web: Apply linter fixes. Update tests.

2025-04-02 19:03:29 +02:00
236 changed files with 1986 additions and 2387 deletions
--- a/web/scripts/eslint.nightmare.mjs
+++ b/web/scripts/eslint.nightmare.mjs
@ -13,6 +13,7 @@ const MAX_PARAMS = 5;
 // const MAX_COGNITIVE_COMPLEXITY = 9;
 const rules = {
    "no-param-reassign": "error",
    "accessor-pairs": "error",
    "array-callback-return": "error",
    "block-scoped-var": "error",
@ -84,7 +85,6 @@ const rules = {
    "no-obj-calls": "error",
    "no-octal": "error",
    "no-octal-escape": "error",
    "no-param-reassign": "error",
    "no-proto": "error",
    "no-redeclare": "error",
    "no-regex-spaces": "error",
@ -134,6 +134,7 @@ const rules = {
    //    "sonarjs/cognitive-complexity": ["off", MAX_COGNITIVE_COMPLEXITY],
    //    "sonarjs/no-duplicate-string": "off",
    //    "sonarjs/no-nested-template-literals": "off",
    " @typescript-eslint/no-namespace": "off",
    "@typescript-eslint/ban-ts-comment": "off",
    "@typescript-eslint/no-unused-vars": [
        "error",
--- a/web/scripts/eslint.precommit.mjs
+++ b/web/scripts/eslint.precommit.mjs
@ -48,6 +48,7 @@ export default [
            //    "sonarjs/no-duplicate-string": "off",
            //    "sonarjs/no-nested-template-literals": "off",
            "@typescript-eslint/ban-ts-comment": "off",
            "@typescript-eslint/no-unused-vars": [
                "error",
                {
--- a/web/src/admin/AdminInterface/AboutModal.ts
+++ b/web/src/admin/AdminInterface/AboutModal.ts
@ -19,7 +19,7 @@ import { AdminApi, CapabilitiesEnum, LicenseSummaryStatusEnum } from "@goauthent
@customElement("ak-about-modal")
 export class AboutModal extends WithLicenseSummary(WithBrandConfig(ModalButton)) {
    static get styles() {
-        return super.styles.concat(
+        return ModalButton.styles.concat(
            PFAbout,
            css`
                .pf-c-about-modal-box__hero {
@ -59,7 +59,7 @@ export class AboutModal extends WithLicenseSummary(WithBrandConfig(ModalButton))
    renderModal() {
        let product = globalAK().brand.brandingTitle || DefaultBrand.brandingTitle;
-        if (this.licenseSummary.status != LicenseSummaryStatusEnum.Unlicensed) {
+        if (this.licenseSummary.status !== LicenseSummaryStatusEnum.Unlicensed) {
            product += ` ${msg("Enterprise")}`;
        }
        return html`<div
--- a/web/src/admin/AdminInterface/AdminInterface.ts
+++ b/web/src/admin/AdminInterface/AdminInterface.ts
@ -16,8 +16,8 @@ import "@goauthentik/elements/messages/MessageContainer";
 import "@goauthentik/elements/messages/MessageContainer";
 import "@goauthentik/elements/notifications/APIDrawer";
 import "@goauthentik/elements/notifications/NotificationDrawer";
 import { getURLParam, updateURLParams } from "@goauthentik/elements/router/RouteMatch";
 import "@goauthentik/elements/router/RouterOutlet";
 import { getRouteParameter, patchRouteParams } from "@goauthentik/elements/router/utils";
 import "@goauthentik/elements/sidebar/Sidebar";
 import "@goauthentik/elements/sidebar/SidebarItem";
@ -37,10 +37,10 @@ import "./AdminSidebar";
@customElement("ak-interface-admin")
 export class AdminInterface extends AuthenticatedInterface {
    @property({ type: Boolean })
-    notificationDrawerOpen = getRouteParameter("notificationDrawerOpen", false);
+    notificationDrawerOpen = getURLParam("notificationDrawerOpen", false);
    @property({ type: Boolean })
-    apiDrawerOpen = getRouteParameter("apiDrawerOpen", false);
+    apiDrawerOpen = getURLParam("apiDrawerOpen", false);
    ws: WebsocketClient;
@ -93,14 +93,14 @@ export class AdminInterface extends AuthenticatedInterface {
        window.addEventListener(EVENT_NOTIFICATION_DRAWER_TOGGLE, () => {
            this.notificationDrawerOpen = !this.notificationDrawerOpen;
-            patchRouteParams({
+            updateURLParams({
                notificationDrawerOpen: this.notificationDrawerOpen,
            });
        });
        window.addEventListener(EVENT_API_DRAWER_TOGGLE, () => {
            this.apiDrawerOpen = !this.apiDrawerOpen;
-            patchRouteParams({
+            updateURLParams({
                apiDrawerOpen: this.apiDrawerOpen,
            });
        });
@ -123,7 +123,7 @@ export class AdminInterface extends AuthenticatedInterface {
        super.connectedCallback();
        if (process.env.NODE_ENV === "development" && process.env.WATCHER_URL) {
-            const { ESBuildObserver } = await import("src/development/build-observer");
+            const { ESBuildObserver } = await import("@goauthentik/common/client");
            new ESBuildObserver(process.env.WATCHER_URL);
        }
@ -158,7 +158,7 @@ export class AdminInterface extends AuthenticatedInterface {
                                            class="pf-c-page__main"
                                            tabindex="-1"
                                            id="main-content"
-                                            defaultURL="/administration/overview"
+                                            defaultUrl="/administration/overview"
                                            .routes=${ROUTES}
                                        >
                                        </ak-router-outlet>
--- a/web/src/admin/AdminInterface/AdminSidebar.ts
+++ b/web/src/admin/AdminInterface/AdminSidebar.ts
@ -6,7 +6,7 @@ import {
    WithCapabilitiesConfig,
 } from "@goauthentik/elements/Interface/capabilitiesProvider";
 import { WithVersion } from "@goauthentik/elements/Interface/versionProvider";
-import { ID_PATTERN, SLUG_PATTERN, UUID_PATTERN } from "@goauthentik/elements/router";
+import { ID_REGEX, SLUG_REGEX, UUID_REGEX } from "@goauthentik/elements/router/Route";
 import { getRootStyle } from "@goauthentik/elements/utils/getRootStyle";
 import { spread } from "@open-wc/lit-helpers";
@ -95,127 +95,62 @@ export class AkAdminSidebar extends WithCapabilitiesConfig(WithVersion(AKElement
    }
    renderSidebarItems(): TemplateResult {
        // The second attribute type is of string[] to help with the 'activeWhen' control, which was
        // commonplace and singular enough to merit its own handler.
        type SidebarEntry = [
-            /**
+            path: string | null,
             * The pathname to match against. If null, this is a parent item.
             */
            pathname: string | null,
            /**
             * The label to display in the sidebar.
             */
            label: string,
-            /**
+            attributes?: Record<string, any> | string[] | null, // eslint-disable-line
             * The attributes to apply to the sidebar item. This is a map of attribute name to value.
             *
             * The second attribute type is of string[] to help with the 'activeWhen' control,
             * which was commonplace and singular enough to merit its own handler.
             */
            attributes?: Record<string, unknown> | string[] | null,
            /**
             * The children of this sidebar item. This is a recursive structure.
             */
            children?: SidebarEntry[],
        ];
        // prettier-ignore
        const sidebarContent: SidebarEntry[] = [
-            // ---
+            [null, msg("Dashboards"), { "?expanded": true }, [
-            [
+                ["/administration/overview", msg("Overview")],
-                null,
+                ["/administration/dashboard/users", msg("User Statistics")],
-                msg("Dashboards"),
+                ["/administration/system-tasks", msg("System Tasks")]]],
-                { "?expanded": true },
+            [null, msg("Applications"), null, [
-                [
+                ["/core/applications", msg("Applications"), [`^/core/applications/(?<slug>${SLUG_REGEX})$`]],
-                    ["/administration/overview", msg("Overview")],
+                ["/core/providers", msg("Providers"), [`^/core/providers/(?<id>${ID_REGEX})$`]],
-                    ["/administration/dashboard/users", msg("User Statistics")],
+                ["/outpost/outposts", msg("Outposts")]]],
-                    ["/administration/system-tasks", msg("System Tasks")],
+            [null, msg("Events"), null, [
-                ],
+                ["/events/log", msg("Logs"), [`^/events/log/(?<id>${UUID_REGEX})$`]],
-            ],
+                ["/events/rules", msg("Notification Rules")],
-            [
+                ["/events/transports", msg("Notification Transports")]]],
-                null,
+            [null, msg("Customization"), null, [
-                msg("Applications"),
+                ["/policy/policies", msg("Policies")],
-                null,
+                ["/core/property-mappings", msg("Property Mappings")],
-                [
+                ["/blueprints/instances", msg("Blueprints")],
-                    [
+                ["/policy/reputation", msg("Reputation scores")]]],
-                        "/core/applications",
+            [null, msg("Flows and Stages"), null, [
-                        msg("Applications"),
+                ["/flow/flows", msg("Flows"), [`^/flow/flows/(?<slug>${SLUG_REGEX})$`]],
-                        [`/core/applications/:slug(${SLUG_PATTERN})`],
+                ["/flow/stages", msg("Stages")],
-                    ],
+                ["/flow/stages/prompts", msg("Prompts")]]],
-                    ["/core/providers", msg("Providers"), [`/core/providers/:id(${ID_PATTERN})`]],
+            [null, msg("Directory"), null, [
-                    ["/outpost/outposts", msg("Outposts")],
+                ["/identity/users", msg("Users"), [`^/identity/users/(?<id>${ID_REGEX})$`]],
-                ],
+                ["/identity/groups", msg("Groups"), [`^/identity/groups/(?<id>${UUID_REGEX})$`]],
-            ],
+                ["/identity/roles", msg("Roles"), [`^/identity/roles/(?<id>${UUID_REGEX})$`]],
-            [
+                ["/core/sources", msg("Federation and Social login"), [`^/core/sources/(?<slug>${SLUG_REGEX})$`]],
-                null,
+                ["/core/tokens", msg("Tokens and App passwords")],
-                msg("Events"),
+                ["/flow/stages/invitations", msg("Invitations")]]],
-                null,
+            [null, msg("System"), null, [
-                [
+                ["/core/brands", msg("Brands")],
-                    ["/events/log", msg("Logs"), [`/events/log/:id(${UUID_PATTERN})`]],
+                ["/crypto/certificates", msg("Certificates")],
-                    ["/events/rules", msg("Notification Rules")],
+                ["/outpost/integrations", msg("Outpost Integrations")],
-                    ["/events/transports", msg("Notification Transports")],
+                ["/admin/settings", msg("Settings")]]],
                ],
            ],
            [
                null,
                msg("Customization"),
                null,
                [
                    ["/policy/policies", msg("Policies")],
                    ["/core/property-mappings", msg("Property Mappings")],
                    ["/blueprints/instances", msg("Blueprints")],
                    ["/policy/reputation", msg("Reputation scores")],
                ],
            ],
            [
                null,
                msg("Flows and Stages"),
                null,
                [
                    ["/flow/flows", msg("Flows"), [`/flow/flows/:slug(${SLUG_PATTERN})`]],
                    ["/flow/stages", msg("Stages")],
                    ["/flow/stages/prompts", msg("Prompts")],
                ],
            ],
            [
                null,
                msg("Directory"),
                null,
                [
                    ["/identity/users", msg("Users"), [`/identity/users/:id(${ID_PATTERN})`]],
                    ["/identity/groups", msg("Groups"), [`/identity/groups/:id(${UUID_PATTERN})`]],
                    ["/identity/roles", msg("Roles"), [`/identity/roles/:id(${UUID_PATTERN})`]],
                    [
                        "/core/sources",
                        msg("Federation and Social login"),
                        [`/core/sources/:slug(${SLUG_PATTERN})`],
                    ],
                    ["/core/tokens", msg("Tokens and App passwords")],
                    ["/flow/stages/invitations", msg("Invitations")],
                ],
            ],
            [
                null,
                msg("System"),
                null,
                [
                    ["/core/brands", msg("Brands")],
                    ["/crypto/certificates", msg("Certificates")],
                    ["/outpost/integrations", msg("Outpost Integrations")],
                    ["/admin/settings", msg("Settings")],
                ],
            ],
        ];
        // Typescript requires the type here to correctly type the recursive path
        type SidebarRenderer = (_: SidebarEntry) => TemplateResult;
-        const renderOneSidebarItem: SidebarRenderer = ([pathname, label, attributes, children]) => {
+        const renderOneSidebarItem: SidebarRenderer = ([path, label, attributes, children]) => {
            const properties = Array.isArray(attributes)
                ? { ".activeWhen": attributes }
                : (attributes ?? {});
-
+            if (path) {
-            if (pathname) {
+                properties.path = path;
                properties.pathname = pathname;
            }
            return html`<ak-sidebar-item ${spread(properties)}>
                ${label ? html`<span slot="label">${label}</span>` : nothing}
                ${map(children, renderOneSidebarItem)}
--- a/web/src/admin/Routes.ts
+++ b/web/src/admin/Routes.ts
@ -1,210 +1,155 @@
 import "@goauthentik/admin/admin-overview/AdminOverviewPage";
-import { Route } from "@goauthentik/elements/router/Route";
