err := a.Client.OutpostsApi.OutpostsInstancesList(context.Background()).Execute() | ||||
|  | ||||
| 	if err != nil { | ||||
| 		log.WithError(err).Error("Failed to fetch outpost configuration") | ||||
| 		return err | ||||
| 	} | ||||
| 	outpost := outposts.Results[0] | ||||
| 	doGlobalSetup(outpost.Config) | ||||
|  | ||||
| 	log.WithField("name", outpost.Name).Debug("Fetched outpost configuration") | ||||
| 	return a.Server.Refresh() | ||||
| } | ||||
|  | ||||
| func (a *APIController) StartBackgorundTasks() error { | ||||
| 	err := a.Server.Refresh() | ||||
| 	err := a.OnRefresh() | ||||
| 	if err != nil { | ||||
| 		return errors.Wrap(err, "failed to run initial refresh") | ||||
| 	} | ||||
|  | ||||
| @ -82,7 +82,7 @@ func (ac *APIController) startWSHandler() { | ||||
| 		if wsMsg.Instruction == WebsocketInstructionTriggerUpdate { | ||||
| 			time.Sleep(ac.reloadOffset) | ||||
| 			logger.Debug("Got update trigger...") | ||||
| 			err := ac.Server.Refresh() | ||||
| 			err := ac.OnRefresh() | ||||
| 			if err != nil { | ||||
| 				logger.WithError(err).Debug("Failed to update") | ||||
| 			} | ||||
| @ -118,7 +118,7 @@ func (ac *APIController) startIntervalUpdater() { | ||||
| 	logger := ac.logger.WithField("loop", "interval-updater") | ||||
| 	ticker := time.NewTicker(5 * time.Minute) | ||||
| 	for ; true; <-ticker.C { | ||||
| 		err := ac.Server.Refresh() | ||||
| 		err := ac.OnRefresh() | ||||
| 		if err != nil { | ||||
| 			logger.WithError(err).Debug("Failed to update") | ||||
| 		} | ||||
|  | ||||
| @ -14,9 +14,12 @@ function check_if_root { | ||||
|         # Get group ID of the docker socket, so we can create a matching group and | ||||
|         # add ourselves to it | ||||
|         DOCKER_GID=$(stat -c '%g' $SOCKET) | ||||
|         # Ensure group for the id exists | ||||
|         getent group $DOCKER_GID || groupadd -f -g $DOCKER_GID docker | ||||
|         usermod -a -G $DOCKER_GID authentik | ||||
|         GROUP="authentik:docker" | ||||
|         # since the name of the group might not be docker, we need to lookup the group id | ||||
|         GROUP_NAME=$(getent group $DOCKER_GID  | sed 's/:/\n/g' | head -1) | ||||
|         GROUP="authentik:${GROUP_NAME}" | ||||
|     fi | ||||
|     # Fix permissions of backups and media | ||||
|     chown -R authentik:authentik /media /backups | ||||
|  | ||||
| @ -1,7 +1,7 @@ | ||||
| openapi: 3.0.3 | ||||
| info: | ||||
|   title: authentik | ||||
|   version: 2021.8.4 | ||||
|   version: 2021.8.5 | ||||
|   description: Making authentication simple. | ||||
|   contact: | ||||
|     email: hello@beryju.org | ||||
|  | ||||
| @ -14,6 +14,9 @@ export function configureSentry(canDoPpi: boolean = false): Promise<Config> { | ||||
|         if (config.errorReportingEnabled) { | ||||
|             Sentry.init({ | ||||
|                 dsn: "https://a579bb09306d4f8b8d8847c052d3a1d3@sentry.beryju.org/8", | ||||
|                 ignoreErrors: [ | ||||
|                     /network/i, | ||||
|                 ], | ||||
|                 release: `authentik@${VERSION}`, | ||||
|                 tunnel: "/api/v3/sentry/", | ||||
|                 integrations: [ | ||||
|  | ||||
| @ -3,7 +3,7 @@ export const SUCCESS_CLASS = "pf-m-success"; | ||||
| export const ERROR_CLASS = "pf-m-danger"; | ||||
| export const PROGRESS_CLASS = "pf-m-in-progress"; | ||||
| export const CURRENT_CLASS = "pf-m-current"; | ||||
| export const VERSION = "2021.8.4"; | ||||
| export const VERSION = "2021.8.5"; | ||||
| export const PAGE_SIZE = 20; | ||||
| export const TITLE_DEFAULT = "authentik"; | ||||
| export const ROUTE_SEPARATOR = ";"; | ||||
|  | ||||
| @ -12,9 +12,9 @@ This installation method is for test-setups and small-scale productive setups. | ||||
|  | ||||
| ## Preparation | ||||
|  | ||||
| Download the latest `docker-compose.yml` from [here](https://raw.githubusercontent.com/goauthentik/authentik/version/2021.8.4/docker-compose.yml). Place it in a directory of your choice. | ||||
