Compare commits
29 Commits
version/20
...
version/20
| Author | SHA1 | Date | |
|---|---|---|---|
| 731f5d0199 | |||
| a40cb03b44 | |||
| f6a85c98c9 | |||
| 5727f28784 | |||
| 6fc54ed7c6 | |||
| 4298900ecc | |||
| f04aa09b72 | |||
| 3647633232 | |||
| 2e06786869 | |||
| eba91c6b2b | |||
| ba9f8a5795 | |||
| 02b4173d30 | |||
| 61fab497cf | |||
| 6a95de4e8a | |||
| 621e7f564a | |||
| 535f2eb27e | |||
| 0db4716e92 | |||
| c10ce5c679 | |||
| 070438aabe | |||
| 71798b931c | |||
| 8663134c87 | |||
| 6bcbaeec2e | |||
| 17ce113c6b | |||
| ff600cd5b1 | |||
| 2df4322ecf | |||
| bb8e0c6f59 | |||
| ca682c3ee4 | |||
| f011e8a61a | |||
| b8aff17d98 |
@ -1,5 +1,5 @@
|
||||
[bumpversion]
|
||||
current_version = 2021.10.1-rc1
|
||||
current_version = 2021.10.1-rc2
|
||||
tag = True
|
||||
commit = True
|
||||
parse = (?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)\-?(?P<release>.*)
|
||||
|
||||
3
.github/workflows/ghcr-retention.yml
vendored
3
.github/workflows/ghcr-retention.yml
vendored
@ -3,6 +3,7 @@ name: ghcr-retention
|
||||
on:
|
||||
schedule:
|
||||
- cron: '0 0 * * *' # every day at midnight
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
clean-ghcr:
|
||||
@ -13,7 +14,7 @@ jobs:
|
||||
uses: sondrelg/container-retention-policy@v1
|
||||
with:
|
||||
image-names: dev-server,dev-ldap,dev-proxy
|
||||
cut-off: One month ago UTC
|
||||
cut-off: One week ago UTC
|
||||
account-type: org
|
||||
org-name: goauthentik
|
||||
untagged-only: false
|
||||
|
||||
20
.github/workflows/release-publish.yml
vendored
20
.github/workflows/release-publish.yml
vendored
@ -30,14 +30,14 @@ jobs:
|
||||
with:
|
||||
push: ${{ github.event_name == 'release' }}
|
||||
tags: |
|
||||
beryju/authentik:2021.10.1-rc1,
|
||||
beryju/authentik:2021.10.1-rc2,
|
||||
beryju/authentik:latest,
|
||||
ghcr.io/goauthentik/server:2021.10.1-rc1,
|
||||
ghcr.io/goauthentik/server:2021.10.1-rc2,
|
||||
ghcr.io/goauthentik/server:latest
|
||||
platforms: linux/amd64,linux/arm64
|
||||
context: .
|
||||
- name: Building Docker Image (stable)
|
||||
if: ${{ github.event_name == 'release' && !contains('2021.10.1-rc1', 'rc') }}
|
||||
if: ${{ github.event_name == 'release' && !contains('2021.10.1-rc2', 'rc') }}
|
||||
run: |
|
||||
docker pull beryju/authentik:latest
|
||||
docker tag beryju/authentik:latest beryju/authentik:stable
|
||||
@ -72,14 +72,14 @@ jobs:
|
||||
with:
|
||||
push: ${{ github.event_name == 'release' }}
|
||||
tags: |
|
||||
beryju/authentik-proxy:2021.10.1-rc1,
|
||||
beryju/authentik-proxy:2021.10.1-rc2,
|
||||
beryju/authentik-proxy:latest,
|
||||
ghcr.io/goauthentik/proxy:2021.10.1-rc1,
|
||||
ghcr.io/goauthentik/proxy:2021.10.1-rc2,
|
||||
ghcr.io/goauthentik/proxy:latest
|
||||
file: proxy.Dockerfile
|
||||
platforms: linux/amd64,linux/arm64
|
||||
- name: Building Docker Image (stable)
|
||||
if: ${{ github.event_name == 'release' && !contains('2021.10.1-rc1', 'rc') }}
|
||||
if: ${{ github.event_name == 'release' && !contains('2021.10.1-rc2', 'rc') }}
|
||||
run: |
|
||||
docker pull beryju/authentik-proxy:latest
|
||||
docker tag beryju/authentik-proxy:latest beryju/authentik-proxy:stable
|
||||
@ -114,14 +114,14 @@ jobs:
|
||||
with:
|
||||
push: ${{ github.event_name == 'release' }}
|
||||
tags: |
|
||||
beryju/authentik-ldap:2021.10.1-rc1,
|
||||
beryju/authentik-ldap:2021.10.1-rc2,
|
||||
beryju/authentik-ldap:latest,
|
||||
ghcr.io/goauthentik/ldap:2021.10.1-rc1,
|
||||
ghcr.io/goauthentik/ldap:2021.10.1-rc2,
|
||||
ghcr.io/goauthentik/ldap:latest
|
||||
file: ldap.Dockerfile
|
||||
platforms: linux/amd64,linux/arm64
|
||||
- name: Building Docker Image (stable)
|
||||
if: ${{ github.event_name == 'release' && !contains('2021.10.1-rc1', 'rc') }}
|
||||
if: ${{ github.event_name == 'release' && !contains('2021.10.1-rc2', 'rc') }}
|
||||
run: |
|
||||
docker pull beryju/authentik-ldap:latest
|
||||
docker tag beryju/authentik-ldap:latest beryju/authentik-ldap:stable
|
||||
@ -170,7 +170,7 @@ jobs:
|
||||
SENTRY_PROJECT: authentik
|
||||
SENTRY_URL: https://sentry.beryju.org
|
||||
with:
|
||||
version: authentik@2021.10.1-rc1
|
||||
version: authentik@2021.10.1-rc2
|
||||
environment: beryjuorg-prod
|
||||
sourcemaps: './web/dist'
|
||||
url_prefix: '~/static/dist'
|
||||
|
||||
@ -31,7 +31,7 @@ Basically, don't be a dickhead. This is an open-source non-profit project, that
|
||||
|
||||
## I don't want to read this whole thing I just have a question!!!
|
||||
|
||||
Either [create a question on GitHub](https://github.com/goauthentik/authentik/issues/new?assignees=&labels=question&template=question.md&title=) or join [the Discord server](https://discord.gg/jg33eMhnj6)
|
||||
Either [create a question on GitHub](https://github.com/goauthentik/authentik/issues/new?assignees=&labels=question&template=question.md&title=) or join [the Discord server](https://goauthentik.io/discord)
|
||||
|
||||
## What should I know before I get started?
|
||||
|
||||
@ -131,7 +131,7 @@ When you are creating an enhancement suggestion, please fill in [the template](h
|
||||
|
||||
authentik can be run locally, all though depending on which part you want to work on, different pre-requisites are required.
|
||||
|
||||
This is documented in the [developer docs](https://goauthentik.io/developer-docs/)
|
||||
This is documented in the [developer docs](https://goauthentik.io/developer-docs/?utm_source=github)
|
||||
|
||||
### Pull Requests
|
||||
|
||||
|
||||
105
Pipfile.lock
generated
105
Pipfile.lock
generated
@ -127,19 +127,19 @@
|
||||
},
|
||||
"boto3": {
|
||||
"hashes": [
|
||||
"sha256:9223b433b0d3b74f2b9574fb3c384048998343ccd6b608044318a7f9b904f661",
|
||||
"sha256:b4d6299dd16a3042b7750cde00fe38d57fd59d3ce242308ba8488618ca931694"
|
||||
"sha256:d468b1f63f22ccd6b4bfbdebe6fd0c0b4620f38276af965ed139fe3eb85d16bb",
|
||||
"sha256:f93fed6153f7def66f1b17e6794c6ec3bec46229b213d3fa63f1eca126f5e992"
|
||||
],
|
||||
"index": "pypi",
|
||||
"version": "==1.18.64"
|
||||
"version": "==1.19.0"
|
||||
},
|
||||
"botocore": {
|
||||
"hashes": [
|
||||
"sha256:0a30dca4dad7d43fd856e671ace95f9afc4726caa1e22f0ae11b654fc76e0c7d",
|
||||
"sha256:d57287377e4c7c7d7bf6c5fa39e02994de1d99fced9492a58a00e5a54bae1cca"
|
||||
"sha256:b78184ff1b1512c8ac00ad2ec1cea513ead930ace95749ed39f9d059aafe0645",
|
||||
"sha256:c9894037047a5e118be3e3ae6586ba32de7bb01257c46661874427720d52cde0"
|
||||
],
|
||||
"markers": "python_version >= '3.6'",
|
||||
"version": "==1.21.64"
|
||||
"version": "==1.22.0"
|
||||
},
|
||||
"cachetools": {
|
||||
"hashes": [
|
||||
@ -634,11 +634,11 @@
|
||||
},
|
||||
"jsonschema": {
|
||||
"hashes": [
|
||||
"sha256:2b3cca28580511d44326f0e7fc582eab3cbe31aabd1a1c2cfa74a399796ffd84",
|
||||
"sha256:9dd7c33b4a96138dc37bb86b3610d3b12d30d96433d4d73435ca3025804154a8"
|
||||
"sha256:166870c8ab27bd712a8627e0598de4685bd8d199c4d7bd7cacc3d941ba0c6ca0",
|
||||
"sha256:5c1a282ee6b74235057421fd0f766ac5f2972f77440927f6471c9e8493632fac"
|
||||
],
|
||||
"markers": "python_version >= '3.7'",
|
||||
"version": "==4.1.0"
|
||||
"version": "==4.1.2"
|
||||
},
|
||||
"kombu": {
|
||||
"hashes": [
|
||||
@ -1771,7 +1771,7 @@
|
||||
"sha256:9c2ea1e62d871267b78307fe511c0838ba0da28698c5732d54e2790bf3ba9899",
|
||||
"sha256:e17d6e2b81095c9db0a03a8025a957f334d6ea30b26f9ec70805411e5c7c81f2"
|
||||
],
|
||||
"markers": "python_version < '4' and python_full_version >= '3.6.1'",
|
||||
"markers": "python_version < '4.0' and python_full_version >= '3.6.1'",
|
||||
"version": "==5.9.3"
|
||||
},
|
||||
"lazy-object-proxy": {
|
||||
@ -1974,55 +1974,44 @@
|
||||
},
|
||||
"regex": {
|
||||
"hashes": [
|
||||
"sha256:094a905e87a4171508c2a0e10217795f83c636ccc05ddf86e7272c26e14056ae",
|
||||
"sha256:09e1031e2059abd91177c302da392a7b6859ceda038be9e015b522a182c89e4f",
|
||||
"sha256:176796cb7f82a7098b0c436d6daac82f57b9101bb17b8e8119c36eecf06a60a3",
|
||||
"sha256:19b8f6d23b2dc93e8e1e7e288d3010e58fafed323474cf7f27ab9451635136d9",
|
||||
"sha256:1abbd95cbe9e2467cac65c77b6abd9223df717c7ae91a628502de67c73bf6838",