+import { ID_REGEX, Route, SLUG_REGEX, UUID_REGEX } from "@goauthentik/elements/router/Route";
 import { ID_PATTERN, SLUG_PATTERN, UUID_PATTERN } from "@goauthentik/elements/router/constants";
 import { html } from "lit";
-interface IDParameters {
+export const ROUTES: Route[] = [
    id: string;
 }
 interface SlugParameters {
    slug: string;
 }
 interface UUIDParameters {
    uuid: string;
 }
 export const ROUTES = [
    // Prevent infinite Shell loops
-    Route.redirect("^/$", "/administration/overview"),
+    new Route(new RegExp("^/$")).redirect("/administration/overview"),
-    Route.redirect("^#.*", "/administration/overview"),
+    new Route(new RegExp("^#.*")).redirect("/administration/overview"),
-    Route.redirect("^/library$", "/if/user/", true),
+    new Route(new RegExp("^/library$")).redirect("/if/user/", true),
    // statically imported since this is the default route
-    new Route("/administration/overview", () => {
+    new Route(new RegExp("^/administration/overview$"), async () => {
        return html`<ak-admin-overview></ak-admin-overview>`;
    }),
-    new Route("/administration/dashboard/users", async () => {
+    new Route(new RegExp("^/administration/dashboard/users$"), async () => {
        await import("@goauthentik/admin/admin-overview/DashboardUserPage");
        return html`<ak-admin-dashboard-users></ak-admin-dashboard-users>`;
    }),
-    new Route("/administration/system-tasks", async () => {
+    new Route(new RegExp("^/administration/system-tasks$"), async () => {
        await import("@goauthentik/admin/system-tasks/SystemTaskListPage");
        return html`<ak-system-task-list></ak-system-task-list>`;
    }),
-    new Route("/core/providers", async () => {
+    new Route(new RegExp("^/core/providers$"), async () => {
        await import("@goauthentik/admin/providers/ProviderListPage");
        return html`<ak-provider-list></ak-provider-list>`;
    }),
-    new Route<IDParameters>(
+    new Route(new RegExp(`^/core/providers/(?<id>${ID_REGEX})$`), async (args) => {
-        new URLPattern({
+        await import("@goauthentik/admin/providers/ProviderViewPage");
-            pathname: `/core/providers/:id(${ID_PATTERN})`,
+        return html`<ak-provider-view .providerID=${parseInt(args.id, 10)}></ak-provider-view>`;
-        }),
+    }),
-        async (params) => {
+    new Route(new RegExp("^/core/applications$"), async () => {
            await import("@goauthentik/admin/providers/ProviderViewPage");
            return html`<ak-provider-view
                .providerID=${parseInt(params.id, 10)}
            ></ak-provider-view>`;
        },
    ),
    new Route("/core/applications", async () => {
        await import("@goauthentik/admin/applications/ApplicationListPage");
        return html`<ak-application-list></ak-application-list>`;
    }),
-    new Route(`/core/applications/:slug(${SLUG_PATTERN})`, async ({ slug }) => {
+    new Route(new RegExp(`^/core/applications/(?<slug>${SLUG_REGEX})$`), async (args) => {
        await import("@goauthentik/admin/applications/ApplicationViewPage");
-
+        return html`<ak-application-view .applicationSlug=${args.slug}></ak-application-view>`;
        return html`<ak-application-view .applicationSlug=${slug}></ak-application-view>`;
    }),
-    new Route("/core/sources", async () => {
+    new Route(new RegExp("^/core/sources$"), async () => {
        await import("@goauthentik/admin/sources/SourceListPage");
        return html`<ak-source-list></ak-source-list>`;
    }),
-    new Route(`/core/sources/:slug(${SLUG_PATTERN})`, async ({ slug }) => {
+    new Route(new RegExp(`^/core/sources/(?<slug>${SLUG_REGEX})$`), async (args) => {
        await import("@goauthentik/admin/sources/SourceViewPage");
-
+        return html`<ak-source-view .sourceSlug=${args.slug}></ak-source-view>`;
        return html`<ak-source-view .sourceSlug=${slug}></ak-source-view>`;
    }),
-    new Route("/core/property-mappings", async () => {
+    new Route(new RegExp("^/core/property-mappings$"), async () => {
        await import("@goauthentik/admin/property-mappings/PropertyMappingListPage");
        return html`<ak-property-mapping-list></ak-property-mapping-list>`;
    }),
-    new Route("/core/tokens", async () => {
+    new Route(new RegExp("^/core/tokens$"), async () => {
        await import("@goauthentik/admin/tokens/TokenListPage");
        return html`<ak-token-list></ak-token-list>`;
    }),
-    new Route("/core/brands", async () => {
+    new Route(new RegExp("^/core/brands"), async () => {
        await import("@goauthentik/admin/brands/BrandListPage");
        return html`<ak-brand-list></ak-brand-list>`;
    }),
-    new Route("/policy/policies", async () => {
+    new Route(new RegExp("^/policy/policies$"), async () => {
        await import("@goauthentik/admin/policies/PolicyListPage");
        return html`<ak-policy-list></ak-policy-list>`;
    }),
-    new Route("/policy/reputation", async () => {
+    new Route(new RegExp("^/policy/reputation$"), async () => {
        await import("@goauthentik/admin/policies/reputation/ReputationListPage");
        return html`<ak-policy-reputation-list></ak-policy-reputation-list>`;
    }),
-    new Route("/identity/groups", async () => {
+    new Route(new RegExp("^/identity/groups$"), async () => {
        await import("@goauthentik/admin/groups/GroupListPage");
        return html`<ak-group-list></ak-group-list>`;
    }),
-    new Route<UUIDParameters>(`/identity/groups/:uuid(${UUID_PATTERN})`, async ({ uuid }) => {
+    new Route(new RegExp(`^/identity/groups/(?<uuid>${UUID_REGEX})$`), async (args) => {
        await import("@goauthentik/admin/groups/GroupViewPage");
-
+        return html`<ak-group-view .groupId=${args.uuid}></ak-group-view>`;
        return html`<ak-group-view .groupId=${uuid}></ak-group-view>`;
    }),
-    new Route("/identity/users", async () => {
+    new Route(new RegExp("^/identity/users$"), async () => {
        await import("@goauthentik/admin/users/UserListPage");
        return html`<ak-user-list></ak-user-list>`;
    }),
-    new Route<IDParameters>(`/identity/users/:id(${ID_PATTERN})`, async ({ id }) => {
+    new Route(new RegExp(`^/identity/users/(?<id>${ID_REGEX})$`), async (args) => {
        await import("@goauthentik/admin/users/UserViewPage");
-
+        return html`<ak-user-view .userId=${parseInt(args.id, 10)}></ak-user-view>`;
        return html`<ak-user-view .userId=${parseInt(id, 10)}></ak-user-view>`;
    }),
-    new Route("/identity/roles", async () => {
+    new Route(new RegExp("^/identity/roles$"), async () => {
        await import("@goauthentik/admin/roles/RoleListPage");
        return html`<ak-role-list></ak-role-list>`;
    }),
-    new Route<IDParameters>(`/identity/roles/:id(${UUID_PATTERN})`, async ({ id }) => {
+    new Route(new RegExp(`^/identity/roles/(?<id>${UUID_REGEX})$`), async (args) => {
        await import("@goauthentik/admin/roles/RoleViewPage");
-
+        return html`<ak-role-view roleId=${args.id}></ak-role-view>`;
        return html`<ak-role-view roleId=${id}></ak-role-view>`;
    }),
-    new Route("/flow/stages/invitations", async () => {
+    new Route(new RegExp("^/flow/stages/invitations$"), async () => {
        await import("@goauthentik/admin/stages/invitation/InvitationListPage");
        return html`<ak-stage-invitation-list></ak-stage-invitation-list>`;
    }),
-    new Route("/flow/stages/prompts", async () => {
+    new Route(new RegExp("^/flow/stages/prompts$"), async () => {
        await import("@goauthentik/admin/stages/prompt/PromptListPage");
        return html`<ak-stage-prompt-list></ak-stage-prompt-list>`;
    }),
-    new Route("/flow/stages", async () => {
+    new Route(new RegExp("^/flow/stages$"), async () => {
        await import("@goauthentik/admin/stages/StageListPage");
        return html`<ak-stage-list></ak-stage-list>`;
    }),
-    new Route("/flow/flows", async () => {
+    new Route(new RegExp("^/flow/flows$"), async () => {
        await import("@goauthentik/admin/flows/FlowListPage");
        return html`<ak-flow-list></ak-flow-list>`;
    }),
-    new Route<SlugParameters>(`/flow/flows/:slug(${SLUG_PATTERN})`, async ({ slug }) => {
+    new Route(new RegExp(`^/flow/flows/(?<slug>${SLUG_REGEX})$`), async (args) => {
        await import("@goauthentik/admin/flows/FlowViewPage");
-
+        return html`<ak-flow-view .flowSlug=${args.slug}></ak-flow-view>`;
        return html`<ak-flow-view .flowSlug=${slug}></ak-flow-view>`;
    }),
-    new Route("/events/log", async () => {
+    new Route(new RegExp("^/events/log$"), async () => {
        await import("@goauthentik/admin/events/EventListPage");
        return html`<ak-event-list></ak-event-list>`;
    }),
-    new Route<IDParameters>(`/events/log/:id(${UUID_PATTERN})`, async ({ id }) => {
+    new Route(new RegExp(`^/events/log/(?<id>${UUID_REGEX})$`), async (args) => {
        await import("@goauthentik/admin/events/EventViewPage");
-
+        return html`<ak-event-view .eventID=${args.id}></ak-event-view>`;
        return html`<ak-event-view .eventID=${id}></ak-event-view>`;
    }),
-    new Route("/events/transports", async () => {
+    new Route(new RegExp("^/events/transports$"), async () => {
        await import("@goauthentik/admin/events/TransportListPage");
        return html`<ak-event-transport-list></ak-event-transport-list>`;
    }),
-    new Route("/events/rules", async () => {
+    new Route(new RegExp("^/events/rules$"), async () => {
        await import("@goauthentik/admin/events/RuleListPage");
        return html`<ak-event-rule-list></ak-event-rule-list>`;
    }),
-    new Route("/outpost/outposts", async () => {
+    new Route(new RegExp("^/outpost/outposts$"), async () => {
        await import("@goauthentik/admin/outposts/OutpostListPage");
        return html`<ak-outpost-list></ak-outpost-list>`;
    }),
-    new Route("/outpost/integrations", async () => {
+    new Route(new RegExp("^/outpost/integrations$"), async () => {
        await import("@goauthentik/admin/outposts/ServiceConnectionListPage");
        return html`<ak-outpost-service-connection-list></ak-outpost-service-connection-list>`;
    }),
-    new Route("/crypto/certificates", async () => {
+    new Route(new RegExp("^/crypto/certificates$"), async () => {
        await import("@goauthentik/admin/crypto/CertificateKeyPairListPage");
        return html`<ak-crypto-certificate-list></ak-crypto-certificate-list>`;
    }),
-    new Route("/admin/settings", async () => {
+    new Route(new RegExp("^/admin/settings$"), async () => {
        await import("@goauthentik/admin/admin-settings/AdminSettingsPage");
        return html`<ak-admin-settings></ak-admin-settings>`;
    }),
-    new Route("/blueprints/instances", async () => {
+    new Route(new RegExp("^/blueprints/instances$"), async () => {
        await import("@goauthentik/admin/blueprints/BlueprintListPage");
        return html`<ak-blueprint-list></ak-blueprint-list>`;
    }),
-    new Route("/debug", async () => {
+    new Route(new RegExp("^/debug$"), async () => {
        await import("@goauthentik/admin/DebugPage");
        return html`<ak-admin-debug-page></ak-admin-debug-page>`;
    }),
-    new Route("/enterprise/licenses", async () => {
+    new Route(new RegExp("^/enterprise/licenses$"), async () => {
        await import("@goauthentik/admin/enterprise/EnterpriseLicenseListPage");
        return html`<ak-enterprise-license-list></ak-enterprise-license-list>`;
    }),
-] satisfies Route<never>[];
+];
--- a/web/src/admin/admin-overview/AdminOverviewPage.ts
+++ b/web/src/admin/admin-overview/AdminOverviewPage.ts
@ -16,7 +16,7 @@ import "@goauthentik/elements/PageHeader";
 import "@goauthentik/elements/cards/AggregatePromiseCard";
 import "@goauthentik/elements/cards/QuickActionsCard.js";
 import type { QuickAction } from "@goauthentik/elements/cards/QuickActionsCard.js";
-import { formatRouteHash } from "@goauthentik/elements/router";
+import { paramURL } from "@goauthentik/elements/router/RouterOutlet";
 import { msg, str } from "@lit/localize";
 import { CSSResult, TemplateResult, css, html, nothing } from "lit";
@ -79,13 +79,10 @@ export class AdminOverviewPage extends AdminOverviewBase {
    }
    quickActions: QuickAction[] = [
-        [
+        [msg("Create a new application"), paramURL("/core/applications", { createForm: true })],
-            msg("Create a new application"),
+        [msg("Check the logs"), paramURL("/events/log")],
            formatRouteHash("/core/applications", { createForm: true }),
        ],
        [msg("Check the logs"), formatRouteHash("/events/log")],
        [msg("Explore integrations"), "https://goauthentik.io/integrations/", true],
-        [msg("Manage users"), formatRouteHash("/identity/users")],
+        [msg("Manage users"), paramURL("/identity/users")],
        [msg("Check the release notes"), `https://goauthentik.io/docs/releases/${RELEASE}`, true],
    ];
@ -198,13 +195,10 @@ export class AdminOverviewPage extends AdminOverviewBase {
        const release = `${versionFamily()}#fixed-in-${VERSION.replaceAll(".", "")}`;
        const quickActions: [string, string][] = [
-            [
+            [msg("Create a new application"), paramURL("/core/applications", { createForm: true })],
-                msg("Create a new application"),
+            [msg("Check the logs"), paramURL("/events/log")],
                formatRouteHash("/core/applications", { createForm: true }),
            ],
            [msg("Check the logs"), formatRouteHash("/events/log")],
            [msg("Explore integrations"), "https://goauthentik.io/integrations/"],
-            [msg("Manage users"), formatRouteHash("/identity/users")],
+            [msg("Manage users"), paramURL("/identity/users")],
