release: 2021.1.2-stable

Bumps [boto3](https://github.com/boto/boto3) from 1.16.55 to 1.16.56.
- [Release notes](https://github.com/boto/boto3/releases)
- [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst)
- [Commits](https://github.com/boto/boto3/compare/1.16.55...1.16.56)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.bumpversion.cfg

@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 2021.1.1-rc2
+current_version = 2021.1.2-stable
 tag = True
 commit = True
 parse = (?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)\-(?P<release>.*)

.github/workflows/release.yml

@@ -18,11 +18,11 @@ jobs:
       - name: Building Docker Image
         run: docker build
           --no-cache
-          -t beryju/authentik:2021.1.1-rc2
+          -t beryju/authentik:2021.1.2-stable
           -t beryju/authentik:latest
           -f Dockerfile .
       - name: Push Docker Container to Registry (versioned)
-        run: docker push beryju/authentik:2021.1.1-rc2
+        run: docker push beryju/authentik:2021.1.2-stable
       - name: Push Docker Container to Registry (latest)
         run: docker push beryju/authentik:latest
   build-proxy:
@@ -48,11 +48,11 @@ jobs:
           cd outpost/
           docker build \
           --no-cache \
-          -t beryju/authentik-proxy:2021.1.1-rc2 \
+          -t beryju/authentik-proxy:2021.1.2-stable \
           -t beryju/authentik-proxy:latest \
           -f proxy.Dockerfile .
       - name: Push Docker Container to Registry (versioned)
-        run: docker push beryju/authentik-proxy:2021.1.1-rc2
+        run: docker push beryju/authentik-proxy:2021.1.2-stable
       - name: Push Docker Container to Registry (latest)
         run: docker push beryju/authentik-proxy:latest
   build-static:
@@ -69,11 +69,11 @@ jobs:
           cd web/
           docker build \
           --no-cache \
-          -t beryju/authentik-static:2021.1.1-rc2 \
+          -t beryju/authentik-static:2021.1.2-stable \
           -t beryju/authentik-static:latest \
           -f Dockerfile .
       - name: Push Docker Container to Registry (versioned)
-        run: docker push beryju/authentik-static:2021.1.1-rc2
+        run: docker push beryju/authentik-static:2021.1.2-stable
       - name: Push Docker Container to Registry (latest)
         run: docker push beryju/authentik-static:latest
   test-release:
@@ -107,5 +107,5 @@ jobs:
           SENTRY_PROJECT: authentik
           SENTRY_URL: https://sentry.beryju.org
         with:
-          tagName: 2021.1.1-rc2
+          tagName: 2021.1.2-stable
           environment: beryjuorg-prod

Pipfile.lock

@@ -74,18 +74,18 @@
         },
         "boto3": {
             "hashes": [
-                "sha256:b5052144034e490358c659d0e480c17a4e604fd3aee9a97ddfe6e361a245a4a5",
+                "sha256:3f26aad4c6b238055d17fd662620284ffb4ced542ed9a2f7f9df65d97a3f1190",
-                "sha256:efd6c96c98900e9fbf217f13cb58f59b793e51f69a1ce61817eefd31f17c6ef5"
+                "sha256:47151ed571c316458f4931cd2422995ba0c9f6818c5df7d75f49fc845208e42e"
             ],
             "index": "pypi",
-            "version": "==1.16.55"
+            "version": "==1.16.56"
         },
         "botocore": {
             "hashes": [
-                "sha256:760d0c16c1474c2a46e3fa45e33ae7457b5cab7410737ab1692340ade764cc73",
+                "sha256:01496e4c2c06aab79689f2c345a0e2cceb5fe1da7858a7e7df189bcf97703223",
-                "sha256:b34327d84b3bb5620fb54603677a9a973b167290c2c1e7ab69c4a46b201c6d46"
+                "sha256:a37d073c2f166753cc3799e77d87d4096e24433fcca5e7c8cc8e77e5dbfe60e9"
             ],
-            "version": "==1.19.55"
+            "version": "==1.19.56"
         },
         "cachetools": {
             "hashes": [

authentik/__init__.py

@@ -1,2 +1,2 @@
 """authentik"""
-__version__ = "2021.1.1-rc2"
+__version__ = "2021.1.2-stable"

authentik/admin/api/tasks.py

@@ -14,7 +14,7 @@ from rest_framework.response import Response
 from rest_framework.serializers import Serializer
 from rest_framework.viewsets import ViewSet
 