|
||||
"sha256:1ce02f420a7ec3b2480fe6746d756530f69769292eca363218c2291d0b116a01",
|
||||
"sha256:1f51926db492440e66c89cd2be042f2396cf91e5b05383acd7372b8cb7da373f",
|
||||
"sha256:26895d7c9bbda5c52b3635ce5991caa90fbb1ddfac9c9ff1c7ce505e2282fb2a",
|
||||
"sha256:2efd47704bbb016136fe34dfb74c805b1ef5c7313aef3ce6dcb5ff844299f432",
|
||||
"sha256:36c98b013273e9da5790ff6002ab326e3f81072b4616fd95f06c8fa733d2745f",
|
||||
"sha256:39079ebf54156be6e6902f5c70c078f453350616cfe7bfd2dd15bdb3eac20ccc",
|
||||
"sha256:3d52c5e089edbdb6083391faffbe70329b804652a53c2fdca3533e99ab0580d9",
|
||||
"sha256:45cb0f7ff782ef51bc79e227a87e4e8f24bc68192f8de4f18aae60b1d60bc152",
|
||||
"sha256:4786dae85c1f0624ac77cb3813ed99267c9adb72e59fdc7297e1cf4d6036d493",
|
||||
"sha256:51feefd58ac38eb91a21921b047da8644155e5678e9066af7bcb30ee0dca7361",
|
||||
"sha256:55ef044899706c10bc0aa052f2fc2e58551e2510694d6aae13f37c50f3f6ff61",
|
||||
"sha256:5e5796d2f36d3c48875514c5cd9e4325a1ca172fc6c78b469faa8ddd3d770593",
|
||||
"sha256:5f199419a81c1016e0560c39773c12f0bd924c37715bffc64b97140d2c314354",
|
||||
"sha256:5f55c4804797ef7381518e683249310f7f9646da271b71cb6b3552416c7894ee",
|
||||
"sha256:6dcf53d35850ce938b4f044a43b33015ebde292840cef3af2c8eb4c860730fff",
|
||||
"sha256:74e55f8d66f1b41d44bc44c891bcf2c7fad252f8f323ee86fba99d71fd1ad5e3",
|
||||
"sha256:7f125fce0a0ae4fd5c3388d369d7a7d78f185f904c90dd235f7ecf8fe13fa741",
|
||||
"sha256:82cfb97a36b1a53de32b642482c6c46b6ce80803854445e19bc49993655ebf3b",
|
||||
"sha256:88dc3c1acd3f0ecfde5f95c32fcb9beda709dbdf5012acdcf66acbc4794468eb",
|
||||
"sha256:924079d5590979c0e961681507eb1773a142553564ccae18d36f1de7324e71ca",
|
||||
"sha256:951be934dc25d8779d92b530e922de44dda3c82a509cdb5d619f3a0b1491fafa",
|
||||
"sha256:973499dac63625a5ef9dfa4c791aa33a502ddb7615d992bdc89cf2cc2285daa3",
|
||||
"sha256:981c786293a3115bc14c103086ae54e5ee50ca57f4c02ce7cf1b60318d1e8072",
|
||||
"sha256:9c070d5895ac6aeb665bd3cd79f673775caf8d33a0b569e98ac434617ecea57d",
|
||||
"sha256:9e3e2cea8f1993f476a6833ef157f5d9e8c75a59a8d8b0395a9a6887a097243b",
|
||||
"sha256:9e527ab1c4c7cf2643d93406c04e1d289a9d12966529381ce8163c4d2abe4faf",
|
||||
"sha256:a37305eb3199d8f0d8125ec2fb143ba94ff6d6d92554c4b8d4a8435795a6eccd",
|
||||
"sha256:aa0ab3530a279a3b7f50f852f1bab41bc304f098350b03e30a3876b7dd89840e",
|
||||
"sha256:b04e512eb628ea82ed86eb31c0f7fc6842b46bf2601b66b1356a7008327f7700",
|
||||
"sha256:b09d3904bf312d11308d9a2867427479d277365b1617e48ad09696fa7dfcdf59",
|
||||
"sha256:b0f2f874c6a157c91708ac352470cb3bef8e8814f5325e3c5c7a0533064c6a24",
|
||||
"sha256:b8b6ee6555b6fbae578f1468b3f685cdfe7940a65675611365a7ea1f8d724991",
|
||||
"sha256:b9b5c215f3870aa9b011c00daeb7be7e1ae4ecd628e9beb6d7e6107e07d81287",
|
||||
"sha256:c6569ba7b948c3d61d27f04e2b08ebee24fec9ff8e9ea154d8d1e975b175bfa7",
|
||||
"sha256:e2ec1c106d3f754444abf63b31e5c4f9b5d272272a491fa4320475aba9e8157c",
|
||||
"sha256:e4204708fa116dd03436a337e8e84261bc8051d058221ec63535c9403a1582a1",
|
||||
"sha256:ea8de658d7db5987b11097445f2b1f134400e2232cb40e614e5f7b6f5428710e",
|
||||
"sha256:f540f153c4f5617bc4ba6433534f8916d96366a08797cbbe4132c37b70403e92",
|
||||
"sha256:fab3ab8aedfb443abb36729410403f0fe7f60ad860c19a979d47fb3eb98ef820",
|
||||
"sha256:fb2baff66b7d2267e07ef71e17d01283b55b3cc51a81b54cc385e721ae172ba4",
|
||||
"sha256:fe6ce4f3d3c48f9f402da1ceb571548133d3322003ce01b20d960a82251695d2",
|
||||
"sha256:ff24897f6b2001c38a805d53b6ae72267025878d35ea225aa24675fbff2dba7f"
|
||||
"sha256:0f82de529d7595011a40573cc0f27422e59cafa94943b64a4d17d966d75f2c01",
|
||||
"sha256:130a002fa386c976615a2f6d6dff0fcc25da24858994a36b14d2e3129dce7de2",
|
||||
"sha256:164e51ace4d00f07c519f85ec2209e8faaeab18bc77be6b35685c18d4ac1c22a",
|
||||
"sha256:19c4fd59747236423016ccd89b9a6485d958bf1aa7a8a902a6ba28029107a87f",
|
||||
"sha256:201890fdc8a65396cfb6aa4493201353b2a6378e27d2de65234446f8329233cb",
|
||||
"sha256:2044174af237bb9c56ecc07294cf38623ee379e8dca14b01e970f8b015c71917",
|
||||
"sha256:2ff91696888755e96230138355cbe8ce2965d930d967d6cff7c636082d038c78",
|
||||
"sha256:3b5a0660a63b0703380758a7141b96cc1c1a13dee2b8e9c280a2522962fd12af",
|
||||
"sha256:468de52dd3f20187ab5ca4fd265c1bea61a5346baef01ad0333a5e89fa9fad29",
|
||||
"sha256:4832736b3f24617e63dc919ce8c4215680ba94250a5d9e710fcc0c5f457b5028",
|
||||
"sha256:5b75a3db3aab0bfa51b6af3f820760779d360eb79f59e32c88c7fba648990b4f",
|
||||
"sha256:678d9a4ce79e1eaa4ebe88bc9769df52919eb30c597576a0deba1f3cf2360e65",
|
||||
"sha256:72a0b98d41c4508ed23a96eef41090f78630b44ba746e28cd621ecbe961e0a16",
|
||||
"sha256:740a28580520b099b804776db1e919360fcbf30a734a14c5985d5e39a39e7237",
|
||||
"sha256:74d03c256cf0aed81997e87be8e24297b5792c9718f3a735f5055ddfad392f06",
|
||||
"sha256:8bd83d9b8ee125350cd666b55294f4bc9993c4f0d9b1be9344a318d0762e94cc",
|
||||
"sha256:98743a2d827a135bf3390452be18d95839b947a099734d53c17e09a64fc09480",
|
||||
"sha256:98fe0e1b07a314f0a86dc58af4e717c379d48a403eddd8d966ab9b8bf91ce164",
|
||||
"sha256:9c613d797a3790f6b12e78a61e1cd29df7fc88135218467cf8b0891353292b9c",
|
||||
"sha256:9cd14f22425beecf727f6dbdf5c893e46ecbc5ff16197c16a6f38a9066f2d4d5",
|
||||
"sha256:ad1fedca001fefc3030d1e9022b038af429e58dc06a7e9c55e40bd1f834582ec",
|
||||
"sha256:b9dfba513eae785e3d868803f5a7e21a032cb2b038fa4a1ea7ec691037426ad3",
|
||||
"sha256:bc4637390235f1e3e2fcdd3e904ca0b42aa655ae28a78072248b2992b4ad4c08",
|
||||
"sha256:c0f49f1f03be3e4a5faaadc35db7afa2b83a871943b889f9f7bba56e0e2e8bd5",
|
||||
"sha256:c5a2ac760f2fc13a1c58131ec217779911890899ce1a0a63c9409bd23fecde6f",
|
||||
"sha256:d6432daf42f2c487b357e1aa0bdc43193f050ff53a3188bfab20b88202b53027",
|
||||
"sha256:dc1a9bedf389bf3d3627a4d2b21cbdc5fe5e0f029d1f465972f4437833dcc946",
|
||||
"sha256:de7dbf72ae80f06e79444ff9614fb5e3a7956645d513b0e12d1bbe6f3ccebd11",
|
||||
"sha256:ded4748c7be6f31fb207387ee83a3a0f625e700defe32f268cb1d350ed6e4a66",
|
||||
"sha256:e39eafa854e469d7225066c806c76b9a0acba5ff5ce36c82c0224b75e24888f2",
|
||||
"sha256:edff4e31d159672a7b9d70164b21289e4b53b239ce1dc945bf9643d266537573",
|
||||
"sha256:f1b23304855303bd97b5954edab63b8ddd56c91c41c6d4eba408228c0bae95f3",
|
||||
"sha256:f3da121de36a9ead0f32b44ea720ee8c87edbb59dca6bb980d18377d84ad58a3",
|
||||
"sha256:f68c71aabb10b1352a06515e25a425a703ba85660ae04cf074da5eb91c0af5e5",
|
||||
"sha256:f82d3adde46ac9188db3aa7e6e1690865ebb6448d245df5a3ea22284f70d9e46",
|
||||
"sha256:fd1bfc6b7347de9f0ae1fb6f9080426bed6a9ca55b5766fa4fdf7b3a29ccae9c"
|
||||
],
|
||||
"version": "==2021.10.8"
|
||||
"version": "==2021.10.21"
|
||||
},
|
||||
"requests": {
|
||||
"hashes": [
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
|
||||
---
|
||||
|
||||
[](https://discord.gg/jg33eMhnj6)
|
||||
[](https://goauthentik.io/discord)
|
||||
[](https://github.com/goauthentik/authentik/actions/workflows/ci-main.yml)
|
||||
[](https://github.com/goauthentik/authentik/actions/workflows/ci-outpost.yml)
|
||||
[](https://github.com/goauthentik/authentik/actions/workflows/ci-web.yml)
|
||||
@ -20,9 +20,9 @@ authentik is an open-source Identity Provider focused on flexibility and versati
|
||||
|
||||
## Installation
|
||||
|
||||
For small/test setups it is recommended to use docker-compose, see the [documentation](https://goauthentik.io/docs/installation/docker-compose/)
|
||||
For small/test setups it is recommended to use docker-compose, see the [documentation](https://goauthentik.io/docs/installation/docker-compose/?utm_source=github)
|
||||
|
||||
For bigger setups, there is a Helm Chart [here](https://github.com/goauthentik/helm). This is documented [here](https://goauthentik.io/docs/installation/kubernetes/)
|
||||
For bigger setups, there is a Helm Chart [here](https://github.com/goauthentik/helm). This is documented [here](https://goauthentik.io/docs/installation/kubernetes/?utm_source=github)
|
||||
|
||||
## Screenshots
|
||||
|
||||
@ -33,7 +33,7 @@ Light | Dark
|
||||
|
||||
## Development
|
||||
|
||||
See [Development Documentation](https://goauthentik.io/developer-docs/)
|
||||