            [msg("Check the release notes"), `https://goauthentik.io/docs/releases/${release}`],
        ];
--- a/web/src/admin/admin-overview/cards/SystemStatusCard.ts
+++ b/web/src/admin/admin-overview/cards/SystemStatusCard.ts
@ -46,7 +46,7 @@ export class SystemStatusCard extends AdminStatusCard<SystemInfo> {
            return;
        }
        const outpost = outposts.results[0];
-        outpost.config["authentik_host"] = window.location.origin;
+        outpost.config.authentik_host = window.location.origin;
        await new OutpostsApi(DEFAULT_CONFIG).outpostsInstancesUpdate({
            uuid: outpost.pk,
            outpostRequest: outpost,
--- a/web/src/admin/admin-overview/cards/WorkerStatusCard.ts
+++ b/web/src/admin/admin-overview/cards/WorkerStatusCard.ts
@ -28,16 +28,18 @@ export class WorkersStatusCard extends AdminStatusCard<Worker[]> {
                icon: "fa fa-times-circle pf-m-danger",
                message: html`${msg("No workers connected. Background tasks will not run.")}`,
            });
-        } else if (value.filter((w) => !w.versionMatching).length > 0) {
+        }
        if (value.filter((w) => !w.versionMatching).length > 0) {
            return Promise.resolve<AdminStatus>({
                icon: "fa fa-times-circle pf-m-danger",
                message: html`${msg("Worker with incorrect version connected.")}`,
            });
        } else {
            return Promise.resolve<AdminStatus>({
                icon: "fa fa-check-circle pf-m-success",
            });
        }
        return Promise.resolve<AdminStatus>({
            icon: "fa fa-check-circle pf-m-success",
        });
    }
    renderValue() {
--- a/web/src/admin/admin-overview/charts/SyncStatusChart.ts
+++ b/web/src/admin/admin-overview/charts/SyncStatusChart.ts
@ -127,7 +127,7 @@ export class SyncStatusChart extends AKChart<SummarizedSyncStatus[]> {
                msg("LDAP Source"),
            ),
        ];
-        this.centerText = statuses.reduce((total, el) => (total += el.total), 0).toString();
+        this.centerText = statuses.reduce((total, el) => total + el.total, 0).toString();
        return statuses;
    }
--- a/web/src/admin/admin-settings/stories/AdminSettingsFooterLinks.test.ts
+++ b/web/src/admin/admin-settings/stories/AdminSettingsFooterLinks.test.ts
@ -6,26 +6,26 @@ import { html } from "lit";
 import "../AdminSettingsFooterLinks.js";
 describe("ak-admin-settings-footer-link", () => {
-    afterEach(async () => {
+    afterEach(() => {
-        await browser.execute(async () => {
+        return browser.execute(() => {
-            await document.body.querySelector("ak-admin-settings-footer-link")?.remove();
+            document.body.querySelector("ak-admin-settings-footer-link")?.remove();
-            if (document.body["_$litPart$"]) {
+
-                // @ts-expect-error expression of type '"_$litPart$"' is added by Lit
+            if ("_$litPart$" in document.body) {
-                await delete document.body["_$litPart$"];
+                delete document.body._$litPart$;
            }
        });
    });
    it("should render an empty control", async () => {
        render(html`<ak-admin-settings-footer-link name="link"></ak-admin-settings-footer-link>`);
-        const link = await $("ak-admin-settings-footer-link");
+        const link = $("ak-admin-settings-footer-link");
        await expect(await link.getProperty("isValid")).toStrictEqual(false);
        await expect(await link.getProperty("toJson")).toEqual({ name: "", href: "" });
    });
    it("should not be valid if just a name is filled in", async () => {
        render(html`<ak-admin-settings-footer-link name="link"></ak-admin-settings-footer-link>`);
-        const link = await $("ak-admin-settings-footer-link");
+        const link = $("ak-admin-settings-footer-link");
        await link.$('input[name="name"]').setValue("foo");
        await expect(await link.getProperty("isValid")).toStrictEqual(false);
        await expect(await link.getProperty("toJson")).toEqual({ name: "foo", href: "" });
@ -33,7 +33,7 @@ describe("ak-admin-settings-footer-link", () => {
    it("should be valid if just a URL is filled in", async () => {
        render(html`<ak-admin-settings-footer-link name="link"></ak-admin-settings-footer-link>`);
-        const link = await $("ak-admin-settings-footer-link");
+        const link = $("ak-admin-settings-footer-link");
        await link.$('input[name="href"]').setValue("https://foo.com");
        await expect(await link.getProperty("isValid")).toStrictEqual(true);
        await expect(await link.getProperty("toJson")).toEqual({
@ -44,7 +44,7 @@ describe("ak-admin-settings-footer-link", () => {
    it("should be valid if both are filled in", async () => {
        render(html`<ak-admin-settings-footer-link name="link"></ak-admin-settings-footer-link>`);
-        const link = await $("ak-admin-settings-footer-link");
+        const link = $("ak-admin-settings-footer-link");
        await link.$('input[name="name"]').setValue("foo");
        await link.$('input[name="href"]').setValue("https://foo.com");
        await expect(await link.getProperty("isValid")).toStrictEqual(true);
@ -56,7 +56,7 @@ describe("ak-admin-settings-footer-link", () => {
    it("should not be valid if the URL is not valid", async () => {
        render(html`<ak-admin-settings-footer-link name="link"></ak-admin-settings-footer-link>`);
-        const link = await $("ak-admin-settings-footer-link");
+        const link = $("ak-admin-settings-footer-link");
        await link.$('input[name="name"]').setValue("foo");
        await link.$('input[name="href"]').setValue("never://foo.com");
        await expect(await link.getProperty("toJson")).toEqual({
--- a/web/src/admin/applications/ApplicationForm.ts
+++ b/web/src/admin/applications/ApplicationForm.ts
@ -79,7 +79,7 @@ export class ApplicationForm extends WithCapabilitiesConfig(ModelForm<Applicatio
            });
        }
        if (this.can(CapabilitiesEnum.CanSaveMedia)) {
-            const icon = this.getFormFiles()["metaIcon"];
+            const icon = this.getFormFiles().metaIcon;
            if (icon || this.clearIcon) {
                await new CoreApi(DEFAULT_CONFIG).coreApplicationsSetIconCreate({
                    slug: app.slug,
@ -117,7 +117,7 @@ export class ApplicationForm extends WithCapabilitiesConfig(ModelForm<Applicatio
        if (!(ev instanceof InputEvent) || !ev.target) {
            return;
        }
-        this.clearIcon = !!(ev.target as HTMLInputElement).checked;
+        this.clearIcon = Boolean((ev.target as HTMLInputElement).checked);
    }
    renderForm(): TemplateResult {
--- a/web/src/admin/applications/ApplicationListPage.ts
+++ b/web/src/admin/applications/ApplicationListPage.ts
@ -7,7 +7,7 @@ import "@goauthentik/elements/ak-mdx";
 import "@goauthentik/elements/buttons/SpinnerButton";
 import "@goauthentik/elements/forms/DeleteBulkForm";
 import "@goauthentik/elements/forms/ModalForm";
-import { getRouteParameter } from "@goauthentik/elements/router/utils";
+import { getURLParam } from "@goauthentik/elements/router/RouteMatch";
 import { PaginatedResponse } from "@goauthentik/elements/table/Table";
 import { TableColumn } from "@goauthentik/elements/table/Table";
 import { TablePage } from "@goauthentik/elements/table/TablePage";
@ -71,7 +71,7 @@ export class ApplicationListPage extends WithBrandConfig(TablePage<Application>)
    }
    static get styles(): CSSResult[] {
-        return super.styles.concat(PFCard, applicationListStyle);
+        return TablePage.styles.concat(PFCard, applicationListStyle);
    }
    columns(): TableColumn[] {
@ -156,7 +156,7 @@ export class ApplicationListPage extends WithBrandConfig(TablePage<Application>)
    }
    renderObjectCreate(): TemplateResult {
-        return html` <ak-application-wizard .open=${getRouteParameter("createWizard", false)}>
+        return html` <ak-application-wizard .open=${getURLParam("createWizard", false)}>
                <button
                    slot="trigger"
                    class="pf-c-button pf-m-primary"
@ -165,7 +165,7 @@ export class ApplicationListPage extends WithBrandConfig(TablePage<Application>)
                    ${msg("Create with Provider")}
                </button>
            </ak-application-wizard>
-            <ak-forms-modal .open=${getRouteParameter("createForm", false)}>
+            <ak-forms-modal .open=${getURLParam("createForm", false)}>
                <span slot="submit"> ${msg("Create")} </span>
                <span slot="header"> ${msg("Create Application")} </span>
                <ak-application-form slot="form"> </ak-application-form>
--- a/web/src/admin/applications/ApplicationWizardHint.ts
+++ b/web/src/admin/applications/ApplicationWizardHint.ts
@ -8,7 +8,7 @@ import "@goauthentik/components/ak-hint/ak-hint-body";
 import { AKElement } from "@goauthentik/elements/Base";
 import "@goauthentik/elements/Label";
 import "@goauthentik/elements/buttons/ActionButton/ak-action-button";
-import { getRouteParameter } from "@goauthentik/elements/router/utils";
+import { getURLParam } from "@goauthentik/elements/router/RouteMatch";
 import { msg } from "@lit/localize";
 import { css, html } from "lit";
@ -110,7 +110,7 @@ export class AkApplicationWizardHint extends AKElement implements ShowHintContro
                        the same time with our new Application Wizard.
                        <!-- <a href="(link to docs)">Learn more about the wizard here.</a> -->
                    </p>
-                    <ak-application-wizard .open=${getRouteParameter("createWizard", false)}>
+                    <ak-application-wizard .open=${getURLParam("createWizard", false)}>
                        <button
                            slot="trigger"
                            class="pf-c-button pf-m-primary"
--- a/web/src/admin/applications/entitlements/ApplicationEntitlementForm.ts
+++ b/web/src/admin/applications/entitlements/ApplicationEntitlementForm.ts
@ -6,7 +6,7 @@ import "@goauthentik/elements/forms/HorizontalFormElement";
 import { ModelForm } from "@goauthentik/elements/forms/ModelForm";
 import "@goauthentik/elements/forms/Radio";
 import "@goauthentik/elements/forms/SearchSelect";
-import YAML from "yaml";
+import * as YAML from "yaml";
 import { msg } from "@lit/localize";
 import { CSSResult } from "lit";
@ -31,9 +31,8 @@ export class ApplicationEntitlementForm extends ModelForm<ApplicationEntitlement
    getSuccessMessage(): string {
        if (this.instance?.pbmUuid) {
            return msg("Successfully updated entitlement.");
        } else {
            return msg("Successfully created entitlement.");
        }
        return msg("Successfully created entitlement.");
    }
    static get styles(): CSSResult[] {
@ -49,11 +48,10 @@ export class ApplicationEntitlementForm extends ModelForm<ApplicationEntitlement
                pbmUuid: this.instance.pbmUuid || "",
                applicationEntitlementRequest: data,
            });
        } else {
            return new CoreApi(DEFAULT_CONFIG).coreApplicationEntitlementsCreate({
                applicationEntitlementRequest: data,
            });
        }
        return new CoreApi(DEFAULT_CONFIG).coreApplicationEntitlementsCreate({
            applicationEntitlementRequest: data,
        });
    }
    renderForm(): TemplateResult {
--- a/web/src/admin/applications/wizard/steps/SubmitStepOverviewRenderers.ts
+++ b/web/src/admin/applications/wizard/steps/SubmitStepOverviewRenderers.ts
@ -15,7 +15,6 @@ import {
    ProviderModelEnum,
    ProxyMode,
    ProxyProvider,
    RACProvider,
    RadiusProvider,
    RedirectURI,
    SAMLProvider,
@ -51,9 +50,8 @@ function renderRadiusOverview(rawProvider: OneOfProvider) {
    ]);
 }
-function renderRACOverview(rawProvider: OneOfProvider) {
+function renderRACOverview(_rawProvider: OneOfProvider) {
-    // @ts-expect-error TS6133
+    // const _provider = rawProvider as RACProvider;
    const _provider = rawProvider as RACProvider;
 }
 function formatRedirectUris(uris: RedirectURI[] = []) {
--- a/web/src/admin/applications/wizard/steps/ak-application-wizard-application-step.ts
+++ b/web/src/admin/applications/wizard/steps/ak-application-wizard-application-step.ts
@ -1,16 +1,15 @@
 import { policyOptions } from "@goauthentik/admin/applications/PolicyOptions.js";
 import { ApplicationWizardStep } from "@goauthentik/admin/applications/wizard/ApplicationWizardStep.js";
 import "@goauthentik/admin/applications/wizard/ak-wizard-title.js";
 import { isSlug, isURLInput } from "@goauthentik/common/utils.js";
 import { camelToSnake } from "@goauthentik/common/utils.js";
 import "@goauthentik/components/ak-radio-input";
 import "@goauthentik/components/ak-slug-input";
 import "@goauthentik/components/ak-switch-input";
 import "@goauthentik/components/ak-text-input";
 import { type NavigableButton, type WizardButton } from "@goauthentik/components/ak-wizard/types";
 import { type KeyUnknown } from "@goauthentik/elements/forms/Form";
 import "@goauthentik/elements/forms/FormGroup";
 import "@goauthentik/elements/forms/HorizontalFormElement";
 import { isSlug } from "@goauthentik/elements/router";
 import { msg } from "@lit/localize";
 import { html } from "lit";
@ -21,13 +20,25 @@ import { type ApplicationRequest } from "@goauthentik/api";
 import { ApplicationWizardStateUpdate, ValidationRecord } from "../types";
-const autoTrim = (v: unknown) => (typeof v === "string" ? v.trim() : v);
+/**
 * Plucks the specified keys from an object, trimming their values if they are strings.
 *
 * @template T - The type of the input object.
 * @template K - The keys to be plucked from the input object.
 *
 * @param {T} input - The input object.
 * @param {Array<K>} keys - The keys to be plucked from the input object.
