release: 2024.4.1

website/docs: update release notes for 2024.4.1 again (cherry-pick #9471 ) (#9472 )
website/docs: update release notes for 2024.4.1 again (#9471) Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens L <jens@goauthentik.io>
2024-04-26 17:39:46 +02:00 · 2024-04-26 17:39:25 +02:00 · 2024-04-26 17:19:30 +02:00 · 2024-04-26 17:02:41 +02:00 · 2024-04-26 17:02:26 +02:00 · 2024-04-26 14:39:44 +02:00
33 changed files with 12675 additions and 108 deletions
--- a/.bumpversion.cfg
+++ b/.bumpversion.cfg
@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 2024.2.3
+current_version = 2024.4.1
 tag = True
 commit = True
 parse = (?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)(?:-(?P<rc_t>[a-zA-Z-]+)(?P<rc_n>[1-9]\\d*))?
@ -21,6 +21,8 @@ optional_value = final
 [bumpversion:file:schema.yml]
 [bumpversion:file:blueprints/schema.json]
 [bumpversion:file:authentik/__init__.py]
 [bumpversion:file:internal/constants/constants.go]
--- a/.github/workflows/ci-web.yml
+++ b/.github/workflows/ci-web.yml
@ -34,6 +34,13 @@ jobs:
      - name: Eslint
        working-directory: ${{ matrix.project }}/
        run: npm run lint
  lint-lockfile:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - working-directory: web/
        run: |
          [ -z "$(jq -r '.packages | to_entries[] | select((.key | startswith("node_modules")) and (.value | has("resolved") | not)) | .key' < package-lock.json)" ]
  lint-build:
    runs-on: ubuntu-latest
    steps:
@ -95,6 +102,7 @@ jobs:
        run: npm run lit-analyse
  ci-web-mark:
    needs:
      - lint-lockfile
      - lint-eslint
      - lint-prettier
      - lint-lit-analyse
--- a/.github/workflows/ci-website.yml
+++ b/.github/workflows/ci-website.yml
@ -12,6 +12,13 @@ on:
      - version-*
 jobs:
  lint-lockfile:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - working-directory: website/
        run: |
          [ -z "$(jq -r '.packages | to_entries[] | select((.key | startswith("node_modules")) and (.value | has("resolved") | not)) | .key' < package-lock.json)" ]
  lint-prettier:
    runs-on: ubuntu-latest
    steps:
@ -62,6 +69,7 @@ jobs:
        run: npm run ${{ matrix.job }}
  ci-website-mark:
    needs:
      - lint-lockfile
      - lint-prettier
      - test
      - build
--- a/authentik/init.py
+++ b/authentik/init.py
@ -2,7 +2,7 @@
 from os import environ
-__version__ = "2024.2.3"
+__version__ = "2024.4.1"
 ENV_GIT_HASH_KEY = "GIT_BUILD_HASH"
--- a/authentik/core/api/tokens.py
+++ b/authentik/core/api/tokens.py
@ -2,6 +2,7 @@
 from typing import Any
 from django.utils.timezone import now
 from django_filters.rest_framework import DjangoFilterBackend
 from drf_spectacular.utils import OpenApiResponse, extend_schema, inline_serializer
 from guardian.shortcuts import assign_perm, get_anonymous_user
@ -27,7 +28,6 @@ from authentik.core.models import (
    TokenIntents,
    User,
    default_token_duration,
    token_expires_from_timedelta,
 )
 from authentik.events.models import Event, EventAction
 from authentik.events.utils import model_to_dict
@ -68,15 +68,17 @@ class TokenSerializer(ManagedSerializer, ModelSerializer):
            max_token_lifetime_dt = default_token_duration()
            if max_token_lifetime is not None:
                try:
-                    max_token_lifetime_dt = timedelta_from_string(max_token_lifetime)
+                    max_token_lifetime_dt = now() + timedelta_from_string(max_token_lifetime)
                except ValueError:
-                    max_token_lifetime_dt = default_token_duration()
+                    pass
-            if "expires" in attrs and attrs.get("expires") > token_expires_from_timedelta(
+            if "expires" in attrs and attrs.get("expires") > max_token_lifetime_dt:
                max_token_lifetime_dt
            ):
                raise ValidationError(
-                    {"expires": f"Token expires exceeds maximum lifetime ({max_token_lifetime})."}
+                    {
                        "expires": (
                            f"Token expires exceeds maximum lifetime ({max_token_lifetime_dt} UTC)."
