Compare commits

...

1262 Commits

Author SHA1 Message Date
1883402b3d release: 2022.5.3 2022-05-28 12:04:26 +02:00
88a8b7d2fa outposts/ldap: fix type assertion after upgrading to new API Client
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-27 21:43:58 +02:00
987f03c4be website/docs: Update flow to run only during Github logins (#2959) 2022-05-27 21:43:55 +02:00
1b3aacfa1d providers/oauth2: add migration from "*" to ".*"
closes #2970

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-27 21:43:51 +02:00
3a994ab2a4 website/docs: prepare 2022.5.3
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-26 22:18:02 +02:00
d7713357f4 api: migrate to openapi generator v6 (#2968)
* migrate to openapi generator v6

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* bump api

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
# Conflicts:
#	go.mod
#	go.sum
2022-05-26 22:17:57 +02:00
e7c03fdb14 web/admin: add note that regex is used for redirect URIs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-26 22:17:37 +02:00
6105956847 providers/oauth2: regex-escape URLs when set to blank
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-26 22:17:34 +02:00
89028f175a website/docs: Fix misconfiguration causing POST requests behing Nginx to timeout (#2967)
* Update _nginx_proxy_manager.md

* Update _nginx_standalone.md
2022-05-26 22:17:31 +02:00
f121098957 root: Add docker-compose postgresql and redis healthchecks (#2958)
* Add healthchecks to docker compose

Add healthchecks for postgresql and redis, see als #2519

* bump docker-compose version to 3.4
2022-05-26 22:17:10 +02:00
4ff32af343 flows: fix flakiness in tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-26 22:17:03 +02:00
972868c15c providers/oauth2: only set expiry on user when it was freshly created
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-26 22:16:55 +02:00
0bc57f571b api: update API browser to match admin UI and auto-switch theme
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-26 22:16:34 +02:00
9de5b6f93e build(deps): bump rapidoc from 9.2.0 to 9.3.2 in /web (#2957)
Bumps [rapidoc](https://github.com/rapi-doc/RapiDoc) from 9.2.0 to 9.3.2.
- [Release notes](https://github.com/rapi-doc/RapiDoc/releases)
- [Commits](https://github.com/rapi-doc/RapiDoc/compare/v9.2.0...v9.3.2)

---
updated-dependencies:
- dependency-name: rapidoc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-26 22:16:34 +02:00
cc744dc581 flows: fix lint
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-25 00:04:58 +02:00
47006fc9d2 website/docs: fix formatting
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-24 23:38:15 +02:00
a03e48c5ce website/docs: prepare 2022.5.3
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-24 23:35:09 +02:00
816b0c7d83 flows: fix re-imports of entries with identical PK re-creating objects
closes #2941

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-24 23:35:06 +02:00
0edf4296c4 web/elements: fix used_by refreshing for all elements when using DeleteBulkForm
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-24 22:14:29 +02:00
b8fdda50ec ensure all viewsets have filter and search and add tests (#2946)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-24 22:13:59 +02:00
ab1840dd66 web: Update Web API Client version (#2944) 2022-05-24 20:05:06 +02:00
482491e93c core: fix username validator not allowing changes that can be done via flows
closes #2755

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-24 19:40:54 +02:00
2ca991ba3d website/docs: fix grammar (#2943) 2022-05-24 13:56:19 +02:00
b20c384f5a build(deps): bump @typescript-eslint/parser from 5.25.0 to 5.26.0 in /web (#2937)
build(deps): bump @typescript-eslint/parser in /web

Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.25.0 to 5.26.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.26.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-24 10:29:21 +02:00
9ce8edbcd6 build(deps): bump country-flag-icons from 1.5.2 to 1.5.4 in /web (#2938)
Bumps [country-flag-icons](https://gitlab.com/catamphetamine/country-flag-icons) from 1.5.2 to 1.5.4.
- [Release notes](https://gitlab.com/catamphetamine/country-flag-icons/tags)
- [Changelog](https://gitlab.com/catamphetamine/country-flag-icons/blob/master/CHANGELOG.md)
- [Commits](https://gitlab.com/catamphetamine/country-flag-icons/compare/v1.5.2...v1.5.4)