 */
 function trimMany<T extends object, K extends keyof T>(input: T, keys: Array<K>): Pick<T, K> {
    const result: Partial<T> = {};
-const trimMany = (o: KeyUnknown, vs: string[]) =>
+    for (const key of keys) {
-    Object.fromEntries(vs.map((v) => [v, autoTrim(o[v])]));
+        const value = input[key];
        result[key] = (typeof value === "string" ? value.trim() : value) as T[K];
    }
-// eslint-disable-next-line @typescript-eslint/no-explicit-any
+    return result as Pick<T, K>;
-const isStr = (v: any): v is string => typeof v === "string";
+}
@customElement("ak-application-wizard-application-step")
 export class ApplicationWizardApplicationStep extends ApplicationWizardStep {
@ -37,7 +48,7 @@ export class ApplicationWizardApplicationStep extends ApplicationWizardStep {
    errors = new Map<string, string>();
    @query("form#applicationform")
-    form!: HTMLFormElement;
+    declare form: HTMLFormElement;
    constructor() {
        super();
@ -54,27 +65,34 @@ export class ApplicationWizardApplicationStep extends ApplicationWizardStep {
    }
    get buttons(): WizardButton[] {
-        return [{ kind: "next", destination: "provider-choice" }, { kind: "cancel" }];
+        return [
            // ---
            { kind: "next", destination: "provider-choice" },
            { kind: "cancel" },
        ];
    }
    get valid() {
        this.errors = new Map();
        const values = trimMany(this.formValues ?? {}, ["metaLaunchUrl", "name", "slug"]);
-        if (values["name"] === "") {
+        const trimmed = trimMany((this.formValues || {}) as Partial<ApplicationRequest>, [
            "name",
            "slug",
            "metaLaunchUrl",
        ]);
        if (!trimmed.name) {
            this.errors.set("name", msg("An application name is required"));
        }
-        if (
+
-            !(
+        if (!isURLInput(trimmed.metaLaunchUrl)) {
                isStr(values["metaLaunchUrl"]) &&
                (values["metaLaunchUrl"] === "" || URL.canParse(values["metaLaunchUrl"]))
            )
        ) {
            this.errors.set("metaLaunchUrl", msg("Not a valid URL"));
        }
-        if (!(isStr(values["slug"]) && values["slug"] !== "" && isSlug(values["slug"]))) {
+
        if (!isSlug(trimmed.slug)) {
            this.errors.set("slug", msg("Not a valid slug"));
        }
        return this.errors.size === 0;
    }
@ -82,27 +100,39 @@ export class ApplicationWizardApplicationStep extends ApplicationWizardStep {
        if (button.kind === "next") {
            if (!this.valid) {
                this.handleEnabling({
-                    disabled: ["provider-choice", "provider", "bindings", "submit"],
+                    disabled: [
                        // ---
                        "provider-choice",
                        "provider",
                        "bindings",
                        "submit",
                    ],
                });
                return;
            }
            const app: Partial<ApplicationRequest> = this.formValues as Partial<ApplicationRequest>;
            let payload: ApplicationWizardStateUpdate = {
                app: this.formValues,
                errors: this.removeErrors("app"),
            };
            if (app.name && (this.wizard.provider?.name ?? "").trim() === "") {
                payload = {
                    ...payload,
                    provider: { name: `Provider for ${app.name}` },
                };
            }
            this.handleUpdate(payload, button.destination, {
                enable: "provider-choice",
            });
            return;
        }
        super.handleButton(button);
    }
@ -181,6 +211,7 @@ export class ApplicationWizardApplicationStep extends ApplicationWizardStep {
        if (!(this.wizard.app && this.wizard.errors)) {
            throw new Error("Application Step received uninitialized wizard context.");
        }
        return this.renderForm(
            this.wizard.app as ApplicationRequest,
            this.wizard.errors?.app ?? {},
--- a/web/src/admin/applications/wizard/steps/ak-application-wizard-edit-binding-step.ts
+++ b/web/src/admin/applications/wizard/steps/ak-application-wizard-edit-binding-step.ts
@ -45,7 +45,7 @@ export class ApplicationWizardEditBindingStep extends ApplicationWizardStep {
    hide = true;
    @query("form#bindingform")
-    form!: HTMLFormElement;
+    declare form: HTMLFormElement;
    @query(".policy-search-select")
    searchSelect!: SearchSelectBase<Policy> | SearchSelectBase<Group> | SearchSelectBase<User>;
--- a/web/src/admin/applications/wizard/steps/providers/ak-application-wizard-provider-for-saml.ts
+++ b/web/src/admin/applications/wizard/steps/providers/ak-application-wizard-provider-for-saml.ts
@ -22,7 +22,7 @@ export class ApplicationWizardProviderSamlForm extends ApplicationWizardProvider
        const setHasSigningKp = (ev: InputEvent) => {
            const target = ev.target as AkCryptoCertificateSearch;
            if (!target) return;
-            this.hasSigningKp = !!target.selectedKeypair;
+            this.hasSigningKp = Boolean(target.selectedKeypair);
        };
        return html` <ak-wizard-title>${this.label}</ak-wizard-title>
--- a/web/src/admin/blueprints/BlueprintForm.ts
+++ b/web/src/admin/blueprints/BlueprintForm.ts
@ -8,7 +8,7 @@ import "@goauthentik/elements/forms/FormGroup";
 import "@goauthentik/elements/forms/HorizontalFormElement";
 import { ModelForm } from "@goauthentik/elements/forms/ModelForm";
 import "@goauthentik/elements/forms/SearchSelect";
-import YAML from "yaml";
+import * as YAML from "yaml";
 import { msg } from "@lit/localize";
 import { CSSResult, TemplateResult, html } from "lit";
@ -59,11 +59,10 @@ export class BlueprintForm extends ModelForm<BlueprintInstance, string> {
                instanceUuid: this.instance.pk,
                blueprintInstanceRequest: data,
            });
        } else {
            return new ManagedApi(DEFAULT_CONFIG).managedBlueprintsCreate({
                blueprintInstanceRequest: data,
            });
        }
        return new ManagedApi(DEFAULT_CONFIG).managedBlueprintsCreate({
            blueprintInstanceRequest: data,
        });
    }
    renderForm(): TemplateResult {
--- a/web/src/admin/brands/BrandForm.ts
+++ b/web/src/admin/brands/BrandForm.ts
@ -9,7 +9,7 @@ import "@goauthentik/elements/forms/HorizontalFormElement";
 import { ModelForm } from "@goauthentik/elements/forms/ModelForm";
 import "@goauthentik/elements/forms/SearchSelect";
 import { DefaultBrand } from "@goauthentik/elements/sidebar/SidebarBrand";
-import YAML from "yaml";
+import * as YAML from "yaml";
 import { msg } from "@lit/localize";
 import { TemplateResult, html } from "lit";
@ -43,11 +43,10 @@ export class BrandForm extends ModelForm<Brand, string> {
                brandUuid: this.instance.brandUuid,
                brandRequest: data,
            });
        } else {
            return new CoreApi(DEFAULT_CONFIG).coreBrandsCreate({
                brandRequest: data,
            });
        }
        return new CoreApi(DEFAULT_CONFIG).coreBrandsCreate({
            brandRequest: data,
        });
    }
    renderForm(): TemplateResult {
--- a/web/src/admin/common/ak-crypto-certificate-search.ts
+++ b/web/src/admin/common/ak-crypto-certificate-search.ts
@ -107,7 +107,7 @@ export class AkCryptoCertificateSearch extends CustomListenerElement(AKElement)
    selected(item: CertificateKeyPair, items: CertificateKeyPair[]) {
        return (
            (this.singleton && !this.certificate && items.length === 1) ||
-            (!!this.certificate && this.certificate === item.pk)
+            (Boolean(this.certificate) && this.certificate === item.pk)
        );
    }
--- a/web/src/admin/common/stories/ak-crypto-certificate-search.stories.ts
+++ b/web/src/admin/common/stories/ak-crypto-certificate-search.stories.ts
@ -29,7 +29,7 @@ const metadata: Meta<AkCryptoCertificateSearch> = {
    argTypes: {
        // Typescript is unaware that arguments for components are treated as properties, and
        // properties are typically renamed to lower case, even if the variable is not.
-        // @ts-expect-error
+        // @ts-expect-error TODO: Explain.
        nokey: {
            control: "boolean",
            description:
@ -75,7 +75,7 @@ export const CryptoCertificateSearch = () => {
    // eslint-disable-next-line @typescript-eslint/no-explicit-any
    const showMessage = (ev: CustomEvent<any>) => {
        const detail = ev.detail;
-        delete detail["target"];
+        delete detail.target;
        document.getElementById("message-pad")!.innerText = `Event: ${JSON.stringify(
            detail,
            null,
--- a/web/src/admin/crypto/CertificateKeyPairForm.ts
+++ b/web/src/admin/crypto/CertificateKeyPairForm.ts
@ -30,11 +30,10 @@ export class CertificateKeyPairForm extends ModelForm<CertificateKeyPair, string
                kpUuid: this.instance.pk || "",
                patchedCertificateKeyPairRequest: data,
            });
        } else {
            return new CryptoApi(DEFAULT_CONFIG).cryptoCertificatekeypairsCreate({
                certificateKeyPairRequest: data as unknown as CertificateKeyPairRequest,
            });
        }
        return new CryptoApi(DEFAULT_CONFIG).cryptoCertificatekeypairsCreate({
            certificateKeyPairRequest: data as unknown as CertificateKeyPairRequest,
        });
    }
    renderForm(): TemplateResult {
--- a/web/src/admin/events/RuleForm.ts
+++ b/web/src/admin/events/RuleForm.ts
@ -51,11 +51,10 @@ export class RuleForm extends ModelForm<NotificationRule, string> {
                pbmUuid: this.instance.pk || "",
                notificationRuleRequest: data,
            });
        } else {
            return new EventsApi(DEFAULT_CONFIG).eventsRulesCreate({
                notificationRuleRequest: data,
            });
        }
        return new EventsApi(DEFAULT_CONFIG).eventsRulesCreate({
            notificationRuleRequest: data,
        });
    }
    renderForm(): TemplateResult {
--- a/web/src/admin/events/TransportForm.ts
+++ b/web/src/admin/events/TransportForm.ts
@ -47,11 +47,10 @@ export class TransportForm extends ModelForm<NotificationTransport, string> {
                uuid: this.instance.pk || "",
                notificationTransportRequest: data,
            });
        } else {
            return new EventsApi(DEFAULT_CONFIG).eventsTransportsCreate({
                notificationTransportRequest: data,
            });
        }
        return new EventsApi(DEFAULT_CONFIG).eventsTransportsCreate({
            notificationTransportRequest: data,
        });
    }
    onModeChange(mode: string | undefined): void {
--- a/web/src/admin/flows/FlowForm.ts
+++ b/web/src/admin/flows/FlowForm.ts
@ -58,7 +58,7 @@ export class FlowForm extends WithCapabilitiesConfig(ModelForm<Flow, string>) {
        }
        if (this.can(CapabilitiesEnum.CanSaveMedia)) {
-            const icon = this.getFormFiles()["background"];
+            const icon = this.getFormFiles().background;
            if (icon || this.clearBackground) {
                await new FlowsApi(DEFAULT_CONFIG).flowsInstancesSetBackgroundCreate({
                    slug: flow.slug,
--- a/web/src/admin/flows/FlowImportForm.ts
+++ b/web/src/admin/flows/FlowImportForm.ts
@ -27,7 +27,7 @@ export class FlowImportForm extends Form<Flow> {
    }
    async send(): Promise<FlowImportResult> {
-        const file = this.getFormFiles()["flow"];
+        const file = this.getFormFiles().flow;
        if (!file) {
            throw new SentryIgnoredError("No form data");
        }
--- a/web/src/admin/flows/FlowListPage.ts
+++ b/web/src/admin/flows/FlowListPage.ts
@ -1,7 +1,7 @@
 import "@goauthentik/admin/flows/FlowForm";
 import "@goauthentik/admin/flows/FlowImportForm";
-import { DesignationToLabel, formatFlowURL } from "@goauthentik/admin/flows/utils";
+import { DesignationToLabel } from "@goauthentik/admin/flows/utils";
-import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
+import { AndNext, DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import { groupBy } from "@goauthentik/common/utils";
 import "@goauthentik/elements/buttons/SpinnerButton";
 import "@goauthentik/elements/forms/ConfirmationForm";
@ -107,9 +107,10 @@ export class FlowListPage extends TablePage<Flow> {
                <button
                    class="pf-c-button pf-m-plain"
                    @click=${() => {
-                        const url = formatFlowURL(item);
+                        const finalURL = `${window.location.origin}/if/flow/${item.slug}/${AndNext(
-
+                            `${window.location.pathname}#${window.location.hash}`,
-                        window.open(url, "_blank");
+                        )}`;
                        window.open(finalURL, "_blank");
                    }}
                >
                    <pf-tooltip position="top" content=${msg("Execute")}>
--- a/web/src/admin/flows/FlowViewPage.ts
+++ b/web/src/admin/flows/FlowViewPage.ts
@ -1,10 +1,10 @@
 import "@goauthentik/admin/flows/BoundStagesList";
 import "@goauthentik/admin/flows/FlowDiagram";
 import "@goauthentik/admin/flows/FlowForm";
-import { DesignationToLabel, applyNextParam, formatFlowURL } from "@goauthentik/admin/flows/utils";
+import { DesignationToLabel } from "@goauthentik/admin/flows/utils";
 import "@goauthentik/admin/policies/BoundPoliciesList";
 import "@goauthentik/admin/rbac/ObjectPermissionsPage";
-import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
+import { AndNext, DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import "@goauthentik/components/events/ObjectChangelog";
 import { AKElement } from "@goauthentik/elements/Base";
 import "@goauthentik/elements/PageHeader";
@ -151,9 +151,12 @@ export class FlowViewPage extends AKElement {
                                                <button
                                                    class="pf-c-button pf-m-block pf-m-primary"
                                                    @click=${() => {
-                                                        const url = formatFlowURL(this.flow);
+                                                        const finalURL = `${
-
+                                                            window.location.origin
-                                                        window.open(url, "_blank");
+                                                        }/if/flow/${this.flow.slug}/${AndNext(
                                                            `${window.location.pathname}#${window.location.hash}`,
                                                        )}`;
                                                        window.open(finalURL, "_blank");
                                                    }}
                                                >
                                                    ${msg("Normal")}
@ -165,16 +168,12 @@ export class FlowViewPage extends AKElement {
                                                            .flowsInstancesExecuteRetrieve({
                                                                slug: this.flow.slug,
                                                            })
-                                                            .then(({ link }) => {
+                                                            .then((link) => {
-                                                                const finalURL = URL.canParse(link)
+                                                                const finalURL = `${
-                                                                    ? new URL(link)
+                                                                    link.link
-                                                                    : new URL(
+                                                                }${AndNext(
-                                                                          link,
+                                                                    `${window.location.pathname}#${window.location.hash}`,
-                                                                          window.location.origin,
+                                                                )}`;
                                                                      );
                                                                applyNextParam(finalURL);
                                                                window.open(finalURL, "_blank");
                                                            });
                                                    }}
--- a/web/src/admin/flows/StageBindingForm.ts
+++ b/web/src/admin/flows/StageBindingForm.ts
@ -39,9 +39,8 @@ export class StageBindingForm extends ModelForm<FlowStageBinding, string> {
    getSuccessMessage(): string {
        if (this.instance?.pk) {
            return msg("Successfully updated binding.");
        } else {
            return msg("Successfully created binding.");
        }
        return msg("Successfully created binding.");
    }
    send(data: FlowStageBinding): Promise<unknown> {
@ -50,14 +49,13 @@ export class StageBindingForm extends ModelForm<FlowStageBinding, string> {
                fsbUuid: this.instance.pk,
                patchedFlowStageBindingRequest: data,
            });
        } else {
            if (this.targetPk) {
                data.target = this.targetPk;
            }
            return new FlowsApi(DEFAULT_CONFIG).flowsBindingsCreate({
                flowStageBindingRequest: data,
            });
        }
        if (this.targetPk) {
            data.target = this.targetPk;
        }
        return new FlowsApi(DEFAULT_CONFIG).flowsBindingsCreate({
            flowStageBindingRequest: data,
        });
    }
    async getOrder(): Promise<number> {
--- a/web/src/admin/flows/utils.ts
+++ b/web/src/admin/flows/utils.ts
@ -43,51 +43,3 @@ export function LayoutToLabel(layout: FlowLayoutEnum): string {
            return msg("Unknown layout");
    }
 }
 /**
 * Applies the next URL as a query parameter to the given URL or URLSearchParams object.
 *
 * @todo deprecate this once hash routing is removed.
 */
 export function applyNextParam(
    target: URL | URLSearchParams,
    destination: string | URL = window.location.pathname + "#" + window.location.hash,
 ): void {
    const searchParams = target instanceof URL ? target.searchParams : target;
    searchParams.set("next", destination.toString());
 }
 /**
 * Creates a URLSearchParams object with the next URL as a query parameter.
 *
 * @todo deprecate this once hash routing is removed.
 */
 export function createNextSearchParams(
    destination: string | URL = window.location.pathname + "#" + window.location.hash,
 ): URLSearchParams {
    const searchParams = new URLSearchParams();
    applyNextParam(searchParams, destination);
    return searchParams;
 }
 /**
 * Creates a URL to a flow, with the next URL as a query parameter.