                        )
                    }
                )
        elif attrs.get("intent") == TokenIntents.INTENT_API:
            # For API tokens, expires cannot be overridden
--- a/authentik/core/models.py
+++ b/authentik/core/models.py
@ -1,6 +1,6 @@
 """authentik core models"""
-from datetime import datetime, timedelta
+from datetime import datetime
 from hashlib import sha256
 from typing import Any, Optional, Self
 from uuid import uuid4
@ -68,11 +68,6 @@ def default_token_duration() -> datetime:
    return now() + timedelta_from_string(token_duration)
 def token_expires_from_timedelta(dt: timedelta) -> datetime:
    """Return a `datetime.datetime` object with the duration of the Token"""
    return now() + dt
 def default_token_key() -> str:
    """Default token key"""
    current_tenant = get_current_tenant()
--- a/authentik/sources/oauth/tests/test_type_apple.py
+++ b/authentik/sources/oauth/tests/test_type_apple.py
@ -0,0 +1,37 @@
 """Apple Type tests"""
 from django.test import RequestFactory, TestCase
 from guardian.shortcuts import get_anonymous_user
 from authentik.lib.generators import generate_id
 from authentik.lib.tests.utils import dummy_get_response
 from authentik.root.middleware import SessionMiddleware
 from authentik.sources.oauth.models import OAuthSource
 from authentik.sources.oauth.types.registry import registry
 class TestTypeApple(TestCase):
    """OAuth Source tests"""
    def setUp(self):
        self.source = OAuthSource.objects.create(
            name="test",
            slug="test",
            provider_type="apple",
            authorization_url="",
            profile_url="",
            consumer_key=generate_id(),
        )
        self.factory = RequestFactory()
    def test_login_challenge(self):
        """Test login_challenge"""
        request = self.factory.get("/")
        request.user = get_anonymous_user()
        middleware = SessionMiddleware(dummy_get_response)
        middleware.process_request(request)
        request.session.save()
        oauth_type = registry.find_type("apple")
        challenge = oauth_type().login_challenge(self.source, request)
        self.assertTrue(challenge.is_valid(raise_exception=True))
--- a/authentik/sources/oauth/types/apple.py
+++ b/authentik/sources/oauth/types/apple.py
@ -125,7 +125,7 @@ class AppleType(SourceType):
        )
        args = apple_client.get_redirect_args()
        return AppleLoginChallenge(
-            instance={
+            data={
                "client_id": apple_client.get_client_id(),
                "scope": "name email",
                "redirect_uri": args["redirect_uri"],
--- a/authentik/sources/plex/models.py
+++ b/authentik/sources/plex/models.py
@ -66,7 +66,7 @@ class PlexSource(Source):
            icon = static("authentik/sources/plex.svg")
        return UILoginButton(
            challenge=PlexAuthenticationChallenge(
-                {
+                data={
                    "type": ChallengeTypes.NATIVE.value,
                    "component": "ak-source-plex",
                    "client_id": self.client_id,
--- a/authentik/sources/plex/tests.py
+++ b/authentik/sources/plex/tests.py
@ -40,6 +40,11 @@ class TestPlexSource(TestCase):
            slug="test",
        )
    def test_login_challenge(self):
        """Test login_challenge"""
        ui_login_button = self.source.ui_login_button(None)
        self.assertTrue(ui_login_button.challenge.is_valid(raise_exception=True))
    def test_get_user_info(self):
        """Test get_user_info"""
        token = generate_key()
--- a/authentik/sources/scim/signals.py
+++ b/authentik/sources/scim/signals.py
@ -2,9 +2,11 @@ from django.db.models import Model
 from django.db.models.signals import pre_delete, pre_save
 from django.dispatch import receiver
-from authentik.core.models import Token, TokenIntents, User, UserTypes