-from authentik.lib.tasks import TaskInfo
+from authentik.events.monitored_tasks import TaskInfo
 
 
 class TaskSerializer(Serializer):

authentik/admin/tasks.py

@@ -6,7 +6,7 @@ from structlog.stdlib import get_logger
 
 from authentik import __version__
 from authentik.events.models import Event, EventAction
-from authentik.lib.tasks import MonitoredTask, TaskResult, TaskResultStatus
+from authentik.events.monitored_tasks import MonitoredTask, TaskResult, TaskResultStatus
 from authentik.root.celery import CELERY_APP
 
 LOGGER = get_logger()

authentik/admin/views/tasks.py

@@ -4,7 +4,7 @@ from typing import Any, Dict
 from django.views.generic.base import TemplateView
 
 from authentik.admin.mixins import AdminRequiredMixin
-from authentik.lib.tasks import TaskInfo, TaskResultStatus
+from authentik.events.monitored_tasks import TaskInfo, TaskResultStatus
 
 
 class TaskListView(AdminRequiredMixin, TemplateView):

authentik/core/api/applications.py

@@ -86,7 +86,11 @@ class ApplicationViewSet(ModelViewSet):
                 engine.build()
                 if engine.passing:
                     allowed_applications.append(application)
-            cache.set(user_app_cache_key(self.request.user.pk), allowed_applications)
+            cache.set(
+                user_app_cache_key(self.request.user.pk),
+                allowed_applications,
+                timeout=86400,
+            )
         serializer = self.get_serializer(allowed_applications, many=True)
         return self.get_paginated_response(serializer.data)
 

authentik/core/tasks.py

@@ -11,7 +11,7 @@ from django.utils.timezone import now
 from structlog.stdlib import get_logger
 
 from authentik.core.models import ExpiringModel
-from authentik.lib.tasks import MonitoredTask, TaskResult, TaskResultStatus
+from authentik.events.monitored_tasks import MonitoredTask, TaskResult, TaskResultStatus
 from authentik.root.celery import CELERY_APP
 
 LOGGER = get_logger()

authentik/events/models.py

@@ -22,7 +22,6 @@ from authentik.events.utils import cleanse_dict, get_user, sanitize_dict
 from authentik.lib.sentry import SentryIgnoredException
 from authentik.lib.utils.http import get_client_ip
 from authentik.policies.models import PolicyBindingModel
-from authentik.stages.email.tasks import send_mail
 from authentik.stages.email.utils import TemplateEmailMessage
 
 LOGGER = get_logger("authentik.events")
@@ -57,6 +56,9 @@ class EventAction(models.TextChoices):
     POLICY_EXCEPTION = "policy_exception"
     PROPERTY_MAPPING_EXCEPTION = "property_mapping_exception"
 
+    SYSTEM_TASK_EXECUTION = "system_task_execution"
+    SYSTEM_TASK_EXCEPTION = "system_task_exception"
+
     CONFIGURATION_ERROR = "configuration_error"
 
     MODEL_CREATED = "model_created"
@@ -280,9 +282,11 @@ class NotificationTransport(models.Model):
         )
         # Email is sent directly here, as the call to send() should have been from a task.
         try:
+            from authentik.stages.email.tasks import send_mail
+
             # pyright: reportGeneralTypeIssues=false
             return send_mail(mail.__dict__)  # pylint: disable=no-value-for-parameter
-        except (SMTPException, ConnectionError) as exc:
+        except (SMTPException, ConnectionError, OSError) as exc:
             raise NotificationTransportError from exc
 
     def __str__(self) -> str:

authentik/events/monitored_tasks.py

@@ -8,6 +8,8 @@ from typing import Any, Dict, List, Optional
 from celery import Task
 from django.core.cache import cache
 