---
updated-dependencies:
- dependency-name: country-flag-icons
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-24 10:27:25 +02:00
cb5b2148a3 build(deps): bump @typescript-eslint/eslint-plugin from 5.25.0 to 5.26.0 in /web (#2939)
build(deps): bump @typescript-eslint/eslint-plugin in /web

Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.25.0 to 5.26.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.26.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-24 10:27:14 +02:00
d5702c6282 web/admin: fix broken flow execute link (#2940) 2022-05-24 10:26:58 +02:00
61a876b582 providers/saml: handle parse error
AUTHENTIK-1K5

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-23 22:03:12 +02:00
8c9748e4a0 providers/oauth2: improve error handling for invalid regular expressions
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-23 20:47:36 +02:00
6460245d5e website/docs: add missing docs for #2828
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-23 20:42:00 +02:00
b7979ad48e Revert "events: ignore silk SQLQuery object"
This reverts commit a26f25ccd6.

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-23 20:29:05 +02:00
cbd95848e7 web: decrease elements that refresh on global refresh signal
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-23 20:26:33 +02:00
4704de937a stages/user_write: fix typo in request context variable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-23 20:18:37 +02:00
394d8e99a4 policies: improve error logging
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-23 20:18:00 +02:00
a26f25ccd6 events: ignore silk SQLQuery object
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-23 20:17:52 +02:00
94257e0f50 web/admin: refactor table refresh to preserve selected/expanded elements correctly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-23 20:07:56 +02:00
b2a42a68a4 web/admin: fix flow diagram not updating on flow changes
closes #2932

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-23 19:48:33 +02:00
7895d59da3 Translate '/web/src/locales/en.po' in 'zh_CN' (#2934)
Translate /web/src/locales/en.po in zh_CN

translation completed for the source file '/web/src/locales/en.po'
on the 'zh_CN' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-05-23 14:13:17 +02:00
b54c60d7af Translate '/web/src/locales/en.po' in 'zh-Hans' (#2935)
Translate /web/src/locales/en.po in zh-Hans

translation completed for the source file '/web/src/locales/en.po'
on the 'zh-Hans' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-05-23 14:13:08 +02:00
6bab3bf68e web/elements: fix missing click handler on wizard close button
closes #2931
2022-05-23 09:33:16 +00:00
fdc09c658a web/admin: fix phrasing on LDAP provider form for bind mode 2022-05-23 09:28:22 +00:00
a690a02f99 web/admin: fix display of LDAP bind mode
closes #2930
2022-05-23 09:24:57 +00:00
0e912fd647 build(deps): bump codemirror from 5.65.3 to 5.65.4 in /web (#2923) 2022-05-23 09:11:23 +02:00
27af330932 build(deps): bump eslint from 8.15.0 to 8.16.0 in /web (#2924) 2022-05-23 09:11:12 +02:00
7187d28905 build(deps): bump country-flag-icons from 1.4.26 to 1.5.2 in /web (#2925) 2022-05-23 09:10:18 +02:00
ca832b6090 build(deps-dev): bump importlib-metadata from 4.11.3 to 4.11.4 (#2926) 2022-05-23 09:10:03 +02:00
53bd6bf06e build(deps-dev): bump coverage from 6.3.3 to 6.4 (#2927) 2022-05-23 09:09:49 +02:00
813f271bdd build(deps): bump goauthentik.io/api/v3 from 3.2022041.10 to 3.2022052.2 (#2928) 2022-05-23 09:09:31 +02:00
63dc8fe7dc crypto: set SAN in default generated Certificate to semi-random domain
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2462
2022-05-22 23:22:06 +02:00
383f4e4dcf root: exempt question for stale
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-22 22:56:29 +02:00
2896652fef web: Update Web API Client version (#2922)
Signed-off-by: GitHub <noreply@github.com>

Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
2022-05-22 19:36:17 +02:00
cfe2648b62 events: fix transport not allowing blank values
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-22 19:32:58 +02:00
8d49705c87 web/admin: add set password button to user view page
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-22 16:46:38 +02:00
c99e6d8f2c website: fix typo in title
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-21 19:10:16 +02:00
0996bb500c web: Update Web API Client version (#2920) 2022-05-21 18:07:18 +02:00
3d4a45c93f release: 2022.5.2 2022-05-21 17:17:21 +02:00
0642af0b78 website/docs: add 2022.5.2 changelog
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-21 17:16:43 +02:00
dce623dd7c web/user: fix use sub-pages not redirecting back to the subpage
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-21 17:07:30 +02:00
646d174dd2 internal: revert cookie path on proxy causing redirect loops
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-21 16:26:12 +02:00
b8fdb82adc web/admin: improve error handling in TokenCopyButton
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-21 15:56:06 +02:00
75d6cd1674 outposts: ensure the user and token are created on initial outpost save
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-21 15:55:19 +02:00
5c91658484 internal: fix nil pointer dereference in ldap outpost
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-21 15:48:50 +02:00
ebb44c992b Revert "internal: set SameSite for outpost"
This reverts commit 7e95c756b9.
2022-05-21 14:08:40 +02:00
233bb35ebe Translate '/web/src/locales/en.po' in 'zh_CN' (#2913)
Translate /web/src/locales/en.po in zh_CN

translation completed for the source file '/web/src/locales/en.po'
on the 'zh_CN' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-05-21 13:22:20 +02:00
f60d0b9753 Translate '/web/src/locales/en.po' in 'zh-Hans' (#2914)
Translate /web/src/locales/en.po in zh-Hans

translation completed for the source file '/web/src/locales/en.po'
on the 'zh-Hans' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-05-21 13:22:12 +02:00
7e95c756b9 internal: set SameSite for outpost
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-21 13:21:45 +02:00
be26b92927 internal: cleanup outpost logs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-21 13:18:06 +02:00
dd3ed1bfb9 web/admin: make external host clickable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-21 13:10:26 +02:00
6f56a61a64 website/docs: add docs for advanced SSH config
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2916
2022-05-21 13:06:54 +02:00
2dee8034d3 outposts: allow externally managed SSH Config for outposts (#2917) 2022-05-21 12:10:08 +02:00
d9d42020cc root: fix missing curl in dockerfile
closes #2915

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-21 00:49:15 +02:00
90298a2b6c website/docs: fix typo
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-21 00:15:40 +02:00
7c17e7d52f web: Update Web API Client version (#2912) 2022-05-20 19:53:05 +02:00
fbb3ca98c1 website: add 2022.5 to sidebar
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-20 19:47:46 +02:00
220d21c3e0 release: 2022.5.1 2022-05-20 19:34:45 +02:00
84e74bc21e website/docs: final 2022.5 release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-20 19:34:43 +02:00
ec15060c84 web/admin: add button to empty state to clear search (#2911) 2022-05-20 18:01:26 +02:00
334898ae23 website/integrations: Fix Gitea integration manual steps (#2910) 2022-05-20 16:47:39 +02:00
b43df2ae27 stages/identification: redirect with QS to keep next parameters (#2909)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-20 16:10:10 +02:00
a52638d898 internal: fix typo in session name constant
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-20 10:10:29 +02:00
5bc893b890 build(deps): bump @babel/plugin-transform-runtime from 7.17.12 to 7.18.0 in /web (#2904) 2022-05-20 09:45:53 +02:00
fe5d9e4cd2 build(deps): bump @babel/core from 7.17.12 to 7.18.0 in /web (#2903) 2022-05-20 09:45:27 +02:00
a7442e0043 build(deps): bump @formatjs/intl-listformat from 6.5.3 to 7.0.1 in /web (#2905) 2022-05-20 09:45:06 +02:00
8103bbf9af build(deps): bump rollup from 2.73.0 to 2.74.1 in /web (#2906) 2022-05-20 09:44:50 +02:00
056b90b590 build(deps): bump @babel/preset-env from 7.17.12 to 7.18.0 in /web (#2907) 2022-05-20 09:44:37 +02:00
70221e3d14 web: fix labels in forms for dark mode
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-19 22:03:03 +02:00
d570feffac flows: add types to diagrams (#2902)
* add policy and stage types to diagram

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* show policies bound to the root flow

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix get_build_hash being empty

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-19 20:50:28 +02:00
3d52266773 flows: handle missing initial_data in challenge
AUTHENTIK-1HK

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-19 20:31:28 +02:00
7bdecd2ee6 stages/user_write: dynamic groups (#2901)
* stages/user_write: add dynamic groups