+from authentik.core.models import USER_PATH_SYSTEM_PREFIX, Token, TokenIntents, User, UserTypes
 from authentik.sources.scim.models import SCIMSource
 USER_PATH_SOURCE_SCIM = USER_PATH_SYSTEM_PREFIX + "/sources/scim"
@receiver(pre_save, sender=SCIMSource)
 def scim_source_pre_save(sender: type[Model], instance: SCIMSource, **_):
@ -16,6 +18,7 @@ def scim_source_pre_save(sender: type[Model], instance: SCIMSource, **_):
        username=identifier,
        name=f"SCIM Source {instance.name} Service-Account",
        type=UserTypes.INTERNAL_SERVICE_ACCOUNT,
        path=USER_PATH_SOURCE_SCIM,
    )
    token = Token.objects.create(
        user=user,
--- a/authentik/tenants/models.py
+++ b/authentik/tenants/models.py
@ -23,7 +23,7 @@ LOGGER = get_logger()
 VALID_SCHEMA_NAME = re.compile(r"^t_[a-z0-9]{1,61}$")
-DEFAULT_TOKEN_DURATION = "minutes=30"  # nosec
+DEFAULT_TOKEN_DURATION = "days=1"  # nosec
 DEFAULT_TOKEN_LENGTH = 60
--- a/blueprints/schema.json
+++ b/blueprints/schema.json
@ -2,7 +2,7 @@
    "$schema": "http://json-schema.org/draft-07/schema",
    "$id": "https://goauthentik.io/blueprints/schema.json",
    "type": "object",
-    "title": "authentik 2024.2.3 Blueprint schema",
+    "title": "authentik 2024.4.1 Blueprint schema",
    "required": [
        "version",
        "entries"
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -32,7 +32,7 @@ services:
    volumes:
      - redis:/data
  server:
-    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.2.3}
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.4.1}
    restart: unless-stopped
    command: server
    environment:
@ -53,7 +53,7 @@ services:
      - postgresql
      - redis
  worker:
-    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.2.3}
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.4.1}
    restart: unless-stopped
    command: worker
    environment:
--- a/internal/constants/constants.go
+++ b/internal/constants/constants.go
@ -29,4 +29,4 @@ func UserAgent() string {
 	return fmt.Sprintf("authentik@%s", FullVersion())
 }
-const VERSION = "2024.2.3"
+const VERSION = "2024.4.1"
--- a/lifecycle/ak
+++ b/lifecycle/ak
@ -54,7 +54,7 @@ function cleanup {
 }
 function prepare_debug {
-    poetry install --no-ansi --no-interaction
+    VIRTUAL_ENV=/ak-root/venv poetry install --no-ansi --no-interaction
    touch /unittest.xml
    chown authentik:authentik /unittest.xml
 }
--- a/lifecycle/wait_for_db.py
+++ b/lifecycle/wait_for_db.py
@ -3,7 +3,6 @@
 import authentik. This is done by the dockerfile."""
 from sys import exit as sysexit
 from time import sleep
 from urllib.parse import quote_plus
 from psycopg import OperationalError, connect
 from redis import Redis
@ -35,7 +34,7 @@ def check_postgres():
 def check_redis():
-    url = redis_url(CONFIG.get("redis.db"))
+    url = CONFIG.get("cache.url") or redis_url(CONFIG.get("redis.db"))
    while True:
        try:
            redis = Redis.from_url(url)
@ -43,10 +42,7 @@ def check_redis():
            break
        except RedisError as exc:
            sleep(1)
-            sanitized_url = url.replace(quote_plus(CONFIG.get("redis.password")), "******")
+            CONFIG.log("info", f"Redis Connection failed, retrying... ({exc})")
            CONFIG.log(
                "info", f"Redis Connection failed, retrying... ({exc})", redis_url=sanitized_url
            )
    CONFIG.log("info", "Redis Connection successful")
--- a/pyproject.toml
+++ b/pyproject.toml
@ -1,6 +1,6 @@
 [tool.poetry]
 name = "authentik"
-version = "2024.2.3"
+version = "2024.4.1"
 description = ""
 authors = ["authentik Team <hello@goauthentik.io>"]
--- a/schema.yml
+++ b/schema.yml
@ -1,7 +1,7 @@
 openapi: 3.0.3
 info:
  title: authentik
-  version: 2024.2.3
+  version: 2024.4.1
  description: Making authentication simple.