+from authentik.events.models import Event, EventAction
+
 
 class TaskResultStatus(Enum):
     """Possible states of tasks"""
@@ -122,6 +124,13 @@ class MonitoredTask(Task):
                 task_call_args=args,
                 task_call_kwargs=kwargs,
             ).save(self.result_timeout_hours)
+            Event.new(
+                EventAction.SYSTEM_TASK_EXECUTION,
+                message=(
+                    f"Task {self.__name__} finished successfully: "
+                    "\n".join(self._result.messages)
+                ),
+            ).save()
         return super().after_return(status, retval, task_id, args, kwargs, einfo=einfo)
 
     # pylint: disable=too-many-arguments
@@ -138,6 +147,13 @@ class MonitoredTask(Task):
             task_call_args=args,
             task_call_kwargs=kwargs,
         ).save(self.result_timeout_hours)
+        Event.new(
+            EventAction.SYSTEM_TASK_EXCEPTION,
+            message=(
+                f"Task {self.__name__} encountered an error: "
+                "\n".join(self._result.messages)
+            ),
+        ).save()
         return super().on_failure(exc, task_id, args, kwargs, einfo=einfo)
 
     def run(self, *args, **kwargs):

authentik/events/tasks.py

@@ -9,7 +9,7 @@ from authentik.events.models import (
     NotificationTransport,
     NotificationTransportError,
 )
-from authentik.lib.tasks import MonitoredTask, TaskResult, TaskResultStatus
+from authentik.events.monitored_tasks import MonitoredTask, TaskResult, TaskResultStatus
 from authentik.policies.engine import PolicyEngine, PolicyEngineMode
 from authentik.policies.models import PolicyBinding
 from authentik.root.celery import CELERY_APP

authentik/events/tests/test_notifications.py

@@ -87,4 +87,4 @@ class TestEventsNotifications(TestCase):
                 "authentik.events.models.NotificationTransport.send", execute_mock
             ):
                 Event.new(EventAction.CUSTOM_PREFIX).save()
-        self.assertEqual(passes.call_count, 0)
+        self.assertEqual(passes.call_count, 1)

authentik/outposts/tasks.py

@@ -8,7 +8,7 @@ from django.db.models.base import Model
 from django.utils.text import slugify
 from structlog.stdlib import get_logger
 
-from authentik.lib.tasks import MonitoredTask, TaskResult, TaskResultStatus
+from authentik.events.monitored_tasks import MonitoredTask, TaskResult, TaskResultStatus
 from authentik.lib.utils.reflection import path_to_class
 from authentik.outposts.controllers.base import ControllerException
 from authentik.outposts.models import (
@@ -49,9 +49,15 @@ def outpost_service_connection_state(connection_pk: Any):
 @CELERY_APP.task(bind=True, base=MonitoredTask)
 def outpost_service_connection_monitor(self: MonitoredTask):
     """Regularly check the state of Outpost Service Connections"""
-    for connection in OutpostServiceConnection.objects.all():
+    connections = OutpostServiceConnection.objects.all()
+    for connection in connections.iterator():
         outpost_service_connection_state.delay(connection.pk)
-    self.set_status(TaskResult(TaskResultStatus.SUCCESSFUL))
+    self.set_status(
+        TaskResult(
+            TaskResultStatus.SUCCESSFUL,
+            [f"Successfully updated {len(connections)} connections."],
+        )
+    )
 
 
 @CELERY_APP.task(bind=True, base=MonitoredTask)

authentik/policies/engine.py

@@ -1,6 +1,6 @@
 """authentik policy engine"""
 from enum import Enum
-from multiprocessing import Pipe, set_start_method
+from multiprocessing import Pipe, current_process
 from multiprocessing.connection import Connection
 from typing import Iterator, List, Optional
 