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* simplify functions

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-19 20:28:16 +02:00
a500ff28ac website/integrations: update proxmox docs (#2899)
Signed-off-by: Victor Roest <victor@xirion.net>
2022-05-19 20:23:27 +02:00
263bcae050 web/admin: improve empty state
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	web/src/elements/table/TablePage.ts
#	web/src/pages/applications/ApplicationListPage.ts
2022-05-19 10:21:46 +02:00
8691a79204 build(deps): bump postcss from 8.4.13 to 8.4.14 in /website (#2900)
Bumps [postcss](https://github.com/postcss/postcss) from 8.4.13 to 8.4.14.
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/postcss/postcss/compare/8.4.13...8.4.14)

---
updated-dependencies:
- dependency-name: postcss
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-19 09:29:30 +02:00
3b0b6dcf29 web: fix display of radio buttons on wizard pages
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-18 23:09:02 +02:00
11f7935155 providers/oauth2: use regex to check redirect URI
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2799
2022-05-18 21:22:27 +02:00
450a26d1b5 build(deps): bump @typescript-eslint/parser from 5.24.0 to 5.25.0 in /web (#2895)
build(deps): bump @typescript-eslint/parser in /web

Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.24.0 to 5.25.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.25.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-18 09:51:51 +02:00
3e42c1bad4 build(deps): bump @typescript-eslint/eslint-plugin from 5.24.0 to 5.25.0 in /web (#2896)
build(deps): bump @typescript-eslint/eslint-plugin in /web

Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.24.0 to 5.25.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.25.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-18 09:50:15 +02:00
5abbb7657b build(deps): bump lit from 2.2.3 to 2.2.4 in /web (#2897)
Bumps [lit](https://github.com/lit/lit/tree/HEAD/packages/lit) from 2.2.3 to 2.2.4.
- [Release notes](https://github.com/lit/lit/releases)
- [Changelog](https://github.com/lit/lit/blob/main/packages/lit/CHANGELOG.md)
- [Commits](https://github.com/lit/lit/commits/lit@2.2.4/packages/lit)

---
updated-dependencies:
- dependency-name: lit
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-18 09:50:03 +02:00
75b0fb3393 sources/oauth: migrate twitter to oauth2 (#2893) 2022-05-18 00:03:02 +02:00
538c2ca4d3 stages/authenticator_*: directly save devices into db instead of session to prevent race conditions
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-17 10:02:30 +02:00
5080840ed9 admin: ensure disable_update_check is set to false for tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-17 10:00:26 +02:00
eded9bfb2d build(deps): bump @babel/preset-typescript from 7.16.7 to 7.17.12 in /web (#2885)
build(deps): bump @babel/preset-typescript in /web

Bumps [@babel/preset-typescript](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-typescript) from 7.16.7 to 7.17.12.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.17.12/packages/babel-preset-typescript)

---
updated-dependencies:
- dependency-name: "@babel/preset-typescript"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-17 09:34:09 +02:00
b3a43ae37c build(deps): bump @typescript-eslint/parser from 5.23.0 to 5.24.0 in /web (#2884)
build(deps): bump @typescript-eslint/parser in /web

Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.23.0 to 5.24.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.24.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-17 09:30:24 +02:00
dc78746825 build(deps): bump @babel/preset-env from 7.17.10 to 7.17.12 in /web (#2881)
Bumps [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env) from 7.17.10 to 7.17.12.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.17.12/packages/babel-preset-env)

---
updated-dependencies:
- dependency-name: "@babel/preset-env"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-17 09:29:58 +02:00
3c6828cbba Translate '/web/src/locales/en.po' in 'zh_CN' (#2878)
Translate /web/src/locales/en.po in zh_CN

translation completed for the source file '/web/src/locales/en.po'
on the 'zh_CN' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-05-17 09:29:45 +02:00
26646264dc Translate '/web/src/locales/en.po' in 'zh-Hans' (#2879)
Translate /web/src/locales/en.po in zh-Hans

translation completed for the source file '/web/src/locales/en.po'
on the 'zh-Hans' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-05-17 09:29:36 +02:00
f7ecfdd4b6 build(deps): bump @typescript-eslint/eslint-plugin from 5.23.0 to 5.24.0 in /web (#2883)
build(deps): bump @typescript-eslint/eslint-plugin in /web

Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.23.0 to 5.24.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.24.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-17 09:29:20 +02:00
967c80069b build(deps): bump @babel/core from 7.17.10 to 7.17.12 in /web (#2882)
Bumps [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) from 7.17.10 to 7.17.12.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.17.12/packages/babel-core)