| Download the latest `docker-compose.yml` from [here](https://raw.githubusercontent.com/goauthentik/authentik/version/2021.8.5/docker-compose.yml). Place it in a directory of your choice. | ||||
|  | ||||
| To optionally deploy a different version run `echo AUTHENTIK_TAG=2021.8.4 >> .env` | ||||
| To optionally deploy a different version run `echo AUTHENTIK_TAG=2021.8.5 >> .env` | ||||
|  | ||||
| If this is a fresh authentik install run the following commands to generate a password: | ||||
|  | ||||
|  | ||||
| @ -11,7 +11,7 @@ version: "3.5" | ||||
|  | ||||
| services: | ||||
|   authentik_proxy: | ||||
|     image: ghcr.io/goauthentik/proxy:2021.8.4 | ||||
|     image: ghcr.io/goauthentik/proxy:2021.8.5 | ||||
|     ports: | ||||
|       - 4180:4180 | ||||
|       - 4443:4443 | ||||
| @ -21,7 +21,7 @@ services: | ||||
|       AUTHENTIK_TOKEN: token-generated-by-authentik | ||||
|   # Or, for the LDAP Outpost | ||||
|   authentik_proxy: | ||||
|     image: ghcr.io/goauthentik/ldap:2021.8.4 | ||||
|     image: ghcr.io/goauthentik/ldap:2021.8.5 | ||||
|     ports: | ||||
|       - 389:3389 | ||||
|     environment: | ||||
|  | ||||
| @ -14,7 +14,7 @@ metadata: | ||||
|     app.kubernetes.io/instance: __OUTPOST_NAME__ | ||||
|     app.kubernetes.io/managed-by: goauthentik.io | ||||
|     app.kubernetes.io/name: authentik-proxy | ||||
|     app.kubernetes.io/version: 2021.8.4 | ||||
|     app.kubernetes.io/version: 2021.8.5 | ||||
|   name: authentik-outpost-api | ||||
| stringData: | ||||
|   authentik_host: "__AUTHENTIK_URL__" | ||||
| @ -29,7 +29,7 @@ metadata: | ||||
|     app.kubernetes.io/instance: __OUTPOST_NAME__ | ||||
|     app.kubernetes.io/managed-by: goauthentik.io | ||||
|     app.kubernetes.io/name: authentik-proxy | ||||
|     app.kubernetes.io/version: 2021.8.4 | ||||
|     app.kubernetes.io/version: 2021.8.5 | ||||
|   name: authentik-outpost | ||||
| spec: | ||||
|   ports: | ||||
| @ -54,7 +54,7 @@ metadata: | ||||
|     app.kubernetes.io/instance: __OUTPOST_NAME__ | ||||
|     app.kubernetes.io/managed-by: goauthentik.io | ||||
|     app.kubernetes.io/name: authentik-proxy | ||||
|     app.kubernetes.io/version: 2021.8.4 | ||||
|     app.kubernetes.io/version: 2021.8.5 | ||||
|   name: authentik-outpost | ||||
| spec: | ||||
|   selector: | ||||
| @ -62,14 +62,14 @@ spec: | ||||
|       app.kubernetes.io/instance: __OUTPOST_NAME__ | ||||
|       app.kubernetes.io/managed-by: goauthentik.io | ||||
|       app.kubernetes.io/name: authentik-proxy | ||||
|       app.kubernetes.io/version: 2021.8.4 | ||||
|       app.kubernetes.io/version: 2021.8.5 | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app.kubernetes.io/instance: __OUTPOST_NAME__ | ||||
|         app.kubernetes.io/managed-by: goauthentik.io | ||||
|         app.kubernetes.io/name: authentik-proxy | ||||
|         app.kubernetes.io/version: 2021.8.4 | ||||
|         app.kubernetes.io/version: 2021.8.5 | ||||
|     spec: | ||||
|       containers: | ||||
|         - env: | ||||
| @ -88,7 +88,7 @@ spec: | ||||
|               secretKeyRef: | ||||
|                 key: authentik_host_insecure | ||||
|                 name: authentik-outpost-api | ||||
|         image: ghcr.io/goauthentik/proxy:2021.8.4 | ||||
|         image: ghcr.io/goauthentik/proxy:2021.8.5 | ||||
|         name: proxy | ||||
|         ports: | ||||
|           - containerPort: 4180 | ||||
| @ -110,7 +110,7 @@ metadata: | ||||
|     app.kubernetes.io/instance: __OUTPOST_NAME__ | ||||
|     app.kubernetes.io/managed-by: goauthentik.io | ||||
|     app.kubernetes.io/name: authentik-proxy | ||||
|     app.kubernetes.io/version: 2021.8.4 | ||||
|     app.kubernetes.io/version: 2021.8.5 | ||||
|   name: authentik-outpost | ||||
| spec: | ||||
|   rules: | ||||
|  | ||||
		Reference in New Issue
	
	Block a user
	