  contact:
    email: hello@goauthentik.io
--- a/web/package-lock.json
+++ b/web/package-lock.json
--- a/web/src/admin/stages/identification/IdentificationStageForm.ts
+++ b/web/src/admin/stages/identification/IdentificationStageForm.ts
@ -214,21 +214,16 @@ export class IdentificationStageForm extends BaseStageForm<IdentificationStage>
                        name="sources"
                    >
                        <select class="pf-c-form-control" multiple>
-                            ${this.sources?.results.map((source) => {
+                            ${this.sources?.results
-                                let selected = Array.from(this.instance?.sources || []).some(
+                                .filter((source) => {
                                    return source.component !== "";
                                })
                                .map((source) => {
                                    const selected = Array.from(this.instance?.sources || []).some(
                                        (su) => {
                                            return su == source.pk;
                                        },
                                    );
                                // Creating a new instance, auto-select built-in source
                                // Only when no other sources exist
                                if (
                                    !this.instance &&
                                    source.component === "" &&
                                    (this.sources?.results || []).length < 2
                                ) {
                                    selected = true;
                                }
                                    return html`<option
                                        value=${ifDefined(source.pk)}
                                        ?selected=${selected}
--- a/web/src/admin/users/UserForm.ts
+++ b/web/src/admin/users/UserForm.ts
@ -128,6 +128,14 @@ export class UserForm extends ModelForm<User, number> {
                                "Service accounts should be used for machine-to-machine authentication or other automations.",
                            )}`,
                        },
                        {
                            label: "Internal Service account",
                            value: UserTypeEnum.InternalServiceAccount,
                            disabled: true,
                            description: html`${msg(
                                "Internal Service accounts are created and managed by authentik and cannot be created manually.",
                            )}`,
                        },
                    ]}
                    .value=${this.instance?.type}
                >
--- a/web/src/common/constants.ts
+++ b/web/src/common/constants.ts
@ -3,7 +3,7 @@ export const SUCCESS_CLASS = "pf-m-success";
 export const ERROR_CLASS = "pf-m-danger";
 export const PROGRESS_CLASS = "pf-m-in-progress";
 export const CURRENT_CLASS = "pf-m-current";
-export const VERSION = "2024.2.3";
+export const VERSION = "2024.4.1";
 export const TITLE_DEFAULT = "authentik";
 export const ROUTE_SEPARATOR = ";";
--- a/web/src/common/styles/theme-dark.css
+++ b/web/src/common/styles/theme-dark.css
@ -187,6 +187,9 @@ input[type="date"]::-webkit-calendar-picker-indicator {
 .pf-c-select__menu-item.pf-m-focus {
    --pf-c-select__menu-item--focus--BackgroundColor: var(--ak-dark-background-light-ish);
 }
 .pf-c-button:disabled {
    color: var(--ak-dark-background-lighter);
 }
 .pf-c-button.pf-m-plain:hover {
    color: var(--ak-dark-foreground);
 }
--- a/web/src/common/users.ts
+++ b/web/src/common/users.ts
@ -18,7 +18,7 @@ export function me(): Promise<SessionUser> {
                if (!user.user.settings || !("locale" in user.user.settings)) {
                    return user;
                }
-                const locale = user.user.settings.locale;
+                const locale: string | undefined = user.user.settings.locale;
                if (locale && locale !== "") {
                    console.debug(
                        `authentik/locale: Activating user's configured locale '${locale}'`,
--- a/web/src/common/utils.ts
+++ b/web/src/common/utils.ts
@ -111,6 +111,21 @@ export function dateTimeLocal(date: Date): string {
    return `${parts[0]}:${parts[1]}`;
 }
 export function dateToUTC(date: Date): Date {
    // Sigh...so our API is UTC/can take TZ info in the ISO format as it should.