---
updated-dependencies:
- dependency-name: "@babel/core"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-17 09:28:57 +02:00
f8b0c071b7 build(deps): bump @babel/plugin-transform-runtime from 7.17.10 to 7.17.12 in /web (#2886)
build(deps): bump @babel/plugin-transform-runtime in /web

Bumps [@babel/plugin-transform-runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-runtime) from 7.17.10 to 7.17.12.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.17.12/packages/babel-plugin-transform-runtime)

---
updated-dependencies:
- dependency-name: "@babel/plugin-transform-runtime"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-17 09:28:40 +02:00
221ab47410 build(deps): bump actions/setup-node from 3.1.1 to 3.2.0 (#2887)
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.1.1 to 3.2.0.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v3.1.1...v3.2.0)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-17 09:27:50 +02:00
ffe162214f build(deps): bump @babel/plugin-proposal-decorators from 7.17.9 to 7.17.12 in /web (#2888)
build(deps): bump @babel/plugin-proposal-decorators in /web

Bumps [@babel/plugin-proposal-decorators](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-proposal-decorators) from 7.17.9 to 7.17.12.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.17.12/packages/babel-plugin-proposal-decorators)

---
updated-dependencies:
- dependency-name: "@babel/plugin-proposal-decorators"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-17 09:27:24 +02:00
ad9d8d26ed build(deps): bump paramiko from 2.10.4 to 2.11.0 (#2889)
Bumps [paramiko](https://github.com/paramiko/paramiko) from 2.10.4 to 2.11.0.
- [Release notes](https://github.com/paramiko/paramiko/releases)
- [Changelog](https://github.com/paramiko/paramiko/blob/main/NEWS)
- [Commits](https://github.com/paramiko/paramiko/compare/2.10.4...2.11.0)

---
updated-dependencies:
- dependency-name: paramiko
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-17 09:27:07 +02:00
35402ada17 website/docs: fix missing new name attribute for invitations
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-16 20:40:24 +02:00
086a44bdbd web/user: add message upon source connection deletion
closes #2522

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-16 20:28:23 +02:00
6494a0352f Translate '/web/src/locales/en.po' in 'zh-Hans' (#2877) 2022-05-16 09:20:20 +02:00
ca1fb737a8 Translate '/web/src/locales/en.po' in 'zh_CN' (#2876) 2022-05-16 09:20:02 +02:00
9e91a0a85d build(deps): bump github.com/prometheus/client_golang from 1.12.1 to 1.12.2 (#2875) 2022-05-16 09:19:36 +02:00
4e68fe2fea build(deps): bump goauthentik.io/api/v3 from 3.2022041.6 to 3.2022041.10 (#2874) 2022-05-16 09:19:26 +02:00
a36eab81eb build(deps-dev): bump pylint from 2.13.8 to 2.13.9 (#2873) 2022-05-16 09:19:09 +02:00
215b2a3224 build(deps): bump @patternfly/patternfly from 4.192.1 to 4.194.4 in /web (#2872) 2022-05-16 09:17:43 +02:00
4c3f8e446f build(deps): bump yaml from 2.0.1 to 2.1.0 in /web (#2871) 2022-05-16 09:17:31 +02:00
4b9922e5b1 build(deps): bump rollup from 2.72.1 to 2.73.0 in /web (#2870) 2022-05-16 09:17:17 +02:00
6324521424 build(deps): bump react-before-after-slider-component from 1.1.2 to 1.1.3 in /website (#2869) 2022-05-16 09:17:02 +02:00
d6b18f2833 web: Update Web API Client version (#2868) 2022-05-16 01:13:29 +02:00
333e58ce2f flows/layouts (#2867) 2022-05-16 01:10:23 +02:00
699d3ca067 ci: exclude confirmed issues from stale
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-15 23:16:52 +02:00
296779ddf1 providers/ldap: remove technical preview disclaimer
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-15 17:33:03 +02:00
8669f498f1 web: Update Web API Client version (#2866)
Signed-off-by: GitHub <noreply@github.com>

Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
2022-05-14 22:43:55 +02:00
4de2ac3248 events: add task to expire seen notifications
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 22:41:50 +02:00
eb4dce91c3 events: add user filter to notifications
as superuser all notifications are returned regardless of permission so we need to filter