@@ -16,9 +16,7 @@ from authentik.policies.process import PolicyProcess, cache_key
 from authentik.policies.types import PolicyRequest, PolicyResult
 
 LOGGER = get_logger()
-# This is only really needed for macOS, because Python 3.8 changed the default to spawn
+CURRENT_PROCESS = current_process()
-# spawn causes issues with objects that aren't picklable, and also the django setup
-set_start_method("fork")
 
 
 class PolicyProcessInfo:
@@ -117,14 +115,19 @@ class PolicyEngine:
                 LOGGER.debug("P_ENG: Evaluating policy", policy=binding.policy)
                 our_end, task_end = Pipe(False)
                 task = PolicyProcess(binding, self.request, task_end)
+                task.daemon = False
                 LOGGER.debug("P_ENG: Starting Process", policy=binding.policy)
-                task.start()
+                if not CURRENT_PROCESS._config.get("daemon"):
+                    task.run()
+                else:
+                    task.start()
                 self.__processes.append(
                     PolicyProcessInfo(process=task, connection=our_end, binding=binding)
                 )
             # If all policies are cached, we have an empty list here.
             for proc_info in self.__processes:
-                proc_info.process.join(proc_info.binding.timeout)
+                if proc_info.process.is_alive():
+                    proc_info.process.join(proc_info.binding.timeout)
                 # Only call .recv() if no result is saved, otherwise we just deadlock here
                 if not proc_info.result:
                     proc_info.result = proc_info.connection.recv()

authentik/policies/process.py

@@ -1,5 +1,5 @@
 """authentik policy task"""
-from multiprocessing import Process
+from multiprocessing import get_context
 from multiprocessing.connection import Connection
 from traceback import format_tb
 from typing import Optional
@@ -28,7 +28,11 @@ def cache_key(binding: PolicyBinding, request: PolicyRequest) -> str:
     return prefix
 
 
-class PolicyProcess(Process):
+FORK_CTX = get_context("fork")
+PROCESS_CLASS = FORK_CTX.Process
+
+
+class PolicyProcess(PROCESS_CLASS):
     """Evaluate a single policy within a seprate process"""
 
     connection: Connection

authentik/policies/reputation/tasks.py

@@ -3,7 +3,7 @@ from django.core.cache import cache
 from structlog.stdlib import get_logger
 
 from authentik.core.models import User
-from authentik.lib.tasks import MonitoredTask, TaskResult, TaskResultStatus
+from authentik.events.monitored_tasks import MonitoredTask, TaskResult, TaskResultStatus
 from authentik.policies.reputation.models import IPReputation, UserReputation
 from authentik.policies.reputation.signals import (
     CACHE_KEY_IP_PREFIX,

authentik/sources/ldap/tasks.py

@@ -5,7 +5,7 @@ from django.core.cache import cache
 from django.utils.text import slugify
 from ldap3.core.exceptions import LDAPException
 
-from authentik.lib.tasks import MonitoredTask, TaskResult, TaskResultStatus
+from authentik.events.monitored_tasks import MonitoredTask, TaskResult, TaskResultStatus
 from authentik.root.celery import CELERY_APP
 from authentik.sources.ldap.models import LDAPSource
 from authentik.sources.ldap.sync import LDAPSynchronizer

authentik/sources/saml/tasks.py

@@ -3,7 +3,7 @@ from django.utils.timezone import now
 from structlog.stdlib import get_logger
 
 from authentik.core.models import User
-from authentik.lib.tasks import MonitoredTask, TaskResult, TaskResultStatus
+from authentik.events.monitored_tasks import MonitoredTask, TaskResult, TaskResultStatus
 from authentik.lib.utils.time import timedelta_from_string
 from authentik.root.celery import CELERY_APP
 from authentik.sources.saml.models import SAMLSource

authentik/stages/email/tasks.py

@@ -9,7 +9,7 @@ from django.core.mail.utils import DNS_NAME
 from django.utils.text import slugify
 from structlog.stdlib import get_logger
 