    // datetime-local fields (which is almost the only date-time input we use)
    // can return its value as a UTC timestamp...however the generated API client
    // _requires_ a Date object, only to then convert it to an ISO string anyways
    // JS Dates don't include timezone info in the ISO string, so that just sends
    // the local time as UTC...which is wrong
    // Instead we have to do this, convert the given date to a UTC timestamp,
    // then subtract the timezone offset to create an "invalid" date (correct time&date)
    // but it still "thinks" it's in local TZ
    const timestamp = date.getTime();
    const offset = -1 * (new Date().getTimezoneOffset() * 60000);
    return new Date(timestamp - offset);
 }
 // Lit is extremely well-typed with regard to CSS, and Storybook's `build` does not currently have a
 // coherent way of importing CSS-as-text into CSSStyleSheet. It works well when Storybook is running
 // in `dev,` but in `build` it fails. Storied components will have to map their textual CSS imports
--- a/web/src/elements/Markdown.ts
+++ b/web/src/elements/Markdown.ts
@ -87,7 +87,7 @@ export class Markdown extends AKElement {
            const parsedContent = matter(this.md);
            const parsedHTML = this.converter.makeHtml(parsedContent.content);
            const replacers = [...this.defaultReplacers, ...this.replacers];
-            this.docTitle = parsedContent.data["title"] ?? "";
+            this.docTitle = parsedContent?.data?.title ?? "";
            this.docHtml = replacers.reduce(
                (html, replacer) => replacer(html, { path: this.meta }),
                parsedHTML,
--- a/web/src/elements/PageHeader.ts
+++ b/web/src/elements/PageHeader.ts
@ -13,7 +13,7 @@ import { WithBrandConfig } from "@goauthentik/elements/Interface/brandProvider";
 import "@patternfly/elements/pf-tooltip/pf-tooltip.js";
 import { msg } from "@lit/localize";
-import { CSSResult, PropertyValues, TemplateResult, css, html } from "lit";
+import { CSSResult, TemplateResult, css, html } from "lit";
 import { customElement, property } from "lit/decorators.js";
 import PFButton from "@patternfly/patternfly/components/Button/button.css";
@ -107,22 +107,24 @@ export class PageHeader extends WithBrandConfig(AKElement) {
        });
    }
-    setTitle(value: string) {
+    setTitle(header?: string) {
        const currentIf = currentInterface();
-        const title = this.brand?.brandingTitle || TITLE_DEFAULT;
+        let title = this.brand?.brandingTitle || TITLE_DEFAULT;
-        document.title =
+        if (currentIf === "admin") {
-            currentIf === "admin"
+            title = `${msg("Admin")} - ${title}`;
-                ? `${msg("Admin")} - ${title}`
+        }
-                : value !== ""
+        // Prepend the header to the title
-                  ? `${value} - ${title}`
+        if (header !== undefined && header !== "") {
-                  : title;
+            title = `${header} - ${title}`;
        }
        document.title = title;
    }
-    willUpdate(changedProperties: PropertyValues<this>) {
+    willUpdate() {
-        if (changedProperties.has("header") && this.header) {
+        // Always update title, even if there's no header value set,
        // as in that case we still need to return to the generic title
        this.setTitle(this.header);
    }
    }
    renderIcon(): TemplateResult {
        if (this.icon) {
--- a/web/src/elements/ak-locale-context/ak-locale-context.ts
+++ b/web/src/elements/ak-locale-context/ak-locale-context.ts
@ -2,7 +2,7 @@ import { EVENT_LOCALE_CHANGE, EVENT_LOCALE_REQUEST } from "@goauthentik/common/c
 import { customEvent } from "@goauthentik/elements/utils/customEvents";
 import { LitElement, html } from "lit";
-import { customElement, property, state } from "lit/decorators.js";
+import { customElement, property } from "lit/decorators.js";
 import { WithBrandConfig } from "../Interface/brandProvider";
 import { initializeLocalization } from "./configureLocale";
@ -38,9 +38,6 @@ export class LocaleContext extends LocaleContextBase {
    setLocale: LocaleSetter;
    @state()
    userLocale = "";
    constructor(code = DEFAULT_LOCALE) {
        super();
        this.notifyApplication = this.notifyApplication.bind(this);
@ -59,30 +56,22 @@ export class LocaleContext extends LocaleContextBase {
    connectedCallback() {
        super.connectedCallback();
        // Commenting out until we can come up with a better way of separating the
        // "request user identity" with the session expiration heartbeat.