 *
 * @param flow The flow to create the URL for.
 * @param destination The next URL to redirect to after the flow is completed, `true` to use the current route.
 */
 export function formatFlowURL(
    flow: Flow,
    destination: string | URL | null = window.location.pathname + "#" + window.location.hash,
 ): URL {
    const url = new URL(`/if/flow/${flow.slug}/`, window.location.origin);
    if (destination) {
        applyNextParam(url, destination);
    }
    return url;
 }
--- a/web/src/admin/groups/GroupForm.ts
+++ b/web/src/admin/groups/GroupForm.ts
@ -10,7 +10,7 @@ import "@goauthentik/elements/chips/ChipGroup";
 import "@goauthentik/elements/forms/HorizontalFormElement";
 import { ModelForm } from "@goauthentik/elements/forms/ModelForm";
 import "@goauthentik/elements/forms/SearchSelect";
-import YAML from "yaml";
+import * as YAML from "yaml";
 import { msg } from "@lit/localize";
 import { CSSResult, TemplateResult, css, html } from "lit";
@ -55,12 +55,11 @@ export class GroupForm extends ModelForm<Group, string> {
                groupUuid: this.instance.pk,
                patchedGroupRequest: data,
            });
        } else {
            data.users = [];
            return new CoreApi(DEFAULT_CONFIG).coreGroupsCreate({
                groupRequest: data,
            });
        }
        data.users = [];
        return new CoreApi(DEFAULT_CONFIG).coreGroupsCreate({
            groupRequest: data,
        });
    }
    renderForm(): TemplateResult {
--- a/web/src/admin/groups/RelatedGroupList.ts
+++ b/web/src/admin/groups/RelatedGroupList.ts
@ -125,7 +125,8 @@ export class RelatedGroupList extends Table<Group> {
            buttonLabel=${msg("Remove")}
            .objects=${this.selectedElements}
            .delete=${(item: Group) => {
-                if (!this.targetUser) return;
+                if (!this.targetUser) return null;
                return new CoreApi(DEFAULT_CONFIG).coreGroupsRemoveUserCreate({
                    groupUuid: item.pk,
                    userAccountRequest: {
--- a/web/src/admin/groups/RelatedUserList.ts
+++ b/web/src/admin/groups/RelatedUserList.ts
@ -22,7 +22,7 @@ import { Form } from "@goauthentik/elements/forms/Form";
 import "@goauthentik/elements/forms/HorizontalFormElement";
 import "@goauthentik/elements/forms/ModalForm";
 import { showMessage } from "@goauthentik/elements/messages/MessageContainer";
-import { getRouteParameter, patchRouteParams } from "@goauthentik/elements/router/utils";
+import { getURLParam, updateURLParams } from "@goauthentik/elements/router/RouteMatch";
 import { PaginatedResponse } from "@goauthentik/elements/table/Table";
 import { Table, TableColumn } from "@goauthentik/elements/table/Table";
 import { UserOption } from "@goauthentik/elements/user/utils";
@ -46,8 +46,12 @@ import {
    User,
 } from "@goauthentik/api";
 interface AddUsersToGroupFormData {
    users: number[];
 }
@customElement("ak-user-related-add")
-export class RelatedUserAdd extends Form<{ users: number[] }> {
+export class RelatedUserAdd extends Form<AddUsersToGroupFormData> {
    @property({ attribute: false })
    group?: Group;
@ -58,7 +62,7 @@ export class RelatedUserAdd extends Form<{ users: number[] }> {
        return msg("Successfully added user(s).");
    }
-    async send(data: { users: number[] }): Promise<{ users: number[] }> {
+    async send(data: AddUsersToGroupFormData): Promise<AddUsersToGroupFormData> {
        await Promise.all(
            data.users.map((user) => {
                return new CoreApi(DEFAULT_CONFIG).coreGroupsAddUserCreate({
@ -69,6 +73,7 @@ export class RelatedUserAdd extends Form<{ users: number[] }> {
                });
            }),
        );
        return data;
    }
@ -127,13 +132,13 @@ export class RelatedUserList extends WithBrandConfig(WithCapabilitiesConfig(Tabl
    order = "last_login";
    @property({ type: Boolean })
-    hideServiceAccounts = getRouteParameter<boolean>("hideServiceAccounts", true);
+    hideServiceAccounts = getURLParam<boolean>("hideServiceAccounts", true);
    @state()
    me?: SessionUser;
    static get styles(): CSSResult[] {
-        return super.styles.concat(PFDescriptionList, PFAlert, PFBanner);
+        return Table.styles.concat(PFDescriptionList, PFAlert, PFBanner);
    }
    async apiEndpoint(): Promise<PaginatedResponse<User>> {
@ -466,7 +471,7 @@ export class RelatedUserList extends WithBrandConfig(WithCapabilitiesConfig(Tabl
                                    this.hideServiceAccounts = !this.hideServiceAccounts;
                                    this.page = 1;
                                    this.fetch();
-                                    patchRouteParams({
+                                    updateURLParams({
                                        hideServiceAccounts: this.hideServiceAccounts,
                                    });
                                }}
--- a/web/src/admin/outposts/OutpostDeploymentModal.ts
+++ b/web/src/admin/outposts/OutpostDeploymentModal.ts
@ -65,7 +65,7 @@ export class OutpostDeploymentModal extends ModalButton {
                        </label>
                        <input class="pf-c-form-control" readonly type="text" value="true" />
                    </div>
-                    ${this.outpost?.type == OutpostTypeEnum.Proxy
+                    ${this.outpost?.type === OutpostTypeEnum.Proxy
                        ? html`
                              <h3>
                                  ${msg(
--- a/web/src/admin/outposts/OutpostForm.ts
+++ b/web/src/admin/outposts/OutpostForm.ts
@ -10,7 +10,7 @@ import "@goauthentik/elements/forms/HorizontalFormElement";
 import { ModelForm } from "@goauthentik/elements/forms/ModelForm";
 import "@goauthentik/elements/forms/SearchSelect";
 import { PaginatedResponse } from "@goauthentik/elements/table/Table";
-import YAML from "yaml";
+import * as YAML from "yaml";
 import { msg } from "@lit/localize";
 import { TemplateResult, html } from "lit";
@ -129,11 +129,10 @@ export class OutpostForm extends ModelForm<Outpost, string> {
                uuid: this.instance.pk || "",
                outpostRequest: data,
            });
        } else {
            return new OutpostsApi(DEFAULT_CONFIG).outpostsInstancesCreate({
                outpostRequest: data,
            });
        }
        return new OutpostsApi(DEFAULT_CONFIG).outpostsInstancesCreate({
            outpostRequest: data,
        });
    }
    renderForm(): TemplateResult {
--- a/web/src/admin/outposts/ServiceConnectionDockerForm.ts
+++ b/web/src/admin/outposts/ServiceConnectionDockerForm.ts
@ -32,11 +32,10 @@ export class ServiceConnectionDockerForm extends ModelForm<DockerServiceConnecti
                uuid: this.instance.pk || "",
                dockerServiceConnectionRequest: data,
            });
        } else {
            return new OutpostsApi(DEFAULT_CONFIG).outpostsServiceConnectionsDockerCreate({
                dockerServiceConnectionRequest: data,
            });
        }
        return new OutpostsApi(DEFAULT_CONFIG).outpostsServiceConnectionsDockerCreate({
            dockerServiceConnectionRequest: data,
        });
    }
    renderForm(): TemplateResult {
--- a/web/src/admin/outposts/ServiceConnectionKubernetesForm.ts
+++ b/web/src/admin/outposts/ServiceConnectionKubernetesForm.ts
@ -4,7 +4,7 @@ import "@goauthentik/elements/CodeMirror";
 import { CodeMirrorMode } from "@goauthentik/elements/CodeMirror";
 import "@goauthentik/elements/forms/HorizontalFormElement";
 import { ModelForm } from "@goauthentik/elements/forms/ModelForm";
-import YAML from "yaml";
+import * as YAML from "yaml";
 import { msg } from "@lit/localize";
 import { TemplateResult, html } from "lit";
@ -36,11 +36,10 @@ export class ServiceConnectionKubernetesForm extends ModelForm<
                uuid: this.instance.pk || "",
                kubernetesServiceConnectionRequest: data,
            });
        } else {
            return new OutpostsApi(DEFAULT_CONFIG).outpostsServiceConnectionsKubernetesCreate({
                kubernetesServiceConnectionRequest: data,
            });
        }
        return new OutpostsApi(DEFAULT_CONFIG).outpostsServiceConnectionsKubernetesCreate({
            kubernetesServiceConnectionRequest: data,
        });
    }
    renderForm(): TemplateResult {
--- a/web/src/admin/policies/BoundPoliciesList.ts
+++ b/web/src/admin/policies/BoundPoliciesList.ts
@ -72,9 +72,8 @@ export class BoundPoliciesList extends Table<PolicyBinding> {
            return msg(str`Group ${item.groupObj?.name}`);
        } else if (item.user) {
            return msg(str`User ${item.userObj?.name}`);
        } else {
            return msg("-");
        }
        return msg("-");
    }
    getPolicyUserGroupRow(item: PolicyBinding): TemplateResult {
@ -123,9 +122,8 @@ export class BoundPoliciesList extends Table<PolicyBinding> {
                    ${msg("Edit User")}
                </button>
            </ak-forms-modal>`;
        } else {
            return html``;
        }
        return html``;
    }
    renderToolbarSelected(): TemplateResult {
--- a/web/src/admin/policies/PolicyBindingForm.ts
+++ b/web/src/admin/policies/PolicyBindingForm.ts
@ -72,9 +72,8 @@ export class PolicyBindingForm extends ModelForm<PolicyBinding, string> {
    getSuccessMessage(): string {
        if (this.instance?.pk) {
            return msg("Successfully updated binding.");
        } else {
            return msg("Successfully created binding.");
        }
        return msg("Successfully created binding.");
    }
    static get styles(): CSSResult[] {
@ -111,11 +110,10 @@ export class PolicyBindingForm extends ModelForm<PolicyBinding, string> {
                policyBindingUuid: this.instance.pk,
                policyBindingRequest: data,
            });
        } else {
            return new PoliciesApi(DEFAULT_CONFIG).policiesBindingsCreate({
                policyBindingRequest: data,
            });
        }
        return new PoliciesApi(DEFAULT_CONFIG).policiesBindingsCreate({
            policyBindingRequest: data,
        });
    }
    async getOrder(): Promise<number> {
--- a/web/src/admin/policies/PolicyTestForm.ts
+++ b/web/src/admin/policies/PolicyTestForm.ts
@ -7,7 +7,7 @@ import "@goauthentik/elements/events/LogViewer";
 import { Form } from "@goauthentik/elements/forms/Form";
 import "@goauthentik/elements/forms/HorizontalFormElement";
 import "@goauthentik/elements/forms/SearchSelect";
-import YAML from "yaml";
+import * as YAML from "yaml";
 import { msg } from "@lit/localize";
 import { CSSResult, TemplateResult, html } from "lit";
--- a/web/src/admin/policies/dummy/DummyPolicyForm.ts
+++ b/web/src/admin/policies/dummy/DummyPolicyForm.ts
@ -25,11 +25,11 @@ export class DummyPolicyForm extends BasePolicyForm<DummyPolicy> {
                policyUuid: this.instance.pk || "",
                dummyPolicyRequest: data,
            });
        } else {
            return new PoliciesApi(DEFAULT_CONFIG).policiesDummyCreate({
                dummyPolicyRequest: data,
            });
        }
        return new PoliciesApi(DEFAULT_CONFIG).policiesDummyCreate({
            dummyPolicyRequest: data,
        });
    }
    renderForm(): TemplateResult {
--- a/web/src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
+++ b/web/src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
@ -37,11 +37,10 @@ export class EventMatcherPolicyForm extends BasePolicyForm<EventMatcherPolicy> {
                policyUuid: this.instance.pk || "",
                eventMatcherPolicyRequest: data,
            });
        } else {
            return new PoliciesApi(DEFAULT_CONFIG).policiesEventMatcherCreate({
                eventMatcherPolicyRequest: data,
            });
        }
        return new PoliciesApi(DEFAULT_CONFIG).policiesEventMatcherCreate({
            eventMatcherPolicyRequest: data,
        });
    }
    renderForm(): TemplateResult {
--- a/web/src/admin/policies/expiry/ExpiryPolicyForm.ts
+++ b/web/src/admin/policies/expiry/ExpiryPolicyForm.ts
@ -25,11 +25,10 @@ export class PasswordExpiryPolicyForm extends BasePolicyForm<PasswordExpiryPolic
                policyUuid: this.instance.pk || "",
                passwordExpiryPolicyRequest: data,
            });
        } else {
            return new PoliciesApi(DEFAULT_CONFIG).policiesPasswordExpiryCreate({
                passwordExpiryPolicyRequest: data,
            });
        }
        return new PoliciesApi(DEFAULT_CONFIG).policiesPasswordExpiryCreate({
            passwordExpiryPolicyRequest: data,
        });
    }
    renderForm(): TemplateResult {
--- a/web/src/admin/policies/expression/ExpressionPolicyForm.ts
+++ b/web/src/admin/policies/expression/ExpressionPolicyForm.ts
@ -28,11 +28,10 @@ export class ExpressionPolicyForm extends BasePolicyForm<ExpressionPolicy> {
                policyUuid: this.instance.pk || "",
                expressionPolicyRequest: data,
            });
        } else {
            return new PoliciesApi(DEFAULT_CONFIG).policiesExpressionCreate({
                expressionPolicyRequest: data,
            });
        }
        return new PoliciesApi(DEFAULT_CONFIG).policiesExpressionCreate({
            expressionPolicyRequest: data,
        });
    }
    renderForm(): TemplateResult {
--- a/web/src/admin/policies/geoip/GeoIPPolicyForm.ts
+++ b/web/src/admin/policies/geoip/GeoIPPolicyForm.ts
@ -39,11 +39,10 @@ export class GeoIPPolicyForm extends BasePolicyForm<GeoIPPolicy> {
                policyUuid: this.instance.pk || "",
                geoIPPolicyRequest: data,
            });
        } else {
            return new PoliciesApi(DEFAULT_CONFIG).policiesGeoipCreate({
                geoIPPolicyRequest: data,
            });
        }
        return new PoliciesApi(DEFAULT_CONFIG).policiesGeoipCreate({
            geoIPPolicyRequest: data,
        });
    }
    renderForm(): TemplateResult {
--- a/web/src/admin/policies/password/PasswordPolicyForm.ts
+++ b/web/src/admin/policies/password/PasswordPolicyForm.ts
@ -38,11 +38,10 @@ export class PasswordPolicyForm extends BasePolicyForm<PasswordPolicy> {
                policyUuid: this.instance.pk || "",
                passwordPolicyRequest: data,
            });
        } else {
            return new PoliciesApi(DEFAULT_CONFIG).policiesPasswordCreate({
                passwordPolicyRequest: data,
            });
        }
        return new PoliciesApi(DEFAULT_CONFIG).policiesPasswordCreate({
            passwordPolicyRequest: data,
        });
    }
    renderStaticRules(): TemplateResult {
--- a/web/src/admin/policies/reputation/ReputationPolicyForm.ts
+++ b/web/src/admin/policies/reputation/ReputationPolicyForm.ts
@ -25,11 +25,10 @@ export class ReputationPolicyForm extends BasePolicyForm<ReputationPolicy> {
                policyUuid: this.instance.pk || "",
                reputationPolicyRequest: data,
            });
        } else {
            return new PoliciesApi(DEFAULT_CONFIG).policiesReputationCreate({
                reputationPolicyRequest: data,
            });
        }
        return new PoliciesApi(DEFAULT_CONFIG).policiesReputationCreate({
            reputationPolicyRequest: data,
        });
    }
    renderForm(): TemplateResult {
--- a/web/src/admin/property-mappings/PropertyMappingListPage.ts
+++ b/web/src/admin/property-mappings/PropertyMappingListPage.ts
@ -19,7 +19,7 @@ import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import "@goauthentik/elements/forms/DeleteBulkForm";
 import "@goauthentik/elements/forms/ModalForm";
 import "@goauthentik/elements/forms/ProxyForm";
-import { getRouteParameter, patchRouteParams } from "@goauthentik/elements/router/utils";
+import { getURLParam, updateURLParams } from "@goauthentik/elements/router/RouteMatch";
 import { PaginatedResponse } from "@goauthentik/elements/table/Table";
 import { TableColumn } from "@goauthentik/elements/table/Table";
 import { TablePage } from "@goauthentik/elements/table/TablePage";
@ -54,7 +54,7 @@ export class PropertyMappingListPage extends TablePage<PropertyMapping> {
    order = "name";
    @state()
-    hideManaged = getRouteParameter<boolean>("hideManaged", true);