-from authentik.lib.tasks import MonitoredTask, TaskResult, TaskResultStatus
+from authentik.events.monitored_tasks import MonitoredTask, TaskResult, TaskResultStatus
 from authentik.root.celery import CELERY_APP
 from authentik.stages.email.models import EmailStage
 
@@ -31,6 +31,7 @@ def send_mails(stage: EmailStage, *messages: list[EmailMultiAlternatives]):
     autoretry_for=(
         SMTPException,
         ConnectionError,
+        OSError,
     ),
     retry_backoff=True,
     base=MonitoredTask,
@@ -44,7 +45,7 @@ def send_mail(
     self.set_uid(slugify(message_id.replace(".", "_").replace("@", "_")))
     try:
         if not email_stage_pk:
-            stage: EmailStage = EmailStage()
+            stage: EmailStage = EmailStage(use_global_settings=True)
         else:
             stage: EmailStage = EmailStage.objects.get(pk=email_stage_pk)
         backend = stage.backend

authentik/stages/password/stage.py

@@ -31,7 +31,11 @@ def authenticate(
 
     Customized version of django's authenticate, which accepts a list of backends"""
     for backend_path in backends:
-        backend: BaseBackend = path_to_class(backend_path)()
+        try:
+            backend: BaseBackend = path_to_class(backend_path)()
+        except ImportError:
+            LOGGER.warning("Failed to import backend", path=backend_path)
+            continue
         LOGGER.debug("Attempting authentication...", backend=backend)
         user = backend.authenticate(request, **credentials)
         if user is None:

docker-compose.yml

@@ -19,7 +19,7 @@ services:
     networks:
       - internal
   server:
-    image: beryju/authentik:${AUTHENTIK_TAG:-2021.1.1-rc2}
+    image: beryju/authentik:${AUTHENTIK_TAG:-2021.1.2-stable}
     command: server
     environment:
       AUTHENTIK_REDIS__HOST: redis
@@ -45,7 +45,7 @@ services:
     env_file:
       - .env
   worker:
-    image: beryju/authentik:${AUTHENTIK_TAG:-2021.1.1-rc2}
+    image: beryju/authentik:${AUTHENTIK_TAG:-2021.1.2-stable}
     command: worker
     networks:
       - internal
@@ -62,7 +62,7 @@ services:
     env_file:
       - .env
   static:
-    image: beryju/authentik-static:${AUTHENTIK_TAG:-2021.1.1-rc2}
+    image: beryju/authentik-static:${AUTHENTIK_TAG:-2021.1.2-stable}
     networks:
       - internal
     labels:

helm/Chart.yaml

@@ -4,7 +4,7 @@ name: authentik
 home: https://goauthentik.io
 sources:
   - https://github.com/BeryJu/authentik
-version: "2021.1.1-rc2"
+version: "2021.1.2-stable"
 icon: https://raw.githubusercontent.com/BeryJu/authentik/master/web/icons/icon.svg
 dependencies:
   - name: postgresql

helm/README.md

@@ -4,7 +4,7 @@
 |-----------------------------------|-------------------------|-------------|
 | image.name                        | beryju/authentik        | Image used to run the authentik server and worker |
 | image.name_static                 | beryju/authentik-static | Image used to run the authentik static server (CSS and JS Files) |
-| image.tag                         | 2021.1.1-rc2           | Image tag |
+| image.tag                         | 2021.1.2-stable           | Image tag |
 | image.pullPolicy                  | IfNotPresent            | Image Pull Policy used for all deployments |
 | serverReplicas                    | 1                       | Replicas for the Server deployment |
 | workerReplicas                    | 1                       | Replicas for the Worker deployment |