        /*
            new CoreApi(DEFAULT_CONFIG)
                .coreUsersMeRetrieve()
                .then((user) => (this.userLocale = user?.user?.settings?.locale ?? ""))
                .catch(() => {});
        */
        this.updateLocale();
-        window.addEventListener(EVENT_LOCALE_REQUEST, this.updateLocaleHandler);
+        window.addEventListener(EVENT_LOCALE_REQUEST, this.updateLocaleHandler as EventListener);
    }
    disconnectedCallback() {
-        window.removeEventListener(EVENT_LOCALE_REQUEST, this.updateLocaleHandler);
+        window.removeEventListener(EVENT_LOCALE_REQUEST, this.updateLocaleHandler as EventListener);
        super.disconnectedCallback();
    }
-    updateLocaleHandler(_ev: Event) {
+    updateLocaleHandler(ev: CustomEvent<{ locale: string }>) {
        console.debug("authentik/locale: Locale update request received.");
-        this.updateLocale();
+        this.updateLocale(ev.detail.locale);
    }
-    updateLocale() {
+    updateLocale(requestedLocale: string | undefined = undefined) {
-        const localeRequest = autoDetectLanguage(this.userLocale, this.brand?.defaultLocale);
+        const localeRequest = autoDetectLanguage(requestedLocale, this.brand?.defaultLocale);
        const locale = getBestMatchLocale(localeRequest);
        if (!locale) {
            console.warn(`authentik/locale: failed to find locale for code ${localeRequest}`);
--- a/web/src/elements/forms/Form.ts
+++ b/web/src/elements/forms/Form.ts
@ -1,6 +1,6 @@
 import { EVENT_REFRESH } from "@goauthentik/common/constants";
 import { MessageLevel } from "@goauthentik/common/messages";
-import { camelToSnake, convertToSlug } from "@goauthentik/common/utils";
+import { camelToSnake, convertToSlug, dateToUTC } from "@goauthentik/common/utils";
 import { AKElement } from "@goauthentik/elements/Base";
 import { HorizontalFormElement } from "@goauthentik/elements/forms/HorizontalFormElement";
 import { SearchSelect } from "@goauthentik/elements/forms/SearchSelect";
@ -104,7 +104,7 @@ export function serializeForm<T extends KeyUnknown>(
            inputElement.tagName.toLowerCase() === "input" &&
            inputElement.type === "datetime-local"
        ) {
-            assignValue(inputElement, new Date(inputElement.valueAsNumber), json);
+            assignValue(inputElement, dateToUTC(new Date(inputElement.valueAsNumber)), json);
        } else if (
            inputElement.tagName.toLowerCase() === "input" &&
            "type" in inputElement.dataset &&
@ -112,7 +112,7 @@ export function serializeForm<T extends KeyUnknown>(
        ) {
            // Workaround for Firefox <93, since 92 and older don't support
            // datetime-local fields
-            assignValue(inputElement, new Date(inputElement.value), json);
+            assignValue(inputElement, dateToUTC(new Date(inputElement.value)), json);
        } else if (
            inputElement.tagName.toLowerCase() === "input" &&
            inputElement.type === "checkbox"
--- a/web/src/elements/forms/Radio.ts
+++ b/web/src/elements/forms/Radio.ts
@ -16,6 +16,7 @@ export interface RadioOption<T> {
    description?: TemplateResult;
    default?: boolean;
    value: T;
    disabled?: boolean;
 }
@customElement("ak-radio")
@ -77,6 +78,9 @@ export class Radio<T> extends CustomEmitterElement(AKElement) {
            // This is a controlled input. Stop the native event from escaping or affecting the
            // value.  We'll do that ourselves.