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 22:31:13 +02:00
c64a99345b web: fix scrolling issue on library page
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 21:58:42 +02:00
2e174a1be5 website/docs: update 2022.5 release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 21:48:28 +02:00
11ef500475 web: Update Web API Client version (#2865)
Signed-off-by: GitHub <noreply@github.com>

Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
2022-05-14 21:38:38 +02:00
d4fd6153c8 api: fix OwnerFilter filtering out objects for superusers
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 21:36:00 +02:00
85b6bfbe5f sources: fix parent serializer for user connections
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 21:26:02 +02:00
5ddd138c97 web: update default flow background
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 20:08:59 +02:00
5644d5f3f7 stages/authenticator_totp: fix key error
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 19:57:00 +02:00
be06adcb59 web: lazy load parts of interfaces (#2864) 2022-05-14 17:07:37 +02:00
4da350ebfc web: fix dateTimeLocal() dropping local timezone
closes #2860

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 12:47:30 +02:00
f391c33bdf providers/oauth2: fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 12:41:40 +02:00
18f450bd49 root: enable sentry for tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 12:29:30 +02:00
ee36b7f3eb flows: move autosubmit stage into flows package
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 12:06:19 +02:00
f56d619243 web: Update Web API Client version (#2862) 2022-05-14 00:17:33 +02:00
a9a62bbfc8 providers/oauth2: use correct title based on flow context and translated
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 00:08:29 +02:00
ddd785898b providers/saml: add title attribute to autosubmit stage and render correctly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 00:08:14 +02:00
8ba45a5f6a providers/oauth2: don't create events before client_id can be verified to prevent spam
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 00:02:01 +02:00
7d41e6227b providers/oauth2: add tests for form_post, fix attrs not being flattened
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-13 23:52:50 +02:00
1363226697 providers/saml: make SAML metadata generation consistent
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-13 17:40:18 +02:00
25910bb577 build(deps-dev): bump coverage from 6.3.2 to 6.3.3 (#2857)
Bumps [coverage](https://github.com/nedbat/coveragepy) from 6.3.2 to 6.3.3.
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](https://github.com/nedbat/coveragepy/compare/6.3.2...6.3.3)

---
updated-dependencies:
- dependency-name: coverage
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-13 09:44:07 +02:00
62e54a3a51 build(deps): bump pyjwt from 2.3.0 to 2.4.0 (#2858)
Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.3.0 to 2.4.0.
- [Release notes](https://github.com/jpadilla/pyjwt/releases)
- [Changelog](https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/jpadilla/pyjwt/compare/2.3.0...2.4.0)

---
updated-dependencies:
- dependency-name: pyjwt
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-13 09:43:54 +02:00
5f5b4c962b ci: fix website mark
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-12 22:54:29 +02:00
4a9a19eacb website/integrations: clear up home-assistant integration
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-12 21:40:58 +02:00
d4abf5621e providers/oauth2: add support for form_post response mode (#2818)
* Added request verification and parameter generation

* response_mode added to OAuthAuthorizationParams return

* Added class OauthPostFulfillmentStage
Check response_mode in initialization

* Corrected typo

* Removed separate class
Added handling for FORM_POST in create_response_uri
Added handling for FORM_POST in return class

* Fixed pylint error (trailing-whitespace)
Removed comment

* Reformatted authorize.py with black
2022-05-12 21:36:31 +02:00
1cb71b5217 web: fix invalid import paths
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-12 13:22:22 +02:00
a884f23855 build(deps-dev): bump pytest-randomly from 3.11.0 to 3.12.0 (#2855)
Bumps [pytest-randomly](https://github.com/pytest-dev/pytest-randomly) from 3.11.0 to 3.12.0.
- [Release notes](https://github.com/pytest-dev/pytest-randomly/releases)
- [Changelog](https://github.com/pytest-dev/pytest-randomly/blob/main/HISTORY.rst)
- [Commits](https://github.com/pytest-dev/pytest-randomly/compare/3.11.0...3.12.0)