See [Development Documentation](https://goauthentik.io/developer-docs/?utm_source=github)
|
||||
|
||||
## Security
|
||||
|
||||
|
||||
@ -1,3 +1,3 @@
|
||||
"""authentik"""
|
||||
__version__ = "2021.10.1-rc1"
|
||||
__version__ = "2021.10.1-rc2"
|
||||
ENV_GIT_HASH_KEY = "GIT_BUILD_HASH"
|
||||
|
||||
@ -9,6 +9,7 @@ from rest_framework.exceptions import AuthenticationFailed
|
||||
from rest_framework.request import Request
|
||||
from structlog.stdlib import get_logger
|
||||
|
||||
from authentik.core.middleware import KEY_AUTH_VIA, LOCAL
|
||||
from authentik.core.models import Token, TokenIntents, User
|
||||
from authentik.outposts.models import Outpost
|
||||
|
||||
@ -44,6 +45,7 @@ def bearer_auth(raw_header: bytes) -> Optional[User]:
|
||||
if not user:
|
||||
raise AuthenticationFailed("Token invalid/expired")
|
||||
return user
|
||||
LOCAL.authentik[KEY_AUTH_VIA] = "api_token"
|
||||
return tokens.first().user
|
||||
|
||||
|
||||
@ -57,7 +59,7 @@ def token_secret_key(value: str) -> Optional[User]:
|
||||
outposts = Outpost.objects.filter(managed=MANAGED_OUTPOST)
|
||||
if not outposts:
|
||||
return None
|
||||
LOGGER.info("Authenticating via secret_key")
|
||||
LOCAL.authentik[KEY_AUTH_VIA] = "secret_key"
|
||||
outpost = outposts.first()
|
||||
return outpost.user
|
||||
|
||||
|
||||
@ -45,6 +45,7 @@ from authentik.core.api.used_by import UsedByMixin
|
||||
from authentik.core.api.utils import LinkSerializer, PassiveSerializer, is_dict
|
||||
from authentik.core.middleware import SESSION_IMPERSONATE_ORIGINAL_USER, SESSION_IMPERSONATE_USER
|
||||
from authentik.core.models import (
|
||||
USER_ATTRIBUTE_CHANGE_USERNAME,
|
||||
USER_ATTRIBUTE_SA,
|
||||
USER_ATTRIBUTE_TOKEN_EXPIRING,
|
||||
Group,
|
||||
@ -113,14 +114,22 @@ class UserSelfSerializer(ModelSerializer):
|
||||
)
|
||||
)
|
||||
)
|
||||
def get_groups(self, user: User):
|
||||
def get_groups(self, _: User):
|
||||
"""Return only the group names a user is member of"""
|
||||
for group in user.ak_groups.all():
|
||||
for group in self.instance.ak_groups.all():
|
||||
yield {
|
||||
"name": group.name,
|
||||
"pk": group.pk,
|
||||
}
|
||||
|
||||
def validate_username(self, username: str):
|
||||
"""Check if the user is allowed to change their username"""
|
||||
if self.instance.group_attributes().get(USER_ATTRIBUTE_CHANGE_USERNAME, True):
|
||||
return username
|
||||
if username != self.instance.username:
|
||||
raise ValidationError("Not allowed to change username.")
|
||||
return username
|
||||
|
||||
class Meta:
|
||||
|
||||
model = User
|
||||
@ -337,7 +346,7 @@ class UserViewSet(UsedByMixin, ModelViewSet):
|
||||
# since it caches the full object
|
||||
if SESSION_IMPERSONATE_USER in request.session:
|
||||
request.session[SESSION_IMPERSONATE_USER] = new_user
|
||||
serializer = SessionUserSerializer(data={"user": UserSelfSerializer(request.user).data})
|
||||
serializer = SessionUserSerializer(data={"user": data.data})
|
||||
serializer.is_valid()
|
||||
return Response(serializer.data)
|
||||
|
||||
|
||||
@ -10,6 +10,9 @@ SESSION_IMPERSONATE_USER = "authentik_impersonate_user"
|
||||
SESSION_IMPERSONATE_ORIGINAL_USER = "authentik_impersonate_original_user"
|
||||
LOCAL = local()
|
||||
RESPONSE_HEADER_ID = "X-authentik-id"
|
||||
KEY_AUTH_VIA = "auth_via"
|
||||
KEY_USER = "user"
|
||||
INTERNAL_HEADER_PREFIX = "X-authentik-internal-"
|
||||
|
||||
|
||||
class ImpersonateMiddleware:
|
||||
@ -50,15 +53,17 @@ class RequestIDMiddleware:
|
||||
}
|
||||
response = self.get_response(request)
|
||||
response[RESPONSE_HEADER_ID] = request.request_id
|
||||
del LOCAL.authentik["request_id"]
|
||||
del LOCAL.authentik["host"]
|
||||
if auth_via := LOCAL.authentik.get(KEY_AUTH_VIA, None):
|
||||
response[INTERNAL_HEADER_PREFIX + KEY_AUTH_VIA] = auth_via
|
||||
response[INTERNAL_HEADER_PREFIX + KEY_USER] = request.user.username
|
||||
for key in list(LOCAL.authentik.keys()):
|
||||
del LOCAL.authentik[key]
|
||||
return response
|
||||
|
||||
|
||||
# pylint: disable=unused-argument
|
||||
def structlog_add_request_id(logger: Logger, method_name: str, event_dict):
|
||||
def structlog_add_request_id(logger: Logger, method_name: str, event_dict: dict):
|
||||
"""If threadlocal has authentik defined, add request_id to log"""
|
||||
if hasattr(LOCAL, "authentik"):
|
||||
event_dict["request_id"] = LOCAL.authentik.get("request_id", "")
|
||||
event_dict["host"] = LOCAL.authentik.get("host", "")
|
||||
event_dict.update(LOCAL.authentik)
|
||||
return event_dict
|
||||
|
||||
@ -39,6 +39,7 @@ USER_ATTRIBUTE_DEBUG = "goauthentik.io/user/debug"
|
||||
USER_ATTRIBUTE_SA = "goauthentik.io/user/service-account"
|
||||
USER_ATTRIBUTE_SOURCES = "goauthentik.io/user/sources"
|
||||
USER_ATTRIBUTE_TOKEN_EXPIRING = "goauthentik.io/user/token-expires" # nosec
|
||||
USER_ATTRIBUTE_CHANGE_USERNAME = "goauthentik.io/user/can-change-username" # nosec
|
||||
USER_ATTRIBUTE_CAN_OVERRIDE_IP = "goauthentik.io/user/override-ips"
|
||||
|
||||
GRAVATAR_URL = "https://secure.gravatar.com"
|
||||
|
||||
@ -61,7 +61,7 @@
|
||||
{% endfor %}
|
||||
{% if tenant.branding_title != "authentik" %}
|
||||
<li>
|
||||
<a href="https://goauthentik.io">
|
||||
<a href="https://goauthentik.io?utm_source=authentik">
|
||||
{% trans 'Powered by authentik' %}
|
||||
</a>
|
||||
</li>
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
from django.urls.base import reverse
|
||||
from rest_framework.test import APITestCase
|
||||
|
||||
from authentik.core.models import User
|
||||
from authentik.core.models import USER_ATTRIBUTE_CHANGE_USERNAME, User
|
||||
from authentik.flows.models import Flow, FlowDesignation
|
||||
from authentik.stages.email.models import EmailStage
|
||||
from authentik.tenants.models import Tenant
|
||||
@ -15,6 +15,24 @@ class TestUsersAPI(APITestCase):
|
||||
self.admin = User.objects.get(username="akadmin")
|
||||
self.user = User.objects.create(username="test-user")
|
||||
|
||||
def test_update_self(self):
|
||||
"""Test update_self"""
|
||||
self.client.force_login(self.admin)
|
||||
response = self.client.put(
|
||||
reverse("authentik_api:user-update-self"), data={"username": "foo", "name": "foo"}
|
||||
)
|
||||
self.assertEqual(response.status_code, 200)
|
||||
|
||||
def test_update_self_username_denied(self):
|
||||
"""Test update_self"""
|
||||
self.admin.attributes[USER_ATTRIBUTE_CHANGE_USERNAME] = False
|
||||
self.admin.save()
|
||||
self.client.force_login(self.admin)
|
||||
response = self.client.put(
|
||||
reverse("authentik_api:user-update-self"), data={"username": "foo", "name": "foo"}
|
||||
)
|
||||
self.assertEqual(response.status_code, 400)
|
||||
|
||||
def test_metrics(self):
|
||||
"""Test user's metrics"""
|
||||
self.client.force_login(self.admin)
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
"""authentik flow signals"""
|
||||
from django.core.cache import cache
|
||||
from django.db.models.signals import post_save
|
||||
from django.db.models.signals import post_save, pre_delete
|
||||
from django.dispatch import receiver
|
||||
from structlog.stdlib import get_logger
|
||||
|
||||
@ -15,6 +15,7 @@ def delete_cache_prefix(prefix: str) -> int:
|
||||
|
||||
|
||||
@receiver(post_save)
|
||||
@receiver(pre_delete)
|
||||
# pylint: disable=unused-argument
|
||||
def invalidate_flow_cache(sender, instance, **_):
|
||||
"""Invalidate flow cache when flow is updated"""
|
||||
|
||||
@ -56,6 +56,7 @@ outposts:
|
||||
# %(build_hash)s: Build hash if you're running a beta version
|
||||
container_image_base: env://AUTHENTIK_OUTPOSTS__DOCKER_IMAGE_BASE?goauthentik.io/%(type)s:%(version)s
|
||||
|
||||
cookie_domain: null
|
||||
disable_update_check: false
|
||||
avatars: env://AUTHENTIK_AUTHENTIK__AVATARS?gravatar
|
||||
geoip: "./GeoLite2-City.mmdb"
|
||||
@ -63,6 +64,6 @@ geoip: "./GeoLite2-City.mmdb"
|
||||
# Can't currently be configured via environment variables, only yaml
|
||||
footer_links:
|
||||
- name: Documentation
|
||||
href: https://goauthentik.io/docs/
|
||||