            ev.stopPropagation();
            if (option.disabled) {
                return;
            }
            this.value = option.value;
            this.dispatchCustomEvent("change", { value: option.value });
            this.dispatchCustomEvent("input", { value: option.value });
@ -93,6 +97,7 @@ export class Radio<T> extends CustomEmitterElement(AKElement) {
                name="${this.name}"
                id=${elId}
                .checked=${option.value === this.value}
                .disabled=${option.disabled}
            />
            <label class="pf-c-radio__label" for=${elId}>${option.label}</label>
            ${option.description
--- a/web/src/user/user-settings/tokens/UserTokenForm.ts
+++ b/web/src/user/user-settings/tokens/UserTokenForm.ts
@ -1,3 +1,4 @@
 import { dateTimeLocal } from "@goauthentik/authentik/common/utils";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import "@goauthentik/elements/forms/HorizontalFormElement";
 import { ModelForm } from "@goauthentik/elements/forms/ModelForm";
@ -44,11 +45,8 @@ export class UserTokenForm extends ModelForm<Token, string> {
    renderForm(): TemplateResult {
        const now = new Date();
        const expiringDate = this.instance?.expires
-            ? new Date(
+            ? new Date(this.instance.expires.getTime())
-                  this.instance.expires.getTime() -
+            : new Date(now.getTime() + 30 * 60000);
                      this.instance.expires.getTimezoneOffset() * 60000,
              )
            : new Date(now.getTime() + 30 * 60000 - now.getTimezoneOffset() * 60000);
        return html` <ak-form-element-horizontal
                label=${msg("Identifier")}
@ -73,8 +71,8 @@ export class UserTokenForm extends ModelForm<Token, string> {
                ? html`<ak-form-element-horizontal label=${msg("Expiring")} name="expires">
                      <input
                          type="datetime-local"
-                          value="${expiringDate.toISOString().slice(0, -8)}"
+                          value="${dateTimeLocal(expiringDate)}"
-                          min="${now.toISOString().slice(0, -8)}"
+                          min="${dateTimeLocal(now)}"
                          class="pf-c-form-control"
                      />
                  </ak-form-element-horizontal>`
--- a/website/docs/releases/2024/v2024.4.md
+++ b/website/docs/releases/2024/v2024.4.md
Author	SHA1	Message	Date
Jens Langhammer	ca70c963e5	release: 2024.4.1	2024-04-26 17:39:46 +02:00
gcp-cherry-pick-bot[bot]	4c89d4a4a4	website/docs: update release notes for 2024.4.1 again (cherry-pick #9471 ) (#9472 ) website/docs: update release notes for 2024.4.1 again (#9471) Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens L <jens@goauthentik.io>	2024-04-26 17:39:25 +02:00
gcp-cherry-pick-bot[bot]	8a47acac3a	sources/scim: fix service account user path (cherry-pick #9463 ) (#9470 ) sources/scim: fix service account user path (#9463) Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens L <jens@goauthentik.io>	2024-04-26 17:19:30 +02:00
gcp-cherry-pick-bot[bot]	4a3b22491c	web/admin: fix disabled button color with dark theme (cherry-pick #9465 ) (#9468 ) web/admin: fix disabled button color with dark theme (#9465) Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens L <jens@goauthentik.io>	2024-04-26 17:02:41 +02:00
gcp-cherry-pick-bot[bot]	f991d656c7	web/admin: show user internal service account as disabled (cherry-pick #9464 ) (#9467 ) web/admin: show user internal service account as disabled (#9464) Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens L <jens@goauthentik.io>	2024-04-26 17:02:26 +02:00
gcp-cherry-pick-bot[bot]	e86aa11131	website/docs: prepare 2024.4.1 (cherry-pick #9459 ) (#9461 ) website/docs: prepare 2024.4.1 (#9459) Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens L <jens@goauthentik.io>	2024-04-26 14:39:44 +02:00
gcp-cherry-pick-bot[bot]	03725ae086	lifecycle: always try custom redis URL (cherry-pick #9441 ) (#9458 ) lifecycle: always try custom redis URL (#9441) Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens L <jens@goauthentik.io>	2024-04-26 13:26:52 +02:00
gcp-cherry-pick-bot[bot]	f2a37e8c7c	web/common: fix locale detection for user-set locale (cherry-pick #9436 ) (#9439 ) web/common: fix locale detection for user-set locale (#9436) Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens L <jens@goauthentik.io>	2024-04-25 22:37:56 +02:00
gcp-cherry-pick-bot[bot]	e935690b1b	ci: fix ci pipeline (cherry-pick #9427 ) (#9429 ) ci: fix ci pipeline (#9427) Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens L <jens@goauthentik.io>	2024-04-25 16:06:12 +02:00
gcp-cherry-pick-bot[bot]	02709e4ede	core: fix logic for token expiration (cherry-pick #9426 ) (#9428 ) core: fix logic for token expiration (#9426) * core: fix logic for token expiration * bump default token expiration * fix frontend * fix --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens L <jens@goauthentik.io>	2024-04-25 16:05:30 +02:00