helm/templates/configmap.yaml

@@ -20,7 +20,7 @@ data:
   OUTPOSTS__DOCKER_IMAGE_BASE: "{{ .Values.image.name_outposts }}"
   EMAIL__HOST: "{{ .Values.config.email.host }}"
   EMAIL__PORT: "{{ .Values.config.email.port }}"
-  EMAIL__USERNAM: "{{ .Values.config.email.username }}"
+  EMAIL__USERNAME: "{{ .Values.config.email.username }}"
   EMAIL__USE_TLS: "{{ .Values.config.email.use_tls }}"
   EMAIL__USE_SSL: "{{ .Values.config.email.use_ssl }}"
   EMAIL__TIMEOUT: "{{ .Values.config.email.timeout }}"

helm/templates/secret.yaml

@@ -11,6 +11,6 @@ data:
   SECRET_KEY: {{ randAlphaNum 50 | b64enc | quote}}
   {{- end }}
   {{- if .Values.backup }}
-  POSTGRESQL__S3_BACKUP__SECRET_KEY: "{{ .Values.backup.secretKey }}"
+  POSTGRESQL__S3_BACKUP__SECRET_KEY: "{{ .Values.backup.secretKey | b64enc }}"
   {{- end}}
-  EMAIL__PASSWOR: "{{ .Values.config.email.password }}"
+  EMAIL__PASSWORD: "{{ .Values.config.email.password | b64enc }}"

helm/templates/web-deployment.yaml

@@ -74,12 +74,10 @@ spec:
             - configMapRef:
                 name: {{ include "authentik.fullname" . }}-config
               prefix: AUTHENTIK_
+            - secretRef:
+                name: {{ include "authentik.fullname" . }}-secret-key
+              prefix: AUTHENTIK_
           env:
-            - name: AUTHENTIK_SECRET_KEY
-              valueFrom:
-                secretKeyRef:
-                  name: "{{ include "authentik.fullname" . }}-secret-key"
-                  key: "secret_key"
             - name: AUTHENTIK_REDIS__PASSWORD
               valueFrom:
                 secretKeyRef:
@@ -117,7 +115,7 @@ spec:
               memory: 300M
             limits:
               cpu: 300m
-              memory: 600MiB
+              memory: 600M
       volumes:
         - name: authentik-uploads
           persistentVolumeClaim:

helm/values.yaml

@@ -5,7 +5,7 @@ image:
   name: beryju/authentik
   name_static: beryju/authentik-static
   name_outposts: beryju/authentik # Prefix used for Outpost deployments, Outpost type and version is appended
-  tag: 2021.1.1-rc2
+  tag: 2021.1.2-stable
   pullPolicy: IfNotPresent
 
 serverReplicas: 1

outpost/pkg/version.go

@@ -1,3 +1,3 @@
 package pkg
 
-const VERSION = "2021.1.1-rc2"
+const VERSION = "2021.1.2-stable"

swagger.yaml

@@ -7584,6 +7584,8 @@ definitions:
           - policy_execution
           - policy_exception
           - property_mapping_exception
+          - system_task_execution
+          - system_task_exception
           - configuration_error
           - model_created
           - model_updated
@@ -8300,6 +8302,8 @@ definitions:
           - policy_execution
           - policy_exception
           - property_mapping_exception
+          - system_task_execution
+          - system_task_exception
           - configuration_error
           - model_created
           - model_updated