href: https://goauthentik.io/docs/?utm_source=authentik
|
||||
- name: authentik Website
|
||||
href: https://goauthentik.io/
|
||||
href: https://goauthentik.io/?utm_source=authentik
|
||||
|
||||
@ -3,7 +3,7 @@ from time import time
|
||||
|
||||
from structlog.stdlib import get_logger
|
||||
|
||||
from authentik.core.middleware import RESPONSE_HEADER_ID
|
||||
from authentik.core.middleware import INTERNAL_HEADER_PREFIX, RESPONSE_HEADER_ID
|
||||
from authentik.root.asgi.types import ASGIApp, Message, Receive, Scope, Send
|
||||
|
||||
ASGI_IP_HEADERS = (
|
||||
@ -26,6 +26,8 @@ class ASGILogger:
|
||||
content_length = 0
|
||||
status_code = 0
|
||||
request_id = ""
|
||||
# Copy all headers starting with X-authentik-internal
|
||||
copied_headers = {}
|
||||
location = ""
|
||||
start = time()
|
||||
|
||||
@ -45,9 +47,19 @@ class ASGILogger:
|
||||
if message["type"] == "http.response.start":
|
||||
response_headers = dict(message["headers"])
|
||||
nonlocal request_id
|
||||
nonlocal copied_headers
|
||||
nonlocal location
|
||||
request_id = response_headers.get(RESPONSE_HEADER_ID.encode(), b"").decode()
|
||||
location = response_headers.get(b"Location", b"").decode()
|
||||
# Copy all internal headers to log, and remove them from the final response
|
||||
for header in list(response_headers.keys()):
|
||||
if not header.decode().startswith(INTERNAL_HEADER_PREFIX):
|
||||
continue
|
||||
copied_headers[
|
||||
header.decode().replace(INTERNAL_HEADER_PREFIX, "")
|
||||
] = response_headers[header].decode()
|
||||
del response_headers[header]
|
||||
message["headers"] = list(response_headers.items())
|
||||
|
||||
if message["type"] == "http.response.body" and not message.get("more_body", True):
|
||||
nonlocal start
|
||||
@ -55,6 +67,7 @@ class ASGILogger:
|
||||
kwargs = {"request_id": request_id}
|
||||
if location != "":
|
||||
kwargs["location"] = location
|
||||
kwargs.update(copied_headers)
|
||||
self.log(scope, runtime, content_length, status_code, **kwargs)
|
||||
await send(message)
|
||||
|
||||
|
||||
@ -72,6 +72,7 @@ _cookie_suffix = "_debug" if DEBUG else ""
|
||||
CSRF_COOKIE_NAME = "authentik_csrf"
|
||||
LANGUAGE_COOKIE_NAME = f"authentik_language{_cookie_suffix}"
|
||||
SESSION_COOKIE_NAME = f"authentik_session{_cookie_suffix}"
|
||||
SESSION_COOKIE_DOMAIN = CONFIG.y("cookie_domain", None)
|
||||
|
||||
AUTHENTICATION_BACKENDS = [
|
||||
"django.contrib.auth.backends.ModelBackend",
|
||||
|
||||
@ -3,7 +3,7 @@ from django.urls.base import reverse_lazy
|
||||
from drf_spectacular.types import OpenApiTypes
|
||||
from drf_spectacular.utils import OpenApiParameter, extend_schema, extend_schema_field
|
||||
from rest_framework.decorators import action
|
||||
from rest_framework.fields import BooleanField, CharField, SerializerMethodField
|
||||
from rest_framework.fields import BooleanField, CharField, ChoiceField, SerializerMethodField
|
||||
from rest_framework.request import Request
|
||||
from rest_framework.response import Response
|
||||
from rest_framework.serializers import ValidationError
|
||||
@ -31,6 +31,7 @@ class SourceTypeSerializer(PassiveSerializer):
|
||||
class OAuthSourceSerializer(SourceSerializer):
|
||||
"""OAuth Source Serializer"""
|
||||
|
||||
provider_type = ChoiceField(choices=MANAGER.get_name_tuple())
|
||||
callback_url = SerializerMethodField()
|
||||
|
||||
def get_callback_url(self, instance: OAuthSource) -> str:
|
||||
|
||||
@ -38,3 +38,4 @@ class UserOAuthSourceConnectionViewSet(
|
||||
filterset_fields = ["source__slug"]
|
||||
permission_classes = [OwnerPermissions]
|
||||
filter_backends = [OwnerFilter, DjangoFilterBackend, OrderingFilter, SearchFilter]
|
||||
ordering = ["source__slug"]
|
||||
|
||||
@ -21,7 +21,7 @@
|
||||
<div class="footer">
|
||||
<table width="100%">
|
||||
<tr>
|
||||
<td class="aligncenter content-block">Powered by <a href="https://goauthentik.io">authentik</a>.</td>
|
||||
<td class="aligncenter content-block">Powered by <a href="https://goauthentik.io?utm_source=authentik&utm_medium=email">authentik</a>.</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
||||
|
||||
@ -17,7 +17,7 @@ services:
|
||||
image: redis:alpine
|
||||
restart: unless-stopped
|
||||
server:
|
||||
image: ${AUTHENTIK_IMAGE:-goauthentik.io/server}:${AUTHENTIK_TAG:-2021.10.1-rc1}
|
||||
image: ${AUTHENTIK_IMAGE:-goauthentik.io/server}:${AUTHENTIK_TAG:-2021.10.1-rc2}
|
||||
restart: unless-stopped
|
||||
command: server
|
||||
environment:
|
||||
@ -38,7 +38,7 @@ services:
|
||||
- "0.0.0.0:9000:9000"
|
||||
- "0.0.0.0:9443:9443"
|
||||
worker:
|
||||
image: ${AUTHENTIK_IMAGE:-goauthentik.io/server}:${AUTHENTIK_TAG:-2021.10.1-rc1}
|
||||
image: ${AUTHENTIK_IMAGE:-goauthentik.io/server}:${AUTHENTIK_TAG:-2021.10.1-rc2}
|
||||
restart: unless-stopped
|
||||
command: worker
|
||||
environment:
|
||||
|
||||
2
go.mod
2
go.mod
@ -34,7 +34,7 @@ require (
|
||||
github.com/recws-org/recws v1.3.1
|
||||
github.com/sirupsen/logrus v1.8.1
|
||||
go.mongodb.org/mongo-driver v1.5.2 // indirect
|
||||
goauthentik.io/api v0.202198.6
|
||||
goauthentik.io/api v0.2021101.2
|
||||
golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2 // indirect
|
||||
golang.org/x/net v0.0.0-20210510120150-4163338589ed // indirect
|
||||
golang.org/x/oauth2 v0.0.0-20210323180902-22b0adad7558
|
||||
|
||||
4
go.sum
4
go.sum
@ -554,8 +554,8 @@ go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
|
||||
go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
|
||||
go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
|
||||
go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
|
||||
goauthentik.io/api v0.202198.6 h1:guPsIyDBxBRm8Emy3ZP1SWKe1JhfAls2NTZdk+OtW8c=
|
||||
goauthentik.io/api v0.202198.6/go.mod h1:02nnD4FRd8lu8A1+ZuzqownBgvAhdCKzqkKX8v7JMTE=
|
||||
goauthentik.io/api v0.2021101.2 h1:MEmrcCmR/fWfxwVVlWPuVt4S3tigyv3OugNndLcFL3Y=
|
||||
goauthentik.io/api v0.2021101.2/go.mod h1:02nnD4FRd8lu8A1+ZuzqownBgvAhdCKzqkKX8v7JMTE=
|
||||
golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
|
||||
golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
|
||||
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
|
||||
|
||||
@ -17,4 +17,4 @@ func OutpostUserAgent() string {
|
||||
return fmt.Sprintf("authentik-outpost@%s (build=%s)", VERSION, BUILD())
|
||||
}
|
||||
|
||||
const VERSION = "2021.10.1-rc1"
|
||||
const VERSION = "2021.10.1-rc2"
|
||||
|
||||
@ -55,7 +55,7 @@ func (ls *LDAPServer) Bind(bindDN string, bindPW string, conn net.Conn) (ldap.LD
|
||||
if err == nil {
|
||||
return instance.Bind(username, req)
|
||||
} else {
|
||||
ls.log.WithError(err).Debug("Username not for instance")
|
||||
req.log.WithError(err).Debug("Username not for instance")
|
||||
}
|
||||
}
|
||||
req.log.WithField("request", "bind").Warning("No provider found for request")
|
||||
|
||||
@ -52,7 +52,7 @@
|
||||
<p></p>
|
||||
<ul class="pf-c-list pf-m-inline">
|
||||
<li>
|
||||
<a href="https://goauthentik.io">
|
||||
<a href="https://goauthentik.io?utm_source=authentik_outpost&utm_campaign=proxy_error">
|
||||
Powered by authentik
|
||||
</a>
|
||||
</li>
|
||||
|
||||
27
schema.yml
27
schema.yml
@ -1,7 +1,7 @@
|
||||
openapi: 3.0.3
|
||||
info:
|
||||
title: authentik
|
||||
version: 2021.10.1-rc1
|
||||
version: 2021.10.1-rc2
|
||||
description: Making authentication simple.
|
||||
contact:
|
||||
email: hello@beryju.org
|
||||
@ -20109,9 +20109,9 @@ components:
|
||||
$ref: '#/components/schemas/FooterLink'
|
||||
readOnly: true
|
||||
default:
|
||||
- href: https://goauthentik.io/docs/
|
||||
- href: https://goauthentik.io/docs/?utm_source=authentik
|
||||
name: Documentation
|
||||
- href: https://goauthentik.io/
|
||||
- href: https://goauthentik.io/?utm_source=authentik
|
||||
name: authentik Website
|
||||
flow_authentication:
|
||||
type: string
|
||||
@ -22668,8 +22668,7 @@ components:
|
||||
description: How the source determines if an existing user should be authenticated
|
||||
or a new user enrolled.