gcp-cherry-pick-bot[bot]	f78adab9d1	web: Add resolved and integrity fields back to package-lock.json (cherry-pick #9419 ) (#9421 ) web: Add resolved and integrity fields back to package-lock.json (#9419) * web: Fix missing resolved and integrity fields in package-lock.json * web,website: Add lockfile lint to CI Co-authored-by: Jan van Brügge <supermanitu@gmail.com>	2024-04-25 12:41:31 +02:00
gcp-cherry-pick-bot[bot]	61f3a72fd9	stages/identification: don't check source component (cherry-pick #9410 ) (#9420 ) stages/identification: don't check source component (#9410) * Do not include the built-in source in this check * Update authentik/stages/identification/stage.py --------- Signed-off-by: PythonCoderAS <13932583+PythonCoderAS@users.noreply.github.com> Signed-off-by: Jens L. <jens@beryju.org> Co-authored-by: PythonCoderAS <13932583+PythonCoderAS@users.noreply.github.com> Co-authored-by: Jens L <jens@beryju.org>	2024-04-25 11:55:49 +02:00
gcp-cherry-pick-bot[bot]	541becfe30	sources/oauth: ensure all UI sources return a valid source (cherry-pick #9401 ) (#9406 ) sources/oauth: ensure all UI sources return a valid source (#9401) * web/admin: prevent selection of inbuilt source in identification stage * fix apple source * also fix plex challenge --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens L <jens@goauthentik.io>	2024-04-24 23:00:24 +02:00
gcp-cherry-pick-bot[bot]	11ff7955f7	web: markdown: display markdown even when frontmatter is missing (cherry-pick #9404 ) (#9405 ) web: markdown: display markdown even when frontmatter is missing (#9404) * web: fix esbuild issue with style sheets Getting ESBuild, Lit, and Storybook to all agree on how to read and parse stylesheets is a serious pain. This fix better identifies the value types (instances) being passed from various sources in the repo to the three different kinds of style processors we're using (the native one, the polyfill one, and whatever the heck Storybook does internally). Falling back to using older CSS instantiating techniques one era at a time seems to do the trick. It's ugly, but in the face of the aggressive styling we use to avoid Flashes of Unstyled Content (FLoUC), it's the logic with which we're left. In standard mode, the following warning appears on the console when running a Flow: ``` Autofocus processing was blocked because a document already has a focused element. ``` In compatibility mode, the following error appears on the console when running a Flow: ``` crawler-inject.js:1106 Uncaught TypeError: Failed to execute 'observe' on 'MutationObserver': parameter 1 is not of type 'Node'. at initDomMutationObservers (crawler-inject.js:1106:18) at crawler-inject.js:1114:24 at Array.forEach (<anonymous>) at initDomMutationObservers (crawler-inject.js:1114:10) at crawler-inject.js:1549:1 initDomMutationObservers @ crawler-inject.js:1106 (anonymous) @ crawler-inject.js:1114 initDomMutationObservers @ crawler-inject.js:1114 (anonymous) @ crawler-inject.js:1549 ``` Despite this error, nothing seems to be broken and flows work as anticipated. * web: markdown: display markdown even when frontmatter is missing Make the check for the document title comprehensive across the entire demeter. If there is no front matter, `data` will be missing, not just `data.title`. Co-authored-by: Ken Sternberg <133134217+kensternberg-authentik@users.noreply.github.com>	2024-04-24 22:54:51 +02:00
Jens Langhammer	afa4234036	release: 2024.4.0	2024-04-24 17:42:10 +02:00
gcp-cherry-pick-bot[bot]	ca22a4deaf	website/docs: finalize 2024.4 release notes (cherry-pick #9396 ) (#9398 ) website/docs: finalize 2024.4 release notes (#9396) * website/docs: finalize 2024.4 release notes * escape curly braces manually --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens L <jens@goauthentik.io>	2024-04-24 17:41:29 +02:00
gcp-cherry-pick-bot[bot]	7b7a3d34ec	web/admin: fix document title for admin interface (cherry-pick #9362 ) (#9365 ) web/admin: fix document title for admin interface (#9362) Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens L <jens@goauthentik.io>	2024-04-20 23:05:23 +02:00
gcp-cherry-pick-bot[bot]	b1ca579397	website/docs: release notes 2024.4: add performance improvements values (cherry-pick #9356 ) (#9357 ) Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>	2024-04-19 16:53:15 +00:00
Jens Langhammer	c8072579c8	release: 2024.4.0-rc1	2024-04-19 16:05:20 +02:00
Jens Langhammer	378a701fb9	root: bump blueprint schema version Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2024-04-19 16:05:15 +02:00
Jens Langhammer	bba793d94c	lifecycle: fix ak test-all command Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2024-04-19 16:04:39 +02:00