---
updated-dependencies:
- dependency-name: pytest-randomly
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-12 09:44:55 +02:00
421b003218 internal: set path on cookie for proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2305
2022-05-11 10:08:38 +02:00
25a4310bb1 internal: use Expires not MaxAge for LDAP session
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-11 10:04:32 +02:00
e897307548 Translate /web/src/locales/en.po in zh_CN (#2846)
translation completed for the source file '/web/src/locales/en.po'
on the 'zh_CN' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-05-11 10:00:09 +02:00
0fd959c5c0 Translate /web/src/locales/en.po in zh-Hans (#2847)
translation completed for the source file '/web/src/locales/en.po'
on the 'zh-Hans' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-05-11 10:00:00 +02:00
ce7d18798f build(deps): bump golang from 1.18.1-bullseye to 1.18.2-bullseye (#2848)
Bumps golang from 1.18.1-bullseye to 1.18.2-bullseye.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-11 09:59:08 +02:00
be3b034cb8 build(deps): bump fuse.js from 6.6.1 to 6.6.2 in /web (#2849)
Bumps [fuse.js](https://github.com/krisk/Fuse) from 6.6.1 to 6.6.2.
- [Release notes](https://github.com/krisk/Fuse/releases)
- [Changelog](https://github.com/krisk/Fuse/blob/master/CHANGELOG.md)
- [Commits](https://github.com/krisk/Fuse/compare/v6.6.1...v6.6.2)

---
updated-dependencies:
- dependency-name: fuse.js
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-11 09:58:59 +02:00
9f674442d3 build(deps): bump goauthentik.io/api/v3 from 3.2022041.5 to 3.2022041.6 (#2850)
Bumps [goauthentik.io/api/v3](https://github.com/goauthentik/client-go) from 3.2022041.5 to 3.2022041.6.
- [Release notes](https://github.com/goauthentik/client-go/releases)
- [Commits](https://github.com/goauthentik/client-go/compare/v3.2022041.5...v3.2022041.6)

---
updated-dependencies:
- dependency-name: goauthentik.io/api/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-11 09:58:51 +02:00
c21793943d build(deps): bump sentry-sdk from 1.5.11 to 1.5.12 (#2851)
Bumps [sentry-sdk](https://github.com/getsentry/sentry-python) from 1.5.11 to 1.5.12.
- [Release notes](https://github.com/getsentry/sentry-python/releases)
- [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-python/compare/1.5.11...1.5.12)

---
updated-dependencies:
- dependency-name: sentry-sdk
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-11 09:57:50 +02:00
ec67b60219 policies/hibp: check in prompt data (#2845)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-10 23:47:36 +02:00
2fe553785e web: Update Web API Client version (#2844)
Signed-off-by: GitHub <noreply@github.com>

Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
2022-05-10 21:08:47 +02:00
fd1d38f844 stages/authenticator_validate: remember (#2828)
* initial

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: cleanup timedelta help

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tooltip

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* assert response code in self.assertStageResponse

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add more tests, add duo

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-10 21:05:22 +02:00
4d755dc0f6 build(deps): bump goauthentik.io/api/v3 from 3.2022041.4 to 3.2022041.5 (#2843)
* build(deps): bump goauthentik.io/api/v3 from 3.2022041.4 to 3.2022041.5

Bumps [goauthentik.io/api/v3](https://github.com/goauthentik/client-go) from 3.2022041.4 to 3.2022041.5.
- [Release notes](https://github.com/goauthentik/client-go/releases)
- [Commits](https://github.com/goauthentik/client-go/compare/v3.2022041.4...v3.2022041.5)

---
updated-dependencies:
- dependency-name: goauthentik.io/api/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-10 20:33:19 +02:00
30c65f9e61 web: Update Web API Client version (#2840)
* web: Update Web API Client version

Signed-off-by: GitHub <noreply@github.com>

* fix

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-10 10:37:50 +02:00
3554406aa5 root: fix duplicate enum in api scheme
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-10 10:24:18 +02:00
5eeaac1ad9 ci: fix path for bumping web api client version
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-10 10:19:15 +02:00
5a172abdb9 ci: allow manual triggering of web API release
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-10 10:12:47 +02:00
8f861d8ecb website/docs: Expanded documentation for SAML Federation w/ examples. (#2822)
* Expanded documentation for SAML Federation w/ examples.

* Added short section for setup on IDP side

* Formatting according to guidelines
Changed example section to table instead of headings

* Escaped <> for formatting

* Fixed quotation on <>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-10 10:11:10 +