|
||||
provider_type:
|
||||
type: string
|
||||
maxLength: 255
|
||||
$ref: '#/components/schemas/ProviderTypeEnum'
|
||||
request_token_url:
|
||||
type: string
|
||||
nullable: true
|
||||
@ -22743,8 +22742,7 @@ components:
|
||||
description: How the source determines if an existing user should be authenticated
|
||||
or a new user enrolled.
|
||||
provider_type:
|
||||
type: string
|
||||
maxLength: 255
|
||||
$ref: '#/components/schemas/ProviderTypeEnum'
|
||||
request_token_url:
|
||||
type: string
|
||||
nullable: true
|
||||
@ -26806,8 +26804,7 @@ components:
|
||||
description: How the source determines if an existing user should be authenticated
|
||||
or a new user enrolled.
|
||||
provider_type:
|
||||
type: string
|
||||
maxLength: 255
|
||||
$ref: '#/components/schemas/ProviderTypeEnum'
|
||||
request_token_url:
|
||||
type: string
|
||||
nullable: true
|
||||
@ -28209,6 +28206,18 @@ components:
|
||||
required:
|
||||
- authorization_flow
|
||||
- name
|
||||
ProviderTypeEnum:
|
||||
enum:
|
||||
- apple
|
||||
- azuread
|
||||
- discord
|
||||
- facebook
|
||||
- github
|
||||
- google
|
||||
- openidconnect
|
||||
- reddit
|
||||
- twitter
|
||||
type: string
|
||||
ProxyMode:
|
||||
enum:
|
||||
- proxy
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
## @goauthentik/api
|
||||
|
||||
This package provides a generated API Client for [authentik](https://goauthentik.io).
|
||||
This package provides a generated API Client for [authentik](https://goauthentik.io?utm_source=npm-api-package).
|
||||
|
||||
### Building
|
||||
|
||||
|
||||
42
web/package-lock.json
generated
42
web/package-lock.json
generated
@ -15,7 +15,7 @@
|
||||
"@babel/preset-env": "^7.15.8",
|
||||
"@babel/preset-typescript": "^7.15.0",
|
||||
"@fortawesome/fontawesome-free": "^5.15.4",
|
||||
"@goauthentik/api": "^2021.10.1-rc1-1634651140",
|
||||
"@goauthentik/api": "^2021.10.1-rc1-1634805016",
|
||||
"@lingui/cli": "^3.12.1",
|
||||
"@lingui/core": "^3.12.1",
|
||||
"@lingui/detect-locale": "^3.12.1",
|
||||
@ -44,8 +44,8 @@
|
||||
"construct-style-sheets-polyfill": "^2.4.16",
|
||||
"eslint": "^8.0.1",
|
||||
"eslint-config-google": "^0.14.0",
|
||||
"eslint-plugin-custom-elements": "0.0.2",
|
||||
"eslint-plugin-lit": "^1.6.0",
|
||||
"eslint-plugin-custom-elements": "0.0.3",
|
||||
"eslint-plugin-lit": "^1.6.1",
|
||||
"flowchart.js": "^1.16.0",
|
||||
"fuse.js": "^6.4.6",
|
||||
"lit": "^2.0.2",
|
||||
@ -1712,9 +1712,9 @@
|
||||
}
|
||||
},
|
||||
"node_modules/@goauthentik/api": {
|
||||
"version": "2021.10.1-rc1-1634651140",
|
||||
"resolved": "https://registry.npmjs.org/@goauthentik/api/-/api-2021.10.1-rc1-1634651140.tgz",
|
||||
"integrity": "sha512-8ItPkFaFNc5x9xx+w61jovwsyiT+Oc66keZAOjHhqrGJT0tM+ABemgIIq3mC3dPR2nDUOhc0VdjfYcvy9bC6lQ=="
|
||||
"version": "2021.10.1-rc1-1634805016",
|
||||
"resolved": "https://registry.npmjs.org/@goauthentik/api/-/api-2021.10.1-rc1-1634805016.tgz",
|
||||
"integrity": "sha512-QMf+a7zsyRReGL937Tok4O65B2tstIUVGhWpMRAxJyL+BSx98IG0Wrj4sAfkSOAUdGs6tSzyXeO3n7T+SvqZsA=="
|
||||
},
|
||||
"node_modules/@humanwhocodes/config-array": {
|
||||
"version": "0.6.0",
|
||||
@ -4043,9 +4043,9 @@
|
||||
}
|
||||
},
|
||||
"node_modules/eslint-plugin-custom-elements": {
|
||||
"version": "0.0.2",
|
||||
"resolved": "https://registry.npmjs.org/eslint-plugin-custom-elements/-/eslint-plugin-custom-elements-0.0.2.tgz",
|
||||
"integrity": "sha512-lIRBhxh0M/1seyMzSPJwdfdNtlVSPArJ+erF2xqjPsd/6SdCuT43hCQNV2A2te3GqBWhgh/unXSVRO09c1kyPA==",
|
||||
"version": "0.0.3",
|
||||
"resolved": "https://registry.npmjs.org/eslint-plugin-custom-elements/-/eslint-plugin-custom-elements-0.0.3.tgz",
|
||||
"integrity": "sha512-ZyOQRsIQT9xHB9nXHvIXo91L1fkzMpAqDQnFG8Fp0WykfpcEKBebJZoNLn2US/XyGuaWsMsHWb5HzAZfF7FzNQ==",
|
||||
"dependencies": {
|
||||
"eslint-rule-documentation": ">=1.0.0"
|
||||
},
|
||||
@ -4054,9 +4054,9 @@
|
||||
}
|
||||
},
|
||||
"node_modules/eslint-plugin-lit": {
|
||||
"version": "1.6.0",
|
||||
"resolved": "https://registry.npmjs.org/eslint-plugin-lit/-/eslint-plugin-lit-1.6.0.tgz",
|
||||
"integrity": "sha512-869OEsg1MdI7bYJrOjgkdMXAX9qPZkyxJkScKQMY3vVDKnWxRGow/vI+2zEduKWOZA23Zfg/mUDwYZ5OGkd9eg==",
|
||||
"version": "1.6.1",
|
||||
"resolved": "https://registry.npmjs.org/eslint-plugin-lit/-/eslint-plugin-lit-1.6.1.tgz",
|
||||
"integrity": "sha512-BpPoWVhf8dQ/Sz5Pi9NlqbGoH5BcMcVyXhi2XTx2XGMAO9U2lS+GTSsqJjI5hL3OuxCicNiUEWXazAwi9cAGxQ==",
|
||||
"dependencies": {
|
||||
"parse5": "^6.0.1",
|
||||
"parse5-htmlparser2-tree-adapter": "^6.0.1",
|
||||
@ -9702,9 +9702,9 @@
|
||||
"integrity": "sha512-eYm8vijH/hpzr/6/1CJ/V/Eb1xQFW2nnUKArb3z+yUWv7HTwj6M7SP957oMjfZjAHU6qpoNc2wQvIxBLWYa/Jg=="
|
||||
},
|
||||
"@goauthentik/api": {
|
||||
"version": "2021.10.1-rc1-1634651140",
|
||||
"resolved": "https://registry.npmjs.org/@goauthentik/api/-/api-2021.10.1-rc1-1634651140.tgz",
|
||||
"integrity": "sha512-8ItPkFaFNc5x9xx+w61jovwsyiT+Oc66keZAOjHhqrGJT0tM+ABemgIIq3mC3dPR2nDUOhc0VdjfYcvy9bC6lQ=="
|
||||
"version": "2021.10.1-rc1-1634805016",
|
||||
"resolved": "https://registry.npmjs.org/@goauthentik/api/-/api-2021.10.1-rc1-1634805016.tgz",
|
||||
"integrity": "sha512-QMf+a7zsyRReGL937Tok4O65B2tstIUVGhWpMRAxJyL+BSx98IG0Wrj4sAfkSOAUdGs6tSzyXeO3n7T+SvqZsA=="
|
||||
},
|
||||
"@humanwhocodes/config-array": {
|
||||
"version": "0.6.0",
|
||||
@ -11572,17 +11572,17 @@
|
||||
"requires": {}
|
||||
},
|
||||
"eslint-plugin-custom-elements": {
|
||||
"version": "0.0.2",
|
||||
"resolved": "https://registry.npmjs.org/eslint-plugin-custom-elements/-/eslint-plugin-custom-elements-0.0.2.tgz",
|
||||
"integrity": "sha512-lIRBhxh0M/1seyMzSPJwdfdNtlVSPArJ+erF2xqjPsd/6SdCuT43hCQNV2A2te3GqBWhgh/unXSVRO09c1kyPA==",
|
||||
"version": "0.0.3",
|
||||
"resolved": "https://registry.npmjs.org/eslint-plugin-custom-elements/-/eslint-plugin-custom-elements-0.0.3.tgz",
|
||||
"integrity": "sha512-ZyOQRsIQT9xHB9nXHvIXo91L1fkzMpAqDQnFG8Fp0WykfpcEKBebJZoNLn2US/XyGuaWsMsHWb5HzAZfF7FzNQ==",
|
||||
"requires": {
|
||||
"eslint-rule-documentation": ">=1.0.0"
|
||||
}
|
||||
},
|
||||
"eslint-plugin-lit": {
|
||||
"version": "1.6.0",
|
||||
"resolved": "https://registry.npmjs.org/eslint-plugin-lit/-/eslint-plugin-lit-1.6.0.tgz",
|
||||
"integrity": "sha512-869OEsg1MdI7bYJrOjgkdMXAX9qPZkyxJkScKQMY3vVDKnWxRGow/vI+2zEduKWOZA23Zfg/mUDwYZ5OGkd9eg==",
|
||||
"version": "1.6.1",
|
||||
"resolved": "https://registry.npmjs.org/eslint-plugin-lit/-/eslint-plugin-lit-1.6.1.tgz",
|
||||
"integrity": "sha512-BpPoWVhf8dQ/Sz5Pi9NlqbGoH5BcMcVyXhi2XTx2XGMAO9U2lS+GTSsqJjI5hL3OuxCicNiUEWXazAwi9cAGxQ==",
|
||||
"requires": {
|
||||
"parse5": "^6.0.1",
|
||||
"parse5-htmlparser2-tree-adapter": "^6.0.1",
|
||||
|
||||
@ -50,7 +50,7 @@
|
||||
"@babel/preset-env": "^7.15.8",
|
||||
"@babel/preset-typescript": "^7.15.0",
|
||||
"@fortawesome/fontawesome-free": "^5.15.4",
|
||||
"@goauthentik/api": "^2021.10.1-rc1-1634651140",
|
||||
"@goauthentik/api": "^2021.10.1-rc1-1634805016",
|
||||
"@lingui/cli": "^3.12.1",
|
||||
"@lingui/core": "^3.12.1",
|
||||
"@lingui/detect-locale": "^3.12.1",
|
||||
@ -79,8 +79,8 @@
|
||||
"construct-style-sheets-polyfill": "^2.4.16",
|
||||
"eslint": "^8.0.1",
|
||||
"eslint-config-google": "^0.14.0",
|
||||