+    hideManaged = getURLParam<boolean>("hideManaged", true);
    async apiEndpoint(): Promise<PaginatedResponse<PropertyMapping>> {
        return new PropertymappingsApi(DEFAULT_CONFIG).propertymappingsAllList({
@ -148,7 +148,7 @@ export class PropertyMappingListPage extends TablePage<PropertyMapping> {
                                    this.hideManaged = !this.hideManaged;
                                    this.page = 1;
                                    this.fetch();
-                                    patchRouteParams({
+                                    updateURLParams({
                                        hideManaged: this.hideManaged,
                                    });
                                }}
--- a/web/src/admin/property-mappings/PropertyMappingNotification.ts
+++ b/web/src/admin/property-mappings/PropertyMappingNotification.ts
@ -21,11 +21,10 @@ export class PropertyMappingNotification extends BasePropertyMappingForm<Notific
                pmUuid: this.instance.pk,
                notificationWebhookMappingRequest: data,
            });
        } else {
            return new PropertymappingsApi(DEFAULT_CONFIG).propertymappingsNotificationCreate({
                notificationWebhookMappingRequest: data,
            });
        }
        return new PropertymappingsApi(DEFAULT_CONFIG).propertymappingsNotificationCreate({
            notificationWebhookMappingRequest: data,
        });
    }
 }
--- a/web/src/admin/property-mappings/PropertyMappingProviderGoogleWorkspaceForm.ts
+++ b/web/src/admin/property-mappings/PropertyMappingProviderGoogleWorkspaceForm.ts
@ -25,13 +25,12 @@ export class PropertyMappingProviderGoogleWorkspaceForm extends BasePropertyMapp
                pmUuid: this.instance.pk,
                googleWorkspaceProviderMappingRequest: data,
            });
        } else {
            return new PropertymappingsApi(
                DEFAULT_CONFIG,
            ).propertymappingsProviderGoogleWorkspaceCreate({
                googleWorkspaceProviderMappingRequest: data,
            });
        }
        return new PropertymappingsApi(
            DEFAULT_CONFIG,
        ).propertymappingsProviderGoogleWorkspaceCreate({
            googleWorkspaceProviderMappingRequest: data,
        });
    }
 }
--- a/web/src/admin/property-mappings/PropertyMappingProviderMicrosoftEntraForm.ts
+++ b/web/src/admin/property-mappings/PropertyMappingProviderMicrosoftEntraForm.ts
@ -25,13 +25,12 @@ export class PropertyMappingProviderMicrosoftEntraForm extends BasePropertyMappi
                pmUuid: this.instance.pk,
                microsoftEntraProviderMappingRequest: data,
            });
        } else {
            return new PropertymappingsApi(
                DEFAULT_CONFIG,
            ).propertymappingsProviderMicrosoftEntraCreate({
                microsoftEntraProviderMappingRequest: data,
            });
        }
        return new PropertymappingsApi(DEFAULT_CONFIG).propertymappingsProviderMicrosoftEntraCreate(
            {
                microsoftEntraProviderMappingRequest: data,
            },
        );
    }
 }
--- a/web/src/admin/property-mappings/PropertyMappingProviderRACForm.ts
+++ b/web/src/admin/property-mappings/PropertyMappingProviderRACForm.ts
@ -46,11 +46,10 @@ export class PropertyMappingProviderRACForm extends BasePropertyMappingForm<RACP
                pmUuid: this.instance.pk,
                rACPropertyMappingRequest: data,
            });
        } else {
            return new PropertymappingsApi(DEFAULT_CONFIG).propertymappingsProviderRacCreate({
                rACPropertyMappingRequest: data,
            });
        }
        return new PropertymappingsApi(DEFAULT_CONFIG).propertymappingsProviderRacCreate({
            rACPropertyMappingRequest: data,
        });
    }
    renderForm(): TemplateResult {
--- a/web/src/admin/property-mappings/PropertyMappingProviderRadiusForm.ts
+++ b/web/src/admin/property-mappings/PropertyMappingProviderRadiusForm.ts
@ -21,11 +21,10 @@ export class PropertyMappingProviderRadiusForm extends BasePropertyMappingForm<R
                pmUuid: this.instance.pk,
                radiusProviderPropertyMappingRequest: data,
            });
        } else {
            return new PropertymappingsApi(DEFAULT_CONFIG).propertymappingsProviderRadiusCreate({
                radiusProviderPropertyMappingRequest: data,
            });
        }
        return new PropertymappingsApi(DEFAULT_CONFIG).propertymappingsProviderRadiusCreate({
            radiusProviderPropertyMappingRequest: data,
        });
    }
 }
--- a/web/src/admin/property-mappings/PropertyMappingProviderSAMLForm.ts
+++ b/web/src/admin/property-mappings/PropertyMappingProviderSAMLForm.ts
@ -24,11 +24,10 @@ export class PropertyMappingProviderSAMLForm extends BasePropertyMappingForm<SAM
                pmUuid: this.instance.pk,
                sAMLPropertyMappingRequest: data,
            });
        } else {
            return new PropertymappingsApi(DEFAULT_CONFIG).propertymappingsProviderSamlCreate({
                sAMLPropertyMappingRequest: data,
            });
        }
        return new PropertymappingsApi(DEFAULT_CONFIG).propertymappingsProviderSamlCreate({
            sAMLPropertyMappingRequest: data,
        });
    }
    renderExtraFields(): TemplateResult {
--- a/web/src/admin/property-mappings/PropertyMappingProviderSCIMForm.ts
+++ b/web/src/admin/property-mappings/PropertyMappingProviderSCIMForm.ts
@ -21,11 +21,10 @@ export class PropertyMappingProviderSCIMForm extends BasePropertyMappingForm<SCI
                pmUuid: this.instance.pk,
                sCIMMappingRequest: data,
            });
        } else {
            return new PropertymappingsApi(DEFAULT_CONFIG).propertymappingsProviderScimCreate({
                sCIMMappingRequest: data,
            });
        }
        return new PropertymappingsApi(DEFAULT_CONFIG).propertymappingsProviderScimCreate({
            sCIMMappingRequest: data,
        });
    }
 }
--- a/web/src/admin/property-mappings/PropertyMappingProviderScopeForm.ts
+++ b/web/src/admin/property-mappings/PropertyMappingProviderScopeForm.ts
@ -24,11 +24,10 @@ export class PropertyMappingProviderScopeForm extends BasePropertyMappingForm<Sc
                pmUuid: this.instance.pk,
                scopeMappingRequest: data,
            });
        } else {
            return new PropertymappingsApi(DEFAULT_CONFIG).propertymappingsProviderScopeCreate({
                scopeMappingRequest: data,
            });
        }
        return new PropertymappingsApi(DEFAULT_CONFIG).propertymappingsProviderScopeCreate({
            scopeMappingRequest: data,
        });
    }
    renderExtraFields(): TemplateResult {
--- a/web/src/admin/property-mappings/PropertyMappingSourceKerberosForm.ts
+++ b/web/src/admin/property-mappings/PropertyMappingSourceKerberosForm.ts
@ -25,11 +25,10 @@ export class PropertyMappingSourceKerberosForm extends BasePropertyMappingForm<K
                pmUuid: this.instance.pk,
                kerberosSourcePropertyMappingRequest: data,
            });
        } else {
            return new PropertymappingsApi(DEFAULT_CONFIG).propertymappingsSourceKerberosCreate({
                kerberosSourcePropertyMappingRequest: data,
            });
        }
        return new PropertymappingsApi(DEFAULT_CONFIG).propertymappingsSourceKerberosCreate({
            kerberosSourcePropertyMappingRequest: data,
        });
    }
 }
--- a/web/src/admin/property-mappings/PropertyMappingSourceLDAPForm.ts
+++ b/web/src/admin/property-mappings/PropertyMappingSourceLDAPForm.ts
@ -25,11 +25,10 @@ export class PropertyMappingSourceLDAPForm extends BasePropertyMappingForm<LDAPS
                pmUuid: this.instance.pk,
                lDAPSourcePropertyMappingRequest: data,
            });
        } else {
            return new PropertymappingsApi(DEFAULT_CONFIG).propertymappingsSourceLdapCreate({
                lDAPSourcePropertyMappingRequest: data,
            });
        }
        return new PropertymappingsApi(DEFAULT_CONFIG).propertymappingsSourceLdapCreate({
            lDAPSourcePropertyMappingRequest: data,
        });
    }
 }
--- a/web/src/admin/property-mappings/PropertyMappingSourceOAuthForm.ts
+++ b/web/src/admin/property-mappings/PropertyMappingSourceOAuthForm.ts
@ -25,11 +25,10 @@ export class PropertyMappingSourceOAuthForm extends BasePropertyMappingForm<OAut
                pmUuid: this.instance.pk,
                oAuthSourcePropertyMappingRequest: data,
            });
        } else {
            return new PropertymappingsApi(DEFAULT_CONFIG).propertymappingsSourceOauthCreate({
                oAuthSourcePropertyMappingRequest: data,
            });
        }
        return new PropertymappingsApi(DEFAULT_CONFIG).propertymappingsSourceOauthCreate({
            oAuthSourcePropertyMappingRequest: data,
        });
    }
 }
--- a/web/src/admin/property-mappings/PropertyMappingSourcePlexForm.ts
+++ b/web/src/admin/property-mappings/PropertyMappingSourcePlexForm.ts
@ -25,11 +25,10 @@ export class PropertyMappingSourcePlexForm extends BasePropertyMappingForm<PlexS
                pmUuid: this.instance.pk,
                plexSourcePropertyMappingRequest: data,
            });
        } else {
            return new PropertymappingsApi(DEFAULT_CONFIG).propertymappingsSourcePlexCreate({
                plexSourcePropertyMappingRequest: data,
            });
        }
        return new PropertymappingsApi(DEFAULT_CONFIG).propertymappingsSourcePlexCreate({
            plexSourcePropertyMappingRequest: data,
        });
    }
 }
--- a/web/src/admin/property-mappings/PropertyMappingSourceSAMLForm.ts
+++ b/web/src/admin/property-mappings/PropertyMappingSourceSAMLForm.ts
@ -25,11 +25,10 @@ export class PropertyMappingSourceSAMLForm extends BasePropertyMappingForm<SAMLS
                pmUuid: this.instance.pk,
                sAMLSourcePropertyMappingRequest: data,
            });
        } else {
            return new PropertymappingsApi(DEFAULT_CONFIG).propertymappingsSourceSamlCreate({
                sAMLSourcePropertyMappingRequest: data,
            });
        }
        return new PropertymappingsApi(DEFAULT_CONFIG).propertymappingsSourceSamlCreate({
            sAMLSourcePropertyMappingRequest: data,
        });
    }
 }
--- a/web/src/admin/property-mappings/PropertyMappingSourceSCIMForm.ts
+++ b/web/src/admin/property-mappings/PropertyMappingSourceSCIMForm.ts
@ -25,11 +25,10 @@ export class PropertyMappingSourceSCIMForm extends BasePropertyMappingForm<SCIMS
                pmUuid: this.instance.pk,
                sCIMSourcePropertyMappingRequest: data,
            });
        } else {
            return new PropertymappingsApi(DEFAULT_CONFIG).propertymappingsSourceScimCreate({
                sCIMSourcePropertyMappingRequest: data,
            });
        }
        return new PropertymappingsApi(DEFAULT_CONFIG).propertymappingsSourceScimCreate({
            sCIMSourcePropertyMappingRequest: data,
        });
    }
 }
--- a/web/src/admin/property-mappings/PropertyMappingTestForm.ts
+++ b/web/src/admin/property-mappings/PropertyMappingTestForm.ts
@ -5,7 +5,7 @@ import { CodeMirrorMode } from "@goauthentik/elements/CodeMirror";
 import { Form } from "@goauthentik/elements/forms/Form";
 import "@goauthentik/elements/forms/HorizontalFormElement";
 import "@goauthentik/elements/forms/SearchSelect";
-import YAML from "yaml";
+import * as YAML from "yaml";
 import { msg } from "@lit/localize";
 import { TemplateResult, html, nothing } from "lit";
--- a/web/src/admin/providers/google_workspace/GoogleWorkspaceProviderForm.ts
+++ b/web/src/admin/providers/google_workspace/GoogleWorkspaceProviderForm.ts
@ -42,11 +42,10 @@ export class GoogleWorkspaceProviderFormPage extends BaseProviderForm<GoogleWork
                id: this.instance.pk,
                googleWorkspaceProviderRequest: data,
            });
        } else {
            return new ProvidersApi(DEFAULT_CONFIG).providersGoogleWorkspaceCreate({
                googleWorkspaceProviderRequest: data,
            });
        }
        return new ProvidersApi(DEFAULT_CONFIG).providersGoogleWorkspaceCreate({
            googleWorkspaceProviderRequest: data,
        });
    }
    renderForm(): TemplateResult {
--- a/web/src/admin/providers/ldap/LDAPProviderForm.ts
+++ b/web/src/admin/providers/ldap/LDAPProviderForm.ts
@ -24,11 +24,10 @@ export class LDAPProviderFormPage extends WithBrandConfig(BaseProviderForm<LDAPP
                id: this.instance.pk,
                lDAPProviderRequest: data,
            });
        } else {
            return new ProvidersApi(DEFAULT_CONFIG).providersLdapCreate({
                lDAPProviderRequest: data,
            });
        }
        return new ProvidersApi(DEFAULT_CONFIG).providersLdapCreate({
            lDAPProviderRequest: data,
        });
    }
    renderForm() {
--- a/web/src/admin/providers/microsoft_entra/MicrosoftEntraProviderForm.ts
+++ b/web/src/admin/providers/microsoft_entra/MicrosoftEntraProviderForm.ts
@ -40,11 +40,10 @@ export class MicrosoftEntraProviderFormPage extends BaseProviderForm<MicrosoftEn
                id: this.instance.pk,
                microsoftEntraProviderRequest: data,
            });
        } else {
            return new ProvidersApi(DEFAULT_CONFIG).providersMicrosoftEntraCreate({
                microsoftEntraProviderRequest: data,
            });
        }
        return new ProvidersApi(DEFAULT_CONFIG).providersMicrosoftEntraCreate({
            microsoftEntraProviderRequest: data,
        });
    }
    renderForm(): TemplateResult {
--- a/web/src/admin/providers/oauth2/OAuth2ProviderForm.ts
+++ b/web/src/admin/providers/oauth2/OAuth2ProviderForm.ts
@ -82,11 +82,10 @@ export class OAuth2ProviderFormPage extends BaseProviderForm<OAuth2Provider> {
                id: this.instance.pk,
                oAuth2ProviderRequest: data,
            });
        } else {
            return new ProvidersApi(DEFAULT_CONFIG).providersOauth2Create({
                oAuth2ProviderRequest: data,
            });
        }
        return new ProvidersApi(DEFAULT_CONFIG).providersOauth2Create({
            oAuth2ProviderRequest: data,
        });
    }
    renderForm() {
--- a/web/src/admin/providers/proxy/ProxyProviderForm.ts
+++ b/web/src/admin/providers/proxy/ProxyProviderForm.ts
@ -45,11 +45,10 @@ export class ProxyProviderFormPage extends BaseProviderForm<ProxyProvider> {
                id: this.instance.pk,
                proxyProviderRequest: data,
            });
        } else {
            return new ProvidersApi(DEFAULT_CONFIG).providersProxyCreate({
                proxyProviderRequest: data,
            });
        }
        return new ProvidersApi(DEFAULT_CONFIG).providersProxyCreate({
            proxyProviderRequest: data,
        });
    }
    renderForm() {
--- a/web/src/admin/providers/proxy/ProxyProviderViewPage.ts
+++ b/web/src/admin/providers/proxy/ProxyProviderViewPage.ts
@ -3,6 +3,7 @@ import "@goauthentik/admin/providers/proxy/ProxyProviderForm";
 import "@goauthentik/admin/rbac/ObjectPermissionsPage";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import { EVENT_REFRESH } from "@goauthentik/common/constants";
 import { convertToSlug } from "@goauthentik/common/utils";
 import "@goauthentik/components/ak-status-label";
 import "@goauthentik/components/events/ObjectChangelog";
 import MDCaddyStandalone from "@goauthentik/docs/add-secure-apps/providers/proxy/_caddy_standalone.md";
@ -20,8 +21,7 @@ import "@goauthentik/elements/ak-mdx";
 import type { Replacer } from "@goauthentik/elements/ak-mdx";
 import "@goauthentik/elements/buttons/ModalButton";
 import "@goauthentik/elements/buttons/SpinnerButton";
-import { formatAsSlug } from "@goauthentik/elements/router";
+import { getURLParam } from "@goauthentik/elements/router/RouteMatch";
 import { getRouteParameter } from "@goauthentik/elements/router/utils";
 import { msg } from "@lit/localize";
 import { CSSResult, PropertyValues, TemplateResult, css, html } from "lit";
@ -60,6 +60,9 @@ export function ModeToLabel(action?: ProxyMode): string {
    }
 }
 /**
 * Predicate to determine if a given proxy mode should forward.