web/package-lock.json

@@ -38,9 +38,9 @@
             }
         },
         "@eslint/eslintrc": {
-            "version": "0.2.2",
+            "version": "0.3.0",
-            "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-0.2.2.tgz",
+            "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-0.3.0.tgz",
-            "integrity": "sha512-EfB5OHNYp1F4px/LI/FEnGylop7nOqkQ1LRzCM0KccA2U8tvV8w01KBv37LbO7nW4H+YhKyo2LcJhRwjjV17QQ==",
+            "integrity": "sha512-1JTKgrOKAHVivSvOYw+sJOunkBjUOvjqWk1DPja7ZFhIS2mX/4EgTT8M7eTK9jrKhL/FvXXEbQwIs3pg1xp3dg==",
             "dev": true,
             "requires": {
                 "ajv": "^6.12.4",
@@ -50,7 +50,7 @@
                 "ignore": "^4.0.6",
                 "import-fresh": "^3.2.1",
                 "js-yaml": "^3.13.1",
-                "lodash": "^4.17.19",
+                "lodash": "^4.17.20",
                 "minimatch": "^3.0.4",
                 "strip-json-comments": "^3.1.1"
             },
@@ -1074,13 +1074,13 @@
             "dev": true
         },
         "eslint": {
-            "version": "7.17.0",
+            "version": "7.18.0",
-            "resolved": "https://registry.npmjs.org/eslint/-/eslint-7.17.0.tgz",
+            "resolved": "https://registry.npmjs.org/eslint/-/eslint-7.18.0.tgz",
-            "integrity": "sha512-zJk08MiBgwuGoxes5sSQhOtibZ75pz0J35XTRlZOk9xMffhpA9BTbQZxoXZzOl5zMbleShbGwtw+1kGferfFwQ==",
+            "integrity": "sha512-fbgTiE8BfUJZuBeq2Yi7J3RB3WGUQ9PNuNbmgi6jt9Iv8qrkxfy19Ds3OpL1Pm7zg3BtTVhvcUZbIRQ0wmSjAQ==",
             "dev": true,
             "requires": {
                 "@babel/code-frame": "^7.0.0",
-                "@eslint/eslintrc": "^0.2.2",
+                "@eslint/eslintrc": "^0.3.0",
                 "ajv": "^6.10.0",
                 "chalk": "^4.0.0",
                 "cross-spawn": "^7.0.2",
@@ -1104,7 +1104,7 @@
                 "js-yaml": "^3.13.1",
                 "json-stable-stringify-without-jsonify": "^1.0.1",
                 "levn": "^0.4.1",
-                "lodash": "^4.17.19",
+                "lodash": "^4.17.20",
                 "minimatch": "^3.0.4",
                 "natural-compare": "^1.4.0",
                 "optionator": "^0.9.1",
@@ -2674,9 +2674,9 @@
             }
         },
         "rollup": {
-            "version": "2.36.1",
+            "version": "2.36.2",
-            "resolved": "https://registry.npmjs.org/rollup/-/rollup-2.36.1.tgz",
+            "resolved": "https://registry.npmjs.org/rollup/-/rollup-2.36.2.tgz",
-            "integrity": "sha512-eAfqho8dyzuVvrGqpR0ITgEdq0zG2QJeWYh+HeuTbpcaXk8vNFc48B7bJa1xYosTCKx0CuW+447oQOW8HgBIZQ==",
+            "integrity": "sha512-qjjiuJKb+/8n0EZyQYVW+gFU4bNRBcZaXVzUgSVrGw0HlQBlK2aWyaOMMs1Ufic1jV69b9kW3u3i9B+hISDm3A==",
             "requires": {
                 "fsevents": "~2.1.2"
             }
@@ -3191,9 +3191,9 @@
             }
         },
         "table": {
-            "version": "6.0.6",
+            "version": "6.0.7",
-            "resolved": "https://registry.npmjs.org/table/-/table-6.0.6.tgz",
+            "resolved": "https://registry.npmjs.org/table/-/table-6.0.7.tgz",
-            "integrity": "sha512-OInCtPmDNieVBkVFi6C8RwU2S2H0h8mF3e3TQK4nreaUNCpooQUkI+A/KuEkm5FawfhWIfNqG+qfelVVR+V00g==",
+            "integrity": "sha512-rxZevLGTUzWna/qBLObOe16kB2RTnnbhciwgPbMMlazz1yZGVEgnZK762xyVdVznhqxrfCeBMmMkgOOaPwjH7g==",
             "dev": true,
             "requires": {
                 "ajv": "^7.0.2",
@@ -3415,9 +3415,9 @@
             "dev": true
         },
         "uri-js": {
-            "version": "4.4.0",
+            "version": "4.4.1",
-            "resolved": "https://registry.npmjs.org/uri-js/-/uri-js-4.4.0.tgz",
+            "resolved": "https://registry.npmjs.org/uri-js/-/uri-js-4.4.1.tgz",
-            "integrity": "sha512-B0yRTzYdUCCn9n+F4+Gh4yIDtMQcaJsmYBDsTSG8g/OejKBodLQ2IHfN3bM7jUsRXndopT7OIXWdYqc1fjmV6g==",
+            "integrity": "sha512-7rKUyy33Q1yc98pQ1DAmLtwX109F7TIfWlW1Ydo8Wl1ii1SeHieeh0HHfPeL2fMXK6z0s8ecKs9frCuLJvndBg==",
             "dev": true,
             "requires": {
                 "punycode": "^2.1.0"

web/package.json

@@ -19,7 +19,7 @@
         "flowchart.js": "^1.15.0",
         "lit-element": "^2.4.0",
         "lit-html": "^1.3.0",
-        "rollup": "^2.36.1",
+        "rollup": "^2.36.2",
         "rollup-plugin-copy": "^3.3.0",
         "rollup-plugin-cssimport": "^1.0.2",
         "rollup-plugin-external-globals": "^0.6.1",
@@ -29,7 +29,7 @@
         "@rollup/plugin-typescript": "^8.1.0",
         "@typescript-eslint/eslint-plugin": "^4.13.0",
         "@typescript-eslint/parser": "^4.13.0",
-        "eslint": "^7.17.0",
+        "eslint": "^7.18.0",
         "eslint-config-google": "^0.14.0",
         "eslint-plugin-lit": "^1.3.0",
         "rollup-plugin-commonjs": "^10.1.0",

web/src/authentik.css

@@ -81,7 +81,7 @@ select[multiple] {
     font-size: var(--pf-global--FontSize--sm);
 }
 
-.pf-c-page__main {
+.pf-c-page__main, .pf-c-drawer__content, .pf-c-page__drawer {
     z-index: auto !important;
 }
 

web/src/constants.ts

@@ -28,4 +28,4 @@ export const ColorStyles = css`
         background-color: var(--pf-global--danger-color--100);
     }
 `;
-export const VERSION = "2021.1.1-rc2";
+export const VERSION = "2021.1.2-stable";

website/docs/installation/docker-compose.md

@@ -15,7 +15,7 @@ Download the latest `docker-compose.yml` from [here](https://raw.githubuserconte
 
 To optionally enable error-reporting, run `echo AUTHENTIK_ERROR_REPORTING__ENABLED=true >> .env`
 
-To optionally deploy a different version run `echo AUTHENTIK_TAG=2021.1.1-rc2 >> .env`
+To optionally deploy a different version run `echo AUTHENTIK_TAG=2021.1.2-stable >> .env`
 
 If this is a fresh authentik install run the following commands to generate a password:
 

website/docs/installation/kubernetes.md

@@ -24,7 +24,7 @@ image:
     name: beryju/authentik
     name_static: beryju/authentik-static
     name_outposts: beryju/authentik # Prefix used for Outpost deployments, Outpost type and version is appended
-    tag: 2021.1.1-rc2
+    tag: 2021.1.2-stable
 
 serverReplicas: 1
 workerReplicas: 1

website/docs/releases/2021.1.1.md

@@ -33,7 +33,7 @@ This release does not introduce any new requirements.
 
 ### docker-compose
 
-Download the latest docker-compose file from [here](https://raw.githubusercontent.com/BeryJu/authentik/version-2021.1.1/docker-compose.yml). Afterwards, simply run `docker-compose up -d` and then the standard upgrade command of `docker-compose run --rm server migrate`.
+Download the latest docker-compose file from [here](https://raw.githubusercontent.com/BeryJu/authentik/version-2021.1/docker-compose.yml). Afterwards, simply run `docker-compose up -d` and then the standard upgrade command of `docker-compose run --rm server migrate`.
 
 ### Kubernetes