"eslint-plugin-custom-elements": "0.0.2",
|
||||
"eslint-plugin-lit": "^1.6.0",
|
||||
"eslint-plugin-custom-elements": "0.0.3",
|
||||
"eslint-plugin-lit": "^1.6.1",
|
||||
"flowchart.js": "^1.16.0",
|
||||
"fuse.js": "^6.4.6",
|
||||
"lit": "^2.0.2",
|
||||
|
||||
@ -38,17 +38,6 @@ export function configureSentry(canDoPpi: boolean = false): Promise<Config> {
|
||||
if (hint.originalException instanceof Response || hint.originalException instanceof DOMException) {
|
||||
return null;
|
||||
}
|
||||
if (event.exception) {
|
||||
me().then(user => {
|
||||
Sentry.showReportDialog({
|
||||
eventId: event.event_id,
|
||||
user: {
|
||||
email: user.user.email,
|
||||
name: user.user.name,
|
||||
}
|
||||
});
|
||||
});
|
||||
}
|
||||
return event;
|
||||
},
|
||||
});
|
||||
@ -58,12 +47,13 @@ export function configureSentry(canDoPpi: boolean = false): Promise<Config> {
|
||||
const intf = window.location.pathname.replace(/.+if\/(.+)\//, "$1");
|
||||
Sentry.setTag(TAG_SENTRY_COMPONENT, `web/${intf}`);
|
||||
}
|
||||
console.debug("authentik/config: Sentry enabled.");
|
||||
if (config.errorReportingSendPii && canDoPpi) {
|
||||
me().then(user => {
|
||||
Sentry.setUser({ email: user.user.email });
|
||||
console.debug("authentik/config: Sentry with PII enabled.");
|
||||
});
|
||||
} else {
|
||||
console.debug("authentik/config: Sentry enabled.");
|
||||
}
|
||||
}
|
||||
return config;
|
||||
|
||||
@ -3,7 +3,7 @@ export const SUCCESS_CLASS = "pf-m-success";
|
||||
export const ERROR_CLASS = "pf-m-danger";
|
||||
export const PROGRESS_CLASS = "pf-m-in-progress";
|
||||
export const CURRENT_CLASS = "pf-m-current";
|
||||
export const VERSION = "2021.10.1-rc1";
|
||||
export const VERSION = "2021.10.1-rc2";
|
||||
export const TITLE_DEFAULT = "authentik";
|
||||
export const ROUTE_SEPARATOR = ";";
|
||||
|
||||
|
||||
@ -29,7 +29,6 @@ import { configureSentry } from "../api/Sentry";
|
||||
import { WebsocketClient } from "../common/ws";
|
||||
import { EVENT_FLOW_ADVANCE, TITLE_DEFAULT } from "../constants";
|
||||
import "../elements/LoadingOverlay";
|
||||
import { DefaultTenant } from "../elements/sidebar/SidebarBrand";
|
||||
import { first } from "../utils";
|
||||
import "./FlowInspector";
|
||||
import "./access_denied/FlowAccessDenied";
|
||||
@ -385,11 +384,7 @@ export class FlowExecutor extends LitElement implements StageHost {
|
||||
<header class="pf-c-login__header">
|
||||
<div class="pf-c-brand ak-brand">
|
||||
<img
|
||||
src="${first(
|
||||
this.tenant?.brandingLogo,
|
||||
DefaultTenant.brandingLogo,
|
||||
)}"
|
||||
alt="authentik icon"
|
||||
src="${first(this.tenant?.brandingLogo, "")}"
|
||||
/>
|
||||
</div>
|
||||
</header>
|
||||
@ -411,7 +406,8 @@ export class FlowExecutor extends LitElement implements StageHost {
|
||||
${this.tenant?.brandingTitle != "authentik"
|
||||
? html`
|
||||
<li>
|
||||
<a href="https://goauthentik.io"
|
||||
<a
|
||||
href="https://goauthentik.io?utm_source=authentik&utm_medium=flow"
|
||||
>${t`Powered by authentik`}</a
|
||||
>
|
||||
</li>
|
||||
|
||||
@ -1,7 +1,8 @@
|
||||
import { t } from "@lingui/macro";
|
||||
|
||||
import { css, CSSResult, html, TemplateResult } from "lit";
|
||||
import { customElement, property } from "lit/decorators";
|
||||
import { customElement, state } from "lit/decorators";
|
||||
import { ifDefined } from "lit/directives/if-defined";
|
||||
|
||||
import AKGlobal from "../../../authentik.css";
|
||||
import PFButton from "@patternfly/patternfly/components/Button/button.css";
|
||||
@ -36,11 +37,12 @@ export class AuthenticatorValidateStage
|
||||
{
|
||||
flowSlug = "";
|
||||
|
||||
@state()
|
||||
_selectedDeviceChallenge?: DeviceChallenge;
|
||||
|
||||
@property({ attribute: false })
|
||||
set selectedDeviceChallenge(value: DeviceChallenge | undefined) {
|
||||
this._selectedDeviceChallenge = value;
|
||||
if (!value) return;
|
||||
// We don't use this.submit here, as we don't want to advance the flow.
|
||||
// We just want to notify the backend which challenge has been selected.
|
||||
new FlowsApi(DEFAULT_CONFIG).flowsExecutorSolve({
|
||||
@ -64,6 +66,9 @@ export class AuthenticatorValidateStage
|
||||
|
||||
static get styles(): CSSResult[] {
|
||||
return [PFBase, PFLogin, PFForm, PFFormControl, PFTitle, PFButton, AKGlobal].concat(css`
|
||||
ul {
|
||||
padding-top: 1rem;
|
||||
}
|
||||
ul > li:not(:last-child) {
|
||||
padding-bottom: 1rem;
|
||||
}
|
||||
@ -74,7 +79,7 @@ export class AuthenticatorValidateStage
|
||||
i {
|
||||
font-size: 1.5rem;
|
||||
padding: 1rem 0;
|
||||
width: 5rem;
|
||||
width: 3rem;
|
||||
}
|
||||
.right {
|
||||
display: flex;
|
||||
@ -204,15 +209,34 @@ export class AuthenticatorValidateStage
|
||||
}
|
||||
return html`<header class="pf-c-login__main-header">
|
||||
<h1 class="pf-c-title pf-m-3xl">${this.challenge.flowInfo?.title}</h1>
|
||||
${this.selectedDeviceChallenge
|
||||
? ""
|
||||
: html`<p class="pf-c-login__main-header-desc">
|
||||
${t`Select an authentication method.`}
|
||||
</p>`}
|
||||
</header>
|
||||
${this.selectedDeviceChallenge
|
||||
? this.renderDeviceChallenge()
|
||||
: html`<div class="pf-c-login__main-body">${this.renderDevicePicker()}</div>
|
||||
: html`<div class="pf-c-login__main-body">
|
||||
<form class="pf-c-form">
|
||||
<ak-form-static
|
||||
class="pf-c-form__group"
|
||||
userAvatar="${this.challenge.pendingUserAvatar}"
|
||||
user=${this.challenge.pendingUser}
|
||||
>
|
||||
<div slot="link">
|
||||
<a href="${ifDefined(this.challenge.flowInfo?.cancelUrl)}"
|
||||
>${t`Not you?`}</a
|
||||
>
|
||||
</div>
|
||||
</ak-form-static>
|
||||
<input
|
||||
name="username"
|
||||
autocomplete="username"
|
||||
type="hidden"
|
||||
value="${this.challenge.pendingUser}"
|
||||
/>
|
||||
${this.selectedDeviceChallenge
|
||||
? ""
|
||||
: html`<p>${t`Select an authentication method.`}</p>`}
|
||||
</form>
|
||||
${this.renderDevicePicker()}
|
||||
</div>
|
||||
<footer class="pf-c-login__main-footer">
|
||||
<ul class="pf-c-login__main-footer-links"></ul>
|
||||
</footer>`}`;
|
||||
|
||||
@ -20,7 +20,9 @@ export class OutpostDeploymentModal extends ModalButton {
|
||||
</div>
|
||||
<div class="pf-c-modal-box__body">
|
||||
<p>
|
||||
<a target="_blank" href="https://goauthentik.io/docs/outposts/outposts/#deploy"
|
||||
<a
|
||||
target="_blank"
|
||||
href="https://goauthentik.io/docs/outposts/outposts/?utm_source=authentik#deploy"
|
||||
>${t`View deployment documentation`}</a
|
||||
>
|
||||
</p>
|
||||
|
||||
@ -165,7 +165,9 @@ export class OutpostForm extends ModelForm<Outpost, string> {
|
||||
</p>
|
||||
<p class="pf-c-form__helper-text">
|
||||
See
|
||||
<a target="_blank" href="https://goauthentik.io/docs/outposts/outposts"
|
||||
<a
|
||||
target="_blank"
|
||||
href="https://goauthentik.io/docs/outposts/outposts?utm_source=authentik"
|
||||
>documentation</a
|
||||
>.
|
||||
</p>
|
||||
@ -208,7 +210,7 @@ export class OutpostForm extends ModelForm<Outpost, string> {
|
||||
See
|
||||
<a
|
||||
target="_blank"
|
||||
href="https://goauthentik.io/docs/outposts/outposts#configuration"
|
||||
href="https://goauthentik.io/docs/outposts/outposts?utm_source=authentik#configuration"
|
||||
>documentation</a
|
||||
>.