 */
 export function isForward(mode: ProxyMode): boolean {
    switch (mode) {
        case ProxyMode.Proxy:
@ -156,13 +159,12 @@ export class ProxyProviderViewPage extends AKElement {
            (input: string): string => {
                // The generated config is pretty unreliable currently so
                // put it behind a flag
-                if (!getRouteParameter("generatedConfig", false)) {
+                if (!getURLParam("generatedConfig", false)) return input;
-                    return input;
+
-                }
+                if (!this.provider) return input;
-                if (!this.provider) {
+
                    return input;
                }
                const extHost = new URL(this.provider.externalHost);
                // See website/docs/add-secure-apps/providers/proxy/forward_auth.mdx
                if (this.provider?.mode === ProxyMode.ForwardSingle) {
                    return input
@ -170,20 +172,23 @@ export class ProxyProviderViewPage extends AKElement {
                        .replaceAll("outpost.company:9000", window.location.hostname)
                        .replaceAll("https://app.company", extHost.toString())
                        .replaceAll("app.company", extHost.hostname);
-                } else if (this.provider?.mode == ProxyMode.ForwardDomain) {
+                }
                if (this.provider?.mode === ProxyMode.ForwardDomain) {
                    return input
                        .replaceAll("authentik.company", window.location.hostname)
                        .replaceAll("outpost.company:9000", extHost.toString())
                        .replaceAll("https://app.company", extHost.toString())
                        .replaceAll("app.company", extHost.hostname);
                }
                return input;
            },
        ];
        return html`<ak-tabs pageIdentifier="proxy-setup">
            ${servers.map((server) => {
                return html`<section
-                    slot="page-${formatAsSlug(server.label)}"
+                    slot="page-${convertToSlug(server.label)}"
                    data-tab-title="${server.label}"
                    class="pf-c-page__main-section pf-m-no-padding-mobile ak-markdown-section"
                >
--- a/web/src/admin/providers/rac/EndpointForm.ts
+++ b/web/src/admin/providers/rac/EndpointForm.ts
@ -6,7 +6,7 @@ import "@goauthentik/elements/ak-dual-select/ak-dual-select-dynamic-selected-pro
 import "@goauthentik/elements/forms/FormGroup";
 import "@goauthentik/elements/forms/HorizontalFormElement";
 import { ModelForm } from "@goauthentik/elements/forms/ModelForm";
-import YAML from "yaml";
+import * as YAML from "yaml";
 import { msg } from "@lit/localize";
 import { TemplateResult, html } from "lit";
@ -46,11 +46,10 @@ export class EndpointForm extends ModelForm<Endpoint, string> {
                pbmUuid: this.instance.pk || "",
                patchedEndpointRequest: data,
            });
        } else {
            return new RacApi(DEFAULT_CONFIG).racEndpointsCreate({
                endpointRequest: data,
            });
        }
        return new RacApi(DEFAULT_CONFIG).racEndpointsCreate({
            endpointRequest: data,
        });
    }
    renderForm(): TemplateResult {
--- a/web/src/admin/providers/rac/RACProviderForm.ts
+++ b/web/src/admin/providers/rac/RACProviderForm.ts
@ -10,7 +10,7 @@ import { ModelForm } from "@goauthentik/elements/forms/ModelForm";
 import "@goauthentik/elements/forms/Radio";
 import "@goauthentik/elements/forms/SearchSelect";
 import "@goauthentik/elements/utils/TimeDeltaHelp";
-import YAML from "yaml";
+import * as YAML from "yaml";
 import { msg } from "@lit/localize";
 import { TemplateResult, html } from "lit";
@ -32,9 +32,8 @@ export class RACProviderFormPage extends ModelForm<RACProvider, number> {
    getSuccessMessage(): string {
        if (this.instance) {
            return msg("Successfully updated provider.");
        } else {
            return msg("Successfully created provider.");
        }
        return msg("Successfully created provider.");
    }
    async send(data: RACProvider): Promise<RACProvider> {
@ -43,11 +42,10 @@ export class RACProviderFormPage extends ModelForm<RACProvider, number> {
                id: this.instance.pk,
                rACProviderRequest: data,
            });
        } else {
            return new ProvidersApi(DEFAULT_CONFIG).providersRacCreate({
                rACProviderRequest: data,
            });
        }
        return new ProvidersApi(DEFAULT_CONFIG).providersRacCreate({
            rACProviderRequest: data,
        });
    }
    renderForm(): TemplateResult {
--- a/web/src/admin/providers/radius/RadiusProviderForm.ts
+++ b/web/src/admin/providers/radius/RadiusProviderForm.ts
@ -22,11 +22,10 @@ export class RadiusProviderFormPage extends WithBrandConfig(BaseProviderForm<Rad
                id: this.instance.pk,
                radiusProviderRequest: data,
            });
        } else {
            return new ProvidersApi(DEFAULT_CONFIG).providersRadiusCreate({
                radiusProviderRequest: data,
            });
        }
        return new ProvidersApi(DEFAULT_CONFIG).providersRadiusCreate({
            radiusProviderRequest: data,
        });
    }
    renderForm() {
--- a/web/src/admin/providers/saml/SAMLProviderForm.ts
+++ b/web/src/admin/providers/saml/SAMLProviderForm.ts
@ -17,7 +17,7 @@ export class SAMLProviderFormPage extends BaseProviderForm<SAMLProvider> {
        const provider = await new ProvidersApi(DEFAULT_CONFIG).providersSamlRetrieve({
            id: pk,
        });
-        this.hasSigningKp = !!provider.signingKp;
+        this.hasSigningKp = Boolean(provider.signingKp);
        return provider;
    }
@ -27,18 +27,17 @@ export class SAMLProviderFormPage extends BaseProviderForm<SAMLProvider> {
                id: this.instance.pk,
                sAMLProviderRequest: data,
            });
        } else {
            return new ProvidersApi(DEFAULT_CONFIG).providersSamlCreate({
                sAMLProviderRequest: data,
            });
        }
        return new ProvidersApi(DEFAULT_CONFIG).providersSamlCreate({
            sAMLProviderRequest: data,
        });
    }
    renderForm() {
        const setHasSigningKp = (ev: InputEvent) => {
            const target = ev.target as AkCryptoCertificateSearch;
            if (!target) return;
-            this.hasSigningKp = !!target.selectedKeypair;
+            this.hasSigningKp = Boolean(target.selectedKeypair);
        };
        return renderForm(this.instance ?? {}, [], setHasSigningKp, this.hasSigningKp);
--- a/web/src/admin/providers/saml/SAMLProviderImportForm.ts
+++ b/web/src/admin/providers/saml/SAMLProviderImportForm.ts
@ -18,7 +18,7 @@ export class SAMLProviderImportForm extends Form<SAMLProvider> {
    }
    async send(data: SAMLProvider): Promise<void> {
-        const file = this.getFormFiles()["metadata"];
+        const file = this.getFormFiles().metadata;
        if (!file) {
            throw new SentryIgnoredError("No form data");
        }
--- a/web/src/admin/providers/scim/SCIMProviderForm.ts
+++ b/web/src/admin/providers/scim/SCIMProviderForm.ts
@ -21,11 +21,10 @@ export class SCIMProviderFormPage extends BaseProviderForm<SCIMProvider> {
                id: this.instance.pk,
                sCIMProviderRequest: data,
            });
        } else {
            return new ProvidersApi(DEFAULT_CONFIG).providersScimCreate({
                sCIMProviderRequest: data,
            });
        }
        return new ProvidersApi(DEFAULT_CONFIG).providersScimCreate({
            sCIMProviderRequest: data,
        });
    }
    renderForm() {
--- a/web/src/admin/providers/ssf/SSFProviderFormPage.ts
+++ b/web/src/admin/providers/ssf/SSFProviderFormPage.ts
@ -43,11 +43,10 @@ export class SSFProviderFormPage extends BaseProviderForm<SSFProvider> {
                id: this.instance.pk,
                sSFProviderRequest: data,
            });
        } else {
            return new ProvidersApi(DEFAULT_CONFIG).providersSsfCreate({
                sSFProviderRequest: data,
            });
        }
        return new ProvidersApi(DEFAULT_CONFIG).providersSsfCreate({
            sSFProviderRequest: data,
        });
    }
    renderForm(): TemplateResult {
--- a/web/src/admin/roles/RoleForm.ts
+++ b/web/src/admin/roles/RoleForm.ts
@ -32,11 +32,10 @@ export class RoleForm extends ModelForm<Role, string> {
                uuid: this.instance.pk,
                patchedRoleRequest: data,
            });
        } else {
            return new RbacApi(DEFAULT_CONFIG).rbacRolesCreate({
                roleRequest: data,
            });
        }
        return new RbacApi(DEFAULT_CONFIG).rbacRolesCreate({
            roleRequest: data,
        });
    }
    renderForm(): TemplateResult {
--- a/web/src/admin/sources/BaseSourceForm.ts
+++ b/web/src/admin/sources/BaseSourceForm.ts
@ -3,7 +3,10 @@ import { ModelForm } from "@goauthentik/elements/forms/ModelForm";
 import { msg } from "@lit/localize";
 export abstract class BaseSourceForm<T> extends ModelForm<T, string> {
-    getSuccessMessage(): string {
+    /**
     * Success message to display after a successful form submission.
     */
    public getSuccessMessage(): string {
        return this.instance
            ? msg("Successfully updated source.")
            : msg("Successfully created source.");
--- a/web/src/admin/sources/kerberos/KerberosSourceForm.ts
+++ b/web/src/admin/sources/kerberos/KerberosSourceForm.ts
@ -42,6 +42,7 @@ export class KerberosSourceForm extends WithCapabilitiesConfig(BaseSourceForm<Ke
        const source = await new SourcesApi(DEFAULT_CONFIG).sourcesKerberosRetrieve({
            slug: pk,
        });
        this.clearIcon = false;
        return source;
    }
@ -63,7 +64,7 @@ export class KerberosSourceForm extends WithCapabilitiesConfig(BaseSourceForm<Ke
        }
        const c = await config();
        if (c.capabilities.includes(CapabilitiesEnum.CanSaveMedia)) {
-            const icon = this.getFormFiles()["icon"];
+            const icon = this.getFormFiles().icon;
            if (icon || this.clearIcon) {
                await new SourcesApi(DEFAULT_CONFIG).sourcesAllSetIconCreate({
                    slug: source.slug,
--- a/web/src/admin/sources/kerberos/KerberosSourceFormHelpers.ts
+++ b/web/src/admin/sources/kerberos/KerberosSourceFormHelpers.ts
@ -25,7 +25,7 @@ export function propertyMappingsSelector(object: string, instanceMappings?: stri
        return async (mappings: DualSelectPair<KerberosSourcePropertyMapping>[]) =>
            mappings.filter(
                ([_0, _1, _2, mapping]: DualSelectPair<KerberosSourcePropertyMapping>) =>
-                    object == "user" &&
+                    object === "user" &&
                    mapping?.managed?.startsWith("goauthentik.io/sources/kerberos/user/default/"),
            );
    }
--- a/web/src/admin/sources/oauth/OAuthSourceForm.ts
+++ b/web/src/admin/sources/oauth/OAuthSourceForm.ts
@ -73,7 +73,7 @@ export class OAuthSourceForm extends WithCapabilitiesConfig(BaseSourceForm<OAuth
        }
        const c = await config();
        if (c.capabilities.includes(CapabilitiesEnum.CanSaveMedia)) {
-            const icon = this.getFormFiles()["icon"];
+            const icon = this.getFormFiles().icon;
            if (icon || this.clearIcon) {
                await new SourcesApi(DEFAULT_CONFIG).sourcesAllSetIconCreate({
                    slug: source.slug,
--- a/web/src/admin/sources/plex/PlexSourceForm.ts
+++ b/web/src/admin/sources/plex/PlexSourceForm.ts
@ -75,7 +75,7 @@ export class PlexSourceForm extends WithCapabilitiesConfig(BaseSourceForm<PlexSo
            });
        }
        if (this.can(CapabilitiesEnum.CanSaveMedia)) {
-            const icon = this.getFormFiles()["icon"];
+            const icon = this.getFormFiles().icon;
            if (icon || this.clearIcon) {
                await new SourcesApi(DEFAULT_CONFIG).sourcesAllSetIconCreate({
                    slug: source.slug,
@ -160,7 +160,7 @@ export class PlexSourceForm extends WithCapabilitiesConfig(BaseSourceForm<PlexSo
                    ${this.plexResources?.map((r) => {
                        const selected = Array.from(this.instance?.allowedServers || []).some(
                            (server) => {
-                                return server == r.clientIdentifier;
+                                return server === r.clientIdentifier;
                            },
                        );
                        return html`<option value=${r.clientIdentifier} ?selected=${selected}>
--- a/web/src/admin/sources/saml/SAMLSourceForm.ts
+++ b/web/src/admin/sources/saml/SAMLSourceForm.ts
@ -64,7 +64,7 @@ export class SAMLSourceForm extends WithCapabilitiesConfig(BaseSourceForm<SAMLSo
        }
        const c = await config();
        if (c.capabilities.includes(CapabilitiesEnum.CanSaveMedia)) {
-            const icon = this.getFormFiles()["icon"];
+            const icon = this.getFormFiles().icon;
            if (icon || this.clearIcon) {
                await new SourcesApi(DEFAULT_CONFIG).sourcesAllSetIconCreate({
                    slug: source.slug,
--- a/web/src/admin/sources/scim/SCIMSourceForm.ts
+++ b/web/src/admin/sources/scim/SCIMSourceForm.ts
@ -33,11 +33,10 @@ export class SCIMSourceForm extends BaseSourceForm<SCIMSource> {
                slug: this.instance.slug,
                patchedSCIMSourceRequest: data,
            });
        } else {
            return new SourcesApi(DEFAULT_CONFIG).sourcesScimCreate({
                sCIMSourceRequest: data as unknown as SCIMSourceRequest,
            });
        }
        return new SourcesApi(DEFAULT_CONFIG).sourcesScimCreate({
            sCIMSourceRequest: data as unknown as SCIMSourceRequest,
        });
    }
    renderForm(): TemplateResult {
--- a/web/src/admin/stages/authenticator_duo/AuthenticatorDuoStageForm.ts
+++ b/web/src/admin/stages/authenticator_duo/AuthenticatorDuoStageForm.ts
@ -34,11 +34,10 @@ export class AuthenticatorDuoStageForm extends BaseStageForm<AuthenticatorDuoSta
                stageUuid: this.instance.pk || "",
                patchedAuthenticatorDuoStageRequest: data,
            });
        } else {
            return new StagesApi(DEFAULT_CONFIG).stagesAuthenticatorDuoCreate({
                authenticatorDuoStageRequest: data as unknown as AuthenticatorDuoStageRequest,
            });
        }
        return new StagesApi(DEFAULT_CONFIG).stagesAuthenticatorDuoCreate({
            authenticatorDuoStageRequest: data as unknown as AuthenticatorDuoStageRequest,
        });
    }
    renderForm(): TemplateResult {
--- a/web/src/admin/stages/authenticator_email/AuthenticatorEmailStageForm.ts
+++ b/web/src/admin/stages/authenticator_email/AuthenticatorEmailStageForm.ts
@ -40,11 +40,10 @@ export class AuthenticatorEmailStageForm extends BaseStageForm<AuthenticatorEmai
                stageUuid: this.instance.pk || "",
                authenticatorEmailStageRequest: data,
            });
        } else {
            return new StagesApi(DEFAULT_CONFIG).stagesAuthenticatorEmailCreate({
                authenticatorEmailStageRequest: data,
            });
        }
        return new StagesApi(DEFAULT_CONFIG).stagesAuthenticatorEmailCreate({
            authenticatorEmailStageRequest: data,
        });
    }
    renderConnectionSettings(): TemplateResult {
--- a/web/src/admin/stages/authenticator_endpoint_gdtc/AuthenticatorEndpointGDTCStageForm.ts
+++ b/web/src/admin/stages/authenticator_endpoint_gdtc/AuthenticatorEndpointGDTCStageForm.ts
@ -28,11 +28,10 @@ export class AuthenticatorEndpointGDTCStageForm extends BaseStageForm<Authentica
                stageUuid: this.instance.pk || "",
                patchedAuthenticatorEndpointGDTCStageRequest: data,
            });
        } else {
            return new StagesApi(DEFAULT_CONFIG).stagesAuthenticatorEndpointGdtcCreate({
                authenticatorEndpointGDTCStageRequest: data,
            });
        }
        return new StagesApi(DEFAULT_CONFIG).stagesAuthenticatorEndpointGdtcCreate({
            authenticatorEndpointGDTCStageRequest: data,
        });
    }
    static get styles() {
--- a/web/src/admin/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
+++ b/web/src/admin/stages/authenticator_sms/AuthenticatorSMSStageForm.ts
@ -51,11 +51,10 @@ export class AuthenticatorSMSStageForm extends BaseStageForm<AuthenticatorSMSSta
                stageUuid: this.instance.pk || "",
                authenticatorSMSStageRequest: data,
            });
        } else {
            return new StagesApi(DEFAULT_CONFIG).stagesAuthenticatorSmsCreate({
                authenticatorSMSStageRequest: data,
            });
        }
        return new StagesApi(DEFAULT_CONFIG).stagesAuthenticatorSmsCreate({
            authenticatorSMSStageRequest: data,
        });
    }
    renderProviderTwillio(): TemplateResult {
--- a/web/src/admin/stages/authenticator_static/AuthenticatorStaticStageForm.ts
+++ b/web/src/admin/stages/authenticator_static/AuthenticatorStaticStageForm.ts
@ -32,11 +32,10 @@ export class AuthenticatorStaticStageForm extends BaseStageForm<AuthenticatorSta
                stageUuid: this.instance.pk || "",
                authenticatorStaticStageRequest: data,
            });
        } else {
            return new StagesApi(DEFAULT_CONFIG).stagesAuthenticatorStaticCreate({
                authenticatorStaticStageRequest: data,
            });
        }
        return new StagesApi(DEFAULT_CONFIG).stagesAuthenticatorStaticCreate({
            authenticatorStaticStageRequest: data,
        });
    }
    renderForm(): TemplateResult {
--- a/web/src/admin/stages/authenticator_totp/AuthenticatorTOTPStageForm.ts
+++ b/web/src/admin/stages/authenticator_totp/AuthenticatorTOTPStageForm.ts
@ -34,11 +34,10 @@ export class AuthenticatorTOTPStageForm extends BaseStageForm<AuthenticatorTOTPS
                stageUuid: this.instance.pk || "",
                authenticatorTOTPStageRequest: data,
            });
        } else {
            return new StagesApi(DEFAULT_CONFIG).stagesAuthenticatorTotpCreate({
                authenticatorTOTPStageRequest: data,
            });
        }
        return new StagesApi(DEFAULT_CONFIG).stagesAuthenticatorTotpCreate({
            authenticatorTOTPStageRequest: data,
        });
    }
    renderForm(): TemplateResult {
--- a/web/src/admin/stages/authenticator_validate/AuthenticatorValidateStageForm.ts
+++ b/web/src/admin/stages/authenticator_validate/AuthenticatorValidateStageForm.ts
@ -57,11 +57,10 @@ export class AuthenticatorValidateStageForm extends BaseStageForm<AuthenticatorV
                stageUuid: this.instance.pk || "",
                authenticatorValidateStageRequest: data,
            });
        } else {
            return new StagesApi(DEFAULT_CONFIG).stagesAuthenticatorValidateCreate({
                authenticatorValidateStageRequest: data,
            });
        }
        return new StagesApi(DEFAULT_CONFIG).stagesAuthenticatorValidateCreate({
            authenticatorValidateStageRequest: data,
        });
    }
    isDeviceClassSelected(field: DeviceClassesEnum): boolean {
--- a/web/src/admin/stages/authenticator_webauthn/AuthenticatorWebAuthnStageForm.ts
+++ b/web/src/admin/stages/authenticator_webauthn/AuthenticatorWebAuthnStageForm.ts
@ -42,11 +42,10 @@ export class AuthenticatorWebAuthnStageForm extends BaseStageForm<AuthenticatorW
                stageUuid: this.instance.pk || "",
                authenticatorWebAuthnStageRequest: data,
            });
        } else {
            return new StagesApi(DEFAULT_CONFIG).stagesAuthenticatorWebauthnCreate({
                authenticatorWebAuthnStageRequest: data,
            });
        }
        return new StagesApi(DEFAULT_CONFIG).stagesAuthenticatorWebauthnCreate({
            authenticatorWebAuthnStageRequest: data,
        });
    }
    renderForm(): TemplateResult {
--- a/web/src/admin/stages/captcha/CaptchaStageForm.ts
+++ b/web/src/admin/stages/captcha/CaptchaStageForm.ts
@ -27,11 +27,10 @@ export class CaptchaStageForm extends BaseStageForm<CaptchaStage> {
                stageUuid: this.instance.pk || "",
                patchedCaptchaStageRequest: data,
            });
        } else {
            return new StagesApi(DEFAULT_CONFIG).stagesCaptchaCreate({
                captchaStageRequest: data as unknown as CaptchaStageRequest,
            });
        }
        return new StagesApi(DEFAULT_CONFIG).stagesCaptchaCreate({
            captchaStageRequest: data as unknown as CaptchaStageRequest,
        });
    }
    renderForm(): TemplateResult {
--- a/web/src/admin/stages/consent/ConsentStageForm.ts
+++ b/web/src/admin/stages/consent/ConsentStageForm.ts
@ -33,11 +33,10 @@ export class ConsentStageForm extends BaseStageForm<ConsentStage> {
                stageUuid: this.instance.pk || "",
                consentStageRequest: data,
            });
        } else {
            return new StagesApi(DEFAULT_CONFIG).stagesConsentCreate({
                consentStageRequest: data,
            });
        }
        return new StagesApi(DEFAULT_CONFIG).stagesConsentCreate({
            consentStageRequest: data,
        });
    }
    renderForm(): TemplateResult {
--- a/web/src/admin/stages/deny/DenyStageForm.ts
+++ b/web/src/admin/stages/deny/DenyStageForm.ts
@ -23,11 +23,10 @@ export class DenyStageForm extends BaseStageForm<DenyStage> {
                stageUuid: this.instance.pk || "",
                denyStageRequest: data,
            });
        } else {
            return new StagesApi(DEFAULT_CONFIG).stagesDenyCreate({
                denyStageRequest: data,
            });
        }
        return new StagesApi(DEFAULT_CONFIG).stagesDenyCreate({
            denyStageRequest: data,
        });
    }
    renderForm(): TemplateResult {
--- a/web/src/admin/stages/dummy/DummyStageForm.ts
+++ b/web/src/admin/stages/dummy/DummyStageForm.ts
@ -24,11 +24,10 @@ export class DummyStageForm extends BaseStageForm<DummyStage> {
                stageUuid: this.instance.pk || "",
                dummyStageRequest: data,
            });
        } else {
            return new StagesApi(DEFAULT_CONFIG).stagesDummyCreate({
                dummyStageRequest: data,
            });
        }
        return new StagesApi(DEFAULT_CONFIG).stagesDummyCreate({
            dummyStageRequest: data,
        });
    }
    renderForm(): TemplateResult {
--- a/web/src/admin/stages/email/EmailStageForm.ts
+++ b/web/src/admin/stages/email/EmailStageForm.ts
@ -37,11 +37,10 @@ export class EmailStageForm extends BaseStageForm<EmailStage> {
                stageUuid: this.instance.pk || "",
                patchedEmailStageRequest: data,
            });
        } else {
            return new StagesApi(DEFAULT_CONFIG).stagesEmailCreate({
                emailStageRequest: data,
            });
        }
        return new StagesApi(DEFAULT_CONFIG).stagesEmailCreate({
            emailStageRequest: data,
        });
    }
    renderConnectionSettings(): TemplateResult {
--- a/web/src/admin/stages/invitation/InvitationForm.ts
+++ b/web/src/admin/stages/invitation/InvitationForm.ts
@ -6,7 +6,7 @@ import { CodeMirrorMode } from "@goauthentik/elements/CodeMirror";
 import "@goauthentik/elements/forms/HorizontalFormElement";
 import { ModelForm } from "@goauthentik/elements/forms/ModelForm";
 import "@goauthentik/elements/forms/SearchSelect";
-import YAML from "yaml";
+import * as YAML from "yaml";
 import { msg } from "@lit/localize";
 import { TemplateResult, html } from "lit";
@ -34,11 +34,10 @@ export class InvitationForm extends ModelForm<Invitation, string> {
                inviteUuid: this.instance.pk || "",
                invitationRequest: data,
            });
        } else {
            return new StagesApi(DEFAULT_CONFIG).stagesInvitationInvitationsCreate({
                invitationRequest: data,
            });
        }
        return new StagesApi(DEFAULT_CONFIG).stagesInvitationInvitationsCreate({
            invitationRequest: data,
        });
    }
    renderForm(): TemplateResult {
--- a/Show More
+++ b/Show More