|
||||
</p>
|
||||
|
||||
@ -85,7 +85,7 @@ export class ExpressionPolicyForm extends ModelForm<ExpressionPolicy, string> {
|
||||
${t`Expression using Python.`}
|
||||
<a
|
||||
target="_blank"
|
||||
href="https://goauthentik.io/docs/policies/expression"
|
||||
href="https://goauthentik.io/docs/policies/expression?utm_source=authentik"
|
||||
>
|
||||
${t`See documentation for a list of all variables.`}
|
||||
</a>
|
||||
|
||||
@ -72,7 +72,7 @@ export class PropertyMappingLDAPForm extends ModelForm<LDAPPropertyMapping, stri
|
||||
${t`Expression using Python.`}
|
||||
<a
|
||||
target="_blank"
|
||||
href="https://goauthentik.io/docs/property-mappings/expression/"
|
||||
href="https://goauthentik.io/docs/property-mappings/expression?utm_source=authentik"
|
||||
>
|
||||
${t`See documentation for a list of all variables.`}
|
||||
</a>
|
||||
|
||||
@ -57,7 +57,7 @@ export class PropertyMappingNotification extends ModelForm<NotificationWebhookMa
|
||||
${t`Expression using Python.`}
|
||||
<a
|
||||
target="_blank"
|
||||
href="https://goauthentik.io/docs/property-mappings/expression/"
|
||||
href="https://goauthentik.io/docs/property-mappings/expression?utm_source=authentik"
|
||||
>
|
||||
${t`See documentation for a list of all variables.`}
|
||||
</a>
|
||||
|
||||
@ -82,7 +82,7 @@ export class PropertyMappingLDAPForm extends ModelForm<SAMLPropertyMapping, stri
|
||||
${t`Expression using Python.`}
|
||||
<a
|
||||
target="_blank"
|
||||
href="https://goauthentik.io/docs/property-mappings/expression/"
|
||||
href="https://goauthentik.io/docs/property-mappings/expression?utm_source=authentik"
|
||||
>
|
||||
${t`See documentation for a list of all variables.`}
|
||||
</a>
|
||||
|
||||
@ -78,7 +78,7 @@ export class PropertyMappingScopeForm extends ModelForm<ScopeMapping, string> {
|
||||
${t`Expression using Python.`}
|
||||
<a
|
||||
target="_blank"
|
||||
href="https://goauthentik.io/docs/property-mappings/expression/"
|
||||
href="https://goauthentik.io/docs/property-mappings/expression?utm_source=authentik"
|
||||
>
|
||||
${t`See documentation for a list of all variables.`}
|
||||
</a>
|
||||
|
||||
@ -32,7 +32,7 @@ return ak_is_group_member(request.user, name="test_group")
|
||||
|
||||
Fetch a user matching `**filters`.
|
||||
|
||||
Returns "None" if no user was found, otherwise [User](/docs/expressions/reference/user-object)
|
||||
Returns "None" if no user was found, otherwise [User](/docs/user-group/user)
|
||||
|
||||
Example:
|
||||
|
||||
|
||||
@ -62,6 +62,13 @@ Secret key used for cookie signing and unique user IDs, don't change this after
|
||||
Log level for the server and worker containers. Possible values: debug, info, warning, error
|
||||
Defaults to `info`.
|
||||
|
||||
### AUTHENTIK_COOKIE_DOMAIN
|
||||
|
||||
Which domain the session cookie should be set to. By default, the cookie is set to the domain authentik is accessed under.
|
||||
|
||||
### AUTHENTIK_DISABLE_UPDATE_CHECK
|
||||
|
||||
Disable the inbuilt update-checker. Defaults to `false`.
|
||||
|
||||
### AUTHENTIK_ERROR_REPORTING
|
||||
|
||||
|
||||
@ -14,7 +14,7 @@ This installation method is for test-setups and small-scale productive setups.
|
||||
|
||||
Download the latest `docker-compose.yml` from [here](https://goauthentik.io/docker-compose.yml). Place it in a directory of your choice.
|
||||
|
||||
To optionally deploy a different version run `echo AUTHENTIK_TAG=2021.10.1-rc1 >> .env`
|
||||
To optionally deploy a different version run `echo AUTHENTIK_TAG=2021.10.1-rc2 >> .env`
|
||||
|
||||
If this is a fresh authentik install run the following commands to generate a password:
|
||||
|
||||
|
||||
@ -13,7 +13,7 @@ version: "3.5"
|
||||
|
||||
services:
|
||||
authentik_proxy:
|
||||
image: goauthentik.io/proxy:2021.10.1-rc1
|
||||
image: goauthentik.io/proxy:2021.10.1-rc2
|
||||
# Optionally specify which networks the container should be
|
||||
# might be needed to reach the core authentik server
|
||||
# networks:
|
||||
@ -40,7 +40,7 @@ version: "3.5"
|
||||
|
||||
services:
|
||||
authentik_ldap:
|
||||
image: goauthentik.io/ldap:2021.10.1-rc1
|
||||
image: goauthentik.io/ldap:2021.10.1-rc2
|
||||
# Optionally specify which networks the container should be
|
||||
# might be needed to reach the core authentik server
|
||||
# networks:
|
||||
|
||||
@ -14,7 +14,7 @@ metadata:
|
||||
app.kubernetes.io/instance: __OUTPOST_NAME__
|
||||
app.kubernetes.io/managed-by: goauthentik.io
|
||||
app.kubernetes.io/name: authentik-proxy
|
||||
app.kubernetes.io/version: 2021.10.1-rc1
|
||||
app.kubernetes.io/version: 2021.10.1-rc2
|
||||
name: authentik-outpost-api
|
||||
stringData:
|
||||
authentik_host: "__AUTHENTIK_URL__"
|
||||
@ -29,7 +29,7 @@ metadata:
|
||||
app.kubernetes.io/instance: __OUTPOST_NAME__
|
||||
app.kubernetes.io/managed-by: goauthentik.io
|
||||
app.kubernetes.io/name: authentik-proxy
|
||||
app.kubernetes.io/version: 2021.10.1-rc1
|
||||
app.kubernetes.io/version: 2021.10.1-rc2
|
||||
name: authentik-outpost
|
||||
spec:
|
||||
ports:
|
||||
@ -54,7 +54,7 @@ metadata:
|
||||
app.kubernetes.io/instance: __OUTPOST_NAME__
|
||||
app.kubernetes.io/managed-by: goauthentik.io
|
||||
app.kubernetes.io/name: authentik-proxy
|
||||
app.kubernetes.io/version: 2021.10.1-rc1
|
||||
app.kubernetes.io/version: 2021.10.1-rc2
|
||||
name: authentik-outpost
|
||||
spec:
|
||||
selector:
|
||||
@ -62,14 +62,14 @@ spec:
|
||||
app.kubernetes.io/instance: __OUTPOST_NAME__
|
||||
app.kubernetes.io/managed-by: goauthentik.io
|
||||
app.kubernetes.io/name: authentik-proxy
|
||||
app.kubernetes.io/version: 2021.10.1-rc1
|
||||
app.kubernetes.io/version: 2021.10.1-rc2
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/instance: __OUTPOST_NAME__
|
||||
app.kubernetes.io/managed-by: goauthentik.io
|
||||
app.kubernetes.io/name: authentik-proxy
|
||||
app.kubernetes.io/version: 2021.10.1-rc1
|
||||
app.kubernetes.io/version: 2021.10.1-rc2
|
||||
spec:
|
||||
containers:
|
||||
- env:
|
||||
@ -88,7 +88,7 @@ spec:
|
||||
secretKeyRef:
|
||||
key: authentik_host_insecure
|
||||
name: authentik-outpost-api
|
||||
image: goauthentik.io/proxy:2021.10.1-rc1
|
||||
image: goauthentik.io/proxy:2021.10.1-rc2
|
||||
name: proxy
|
||||
ports:
|
||||
- containerPort: 9000
|
||||
@ -110,7 +110,7 @@ metadata:
|
||||
app.kubernetes.io/instance: __OUTPOST_NAME__
|
||||
app.kubernetes.io/managed-by: goauthentik.io
|
||||
app.kubernetes.io/name: authentik-proxy
|
||||
app.kubernetes.io/version: 2021.10.1-rc1
|
||||
app.kubernetes.io/version: 2021.10.1-rc2
|
||||
name: authentik-outpost
|
||||
spec:
|
||||
rules:
|
||||
|
||||
@ -53,7 +53,7 @@ import Objects from '../expressions/_objects.md'
|
||||
<Objects />
|
||||
|
||||
- `request`: A PolicyRequest object, which has the following properties:
|
||||
- `request.user`: The current user, against which the policy is applied. See [User](../expressions/reference/user-object.md)
|
||||
- `request.user`: The current user, against which the policy is applied. See [User](../user-group/user.md#object-attributes)
|
||||
- `request.http_request`: The Django HTTP Request. See ([Django documentation](https://docs.djangoproject.com/en/3.0/ref/request-response/#httprequest-objects))
|
||||
- `request.obj`: A Django Model instance. This is only set if the policy is ran against an object.
|
||||
- `request.context`: A dictionary with dynamic data. This depends on the origin of the execution.
|
||||
@ -75,7 +75,7 @@ This includes the following:
|
||||
|
||||
- `context['prompt_data']`: Data which has been saved from a prompt stage or an external source.
|
||||
- `context['application']`: The application the user is in the process of authorizing.
|
||||
- `context['pending_user']`: The currently pending user, see [User](/docs/expressions/reference/user-object)
|
||||
- `context['pending_user']`: The currently pending user, see [User](../user-group/user.md#object-attributes)
|
||||
- `context['auth_method']`: Authentication method set (this value is set by password stages)
|
||||
|
||||
Depending on method, `context['auth_method_args']` is also set.
|
||||
|
||||
@ -17,6 +17,6 @@ import Objects from '../expressions/_objects.md'
|
||||
|
||||
<Objects />
|
||||
|
||||
- `user`: The current user. This may be `None` if there is no contextual user. See ([User](../expressions/reference/user-object.md))
|
||||
- `user`: The current user. This may be `None` if there is no contextual user. See ([User](../user-group/user.md#object-attributes))
|
||||
- `request`: The current request. This may be `None` if there is no contextual request. See ([Django documentation](https://docs.djangoproject.com/en/3.0/ref/request-response/#httprequest-objects))
|
||||
- Other arbitrary arguments given by the provider, this is documented on the Provider/Source.
|
||||
|
||||
@ -1,7 +1,23 @@
|
||||
---
|
||||
title: User Object
|
||||
title: User
|
||||
---
|
||||
|
||||
## Attributes
|
||||
|
||||
### `goauthentik.io/user/can-change-username`
|
||||
|
||||
Optional flag, when set to false prevents the user from changing their own username.
|
||||
|
||||
### `goauthentik.io/user/token-expires`:
|
||||
|
||||
Optional flag, when set to false, Tokens created by the user will not expire.
|
||||
|
||||
### `goauthentik.io/user/debug`:
|
||||
|
||||
See [Troubleshooting access problems](../troubleshooting/access.md), when set, the user gets a more detailed explanation of access decisions.
|
||||
|
||||
## Object attributes
|
||||
|
||||
The User object has the following attributes:
|
||||
|
||||
- `username`: User's username.
|
||||
@ -11,8 +27,8 @@ The User object has the following attributes:
|
||||
- `is_active` Boolean field if user is active.
|
||||
- `date_joined` Date user joined/was created.
|
||||
- `password_change_date` Date password was last changed.
|
||||
- `attributes` Dynamic attributes.
|
||||
- `group_attributes` Merged attributes of all groups the user is member of and the user's own attributes.
|
||||
- `attributes` Dynamic attributes, see above
|
||||
- `group_attributes()` Merged attributes of all groups the user is member of and the user's own attributes.
|
||||
- `ak_groups` This is a queryset of all the user's groups.
|
||||
|
||||
You can do additional filtering like
|
||||
@ -39,7 +39,7 @@ module.exports = {
|
||||
position: "right",
|
||||
},
|
||||
{
|
||||
href: "https://discord.gg/jg33eMhnj6",
|
||||
href: "https://goauthentik.io/discord",
|
||||
label: "Discord",
|
||||
position: "right",
|
||||
},
|
||||
@ -73,7 +73,7 @@ module.exports = {
|
||||
},
|
||||
{
|
||||
label: "Discord",
|
||||
href: "https://discord.gg/jg33eMhnj6",
|
||||
href: "https://goauthentik.io/discord",
|
||||
},
|
||||
],
|
||||
},
|
||||
@ -119,10 +119,9 @@ module.exports = {
|
||||
<html <%~ it.htmlAttributes %>>
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<meta name="go-import" content="goauthentik.io/api git https://github.com/goauthentik/client-go">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=0.86, maximum-scale=3.0, minimum-scale=0.86">
|
||||
<meta name="generator" content="Docusaurus v<%= it.version %>">
|
||||
<script async defer data-domain="goauthentik.io" src="https://public.s3.beryju.org/plausibl.js"></script>
|
||||
<script async defer data-domain="goauthentik.io" src="https://goauthentik.io/js/script.js"></script>
|
||||
<%~ it.headTags %>
|
||||
<% it.metaAttributes.forEach((metaAttribute) => { %>
|
||||
<%~ metaAttribute %>
|
||||
|
||||
@ -35,7 +35,7 @@ module.exports = {
|
||||
position: "right",
|
||||
},
|
||||
{
|
||||
href: "https://discord.gg/jg33eMhnj6",
|
||||
href: "https://goauthentik.io/discord",
|
||||
label: "Discord",
|
||||
position: "right",
|
||||
},
|
||||
|
||||
@ -1,3 +1,7 @@
|
||||
[[redirects]]
|
||||
from = "/discord"
|
||||
to = "https://discord.gg/jg33eMhnj6"
|
||||
|
||||
[[redirects]]
|
||||
from = "/*"
|
||||
to = "/.netlify/functions/go-get"
|
||||
@ -20,3 +24,15 @@
|
||||
[[redirects]]
|
||||
from = "/version/*"
|
||||
to = "https://raw.githubusercontent.com/goauthentik/authentik/version-:splat"
|
||||
|
||||
[[redirects]]
|
||||
from = "/js/script.js"
|
||||
to = "https://plausible.io/js/plausible.outbound-links.js"
|
||||
status = 200
|
||||
force = true
|
||||
|
||||
[[redirects]]
|
||||
from = "/api/event"
|
||||
to = "https://analytics.beryju.org/api/event"
|
||||
status = 200
|
||||
force = true
|
||||
|
||||
46
website/package-lock.json
generated
46
website/package-lock.json
generated
@ -12,7 +12,7 @@
|
||||
"@docusaurus/preset-classic": "2.0.0-beta.7",
|
||||
"@mdx-js/react": "^1.6.22",
|
||||
"clsx": "^1.1.1",
|
||||
"postcss": "^8.3.9",
|
||||
"postcss": "^8.3.10",
|
||||
"rapidoc": "^9.1.3",
|
||||
"react": "^17.0.2",
|
||||
"react-before-after-slider-component": "^1.1.1",
|
||||
@ -9264,9 +9264,9 @@
|
||||
"optional": true
|
||||
},
|
||||
"node_modules/nanoid": {
|
||||
"version": "3.1.28",
|
||||
"resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.1.28.tgz",
|
||||
"integrity": "sha512-gSu9VZ2HtmoKYe/lmyPFES5nknFrHa+/DT9muUFWFMi6Jh9E1I7bkvlQ8xxf1Kos9pi9o8lBnIOkatMhKX/YUw==",
|
||||
"version": "3.1.30",
|
||||
"resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.1.30.tgz",
|
||||
"integrity": "sha512-zJpuPDwOv8D2zq2WRoMe1HsfZthVewpel9CAvTfc/2mBD1uUT/agc5f7GHGWXlYkFvi1mVxe4IjvP2HNrop7nQ==",
|
||||
"bin": {
|
||||
"nanoid": "bin/nanoid.cjs"
|
||||
},
|
||||
@ -10145,12 +10145,12 @@
|
||||
}
|
||||
},
|
||||
"node_modules/postcss": {
|
||||
"version": "8.3.9",
|
||||
"resolved": "https://registry.npmjs.org/postcss/-/postcss-8.3.9.tgz",
|
||||
"integrity": "sha512-f/ZFyAKh9Dnqytx5X62jgjhhzttjZS7hMsohcI7HEI5tjELX/HxCy3EFhsRxyzGvrzFF+82XPvCS8T9TFleVJw==",
|
||||
"version": "8.3.10",
|
||||
"resolved": "https://registry.npmjs.org/postcss/-/postcss-8.3.10.tgz",
|
||||
"integrity": "sha512-YYfvfUdWx+ECpr5Hgc6XRfsaux8LksL5ey8qTtWiuRXOpOF1YYMwAySdh0nSmwhZAFvvJ6rgiIkKVShu4x2T1Q==",
|
||||
"dependencies": {
|
||||
"nanoid": "^3.1.28",
|
||||
"picocolors": "^0.2.1",
|
||||
"nanoid": "^3.1.30",
|
||||
"picocolors": "^1.0.0",
|
||||
"source-map-js": "^0.6.2"
|
||||
},
|
||||
"engines": {
|
||||
@ -10860,6 +10860,11 @@
|
||||
"postcss": "^8.2.15"
|
||||
}
|
||||
},
|
||||
"node_modules/postcss/node_modules/picocolors": {
|
||||
"version": "1.0.0",
|
||||
"resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.0.0.tgz",
|
||||
"integrity": "sha512-1fygroTLlHu66zi26VoTDv8yRgm0Fccecssto+MhsZ0D/DGW2sm8E8AjW7NU5VVTRt5GxbeZ5qBuJr+HyLYkjQ=="
|
||||
},
|
||||
"node_modules/prepend-http": {
|
||||
"version": "2.0.0",
|
||||
"resolved": "https://registry.npmjs.org/prepend-http/-/prepend-http-2.0.0.tgz",
|
||||
@ -22510,9 +22515,9 @@
|
||||
"optional": true
|
||||
},
|
||||
"nanoid": {
|
||||
"version": "3.1.28",
|
||||
"resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.1.28.tgz",
|
||||
"integrity": "sha512-gSu9VZ2HtmoKYe/lmyPFES5nknFrHa+/DT9muUFWFMi6Jh9E1I7bkvlQ8xxf1Kos9pi9o8lBnIOkatMhKX/YUw=="
|
||||
"version": "3.1.30",
|
||||
"resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.1.30.tgz",
|
||||
"integrity": "sha512-zJpuPDwOv8D2zq2WRoMe1HsfZthVewpel9CAvTfc/2mBD1uUT/agc5f7GHGWXlYkFvi1mVxe4IjvP2HNrop7nQ=="
|
||||
},
|
||||
"nanomatch": {
|
||||
"version": "1.2.13",
|
||||
@ -23150,13 +23155,20 @@
|
||||
"integrity": "sha1-AerA/jta9xoqbAL+q7jB/vfgDqs="
|
||||
},
|
||||
"postcss": {
|
||||
"version": "8.3.9",
|
||||
"resolved": "https://registry.npmjs.org/postcss/-/postcss-8.3.9.tgz",
|
||||
"integrity": "sha512-f/ZFyAKh9Dnqytx5X62jgjhhzttjZS7hMsohcI7HEI5tjELX/HxCy3EFhsRxyzGvrzFF+82XPvCS8T9TFleVJw==",
|
||||
"version": "8.3.10",
|
||||
"resolved": "https://registry.npmjs.org/postcss/-/postcss-8.3.10.tgz",
|
||||
"integrity": "sha512-YYfvfUdWx+ECpr5Hgc6XRfsaux8LksL5ey8qTtWiuRXOpOF1YYMwAySdh0nSmwhZAFvvJ6rgiIkKVShu4x2T1Q==",
|
||||
"requires": {
|
||||
"nanoid": "^3.1.28",
|
||||
"picocolors": "^0.2.1",
|
||||
"nanoid": "^3.1.30",
|
||||
"picocolors": "^1.0.0",
|
||||
"source-map-js": "^0.6.2"
|
||||
},
|
||||
"dependencies": {
|
||||
"picocolors": {
|
||||
"version": "1.0.0",
|
||||
"resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.0.0.tgz",
|
||||
"integrity": "sha512-1fygroTLlHu66zi26VoTDv8yRgm0Fccecssto+MhsZ0D/DGW2sm8E8AjW7NU5VVTRt5GxbeZ5qBuJr+HyLYkjQ=="
|
||||
}
|
||||
}
|
||||
},
|
||||
"postcss-calc": {
|
||||
|
||||
@ -16,7 +16,7 @@
|
||||
"@docusaurus/preset-classic": "2.0.0-beta.7",
|
||||
"@mdx-js/react": "^1.6.22",
|
||||
"clsx": "^1.1.1",
|
||||
"postcss": "^8.3.9",
|
||||
"postcss": "^8.3.10",
|
||||
"rapidoc": "^9.1.3",
|
||||
"react": "^17.0.2",
|
||||
"react-before-after-slider-component": "^1.1.1",
|
||||
|
||||
@ -8,6 +8,13 @@ module.exports = {
|
||||
type: "doc",
|
||||
id: "terminology",
|
||||
},
|
||||
{
|
||||
type: "category",
|
||||
label: "Users & Groups",
|
||||
items: [
|
||||
"user-group/user"
|
||||
]
|
||||
},
|
||||
{
|
||||
type: "category",
|
||||
label: "Installation",
|
||||
@ -145,17 +152,6 @@ module.exports = {
|
||||
label: "Property Mappings",
|
||||
items: ["property-mappings/index", "property-mappings/expression"],
|
||||
},
|
||||
{
|
||||
type: "category",
|
||||
label: "Expressions",
|
||||
items: [
|
||||
{
|
||||
type: "category",
|
||||
label: "Reference",
|
||||
items: ["expressions/reference/user-object"],
|
||||
},
|
||||
],
|
||||
},
|
||||
{
|
||||
type: "category",
|
||||
label: "Events",
|
||||
|
||||
Reference in New Issue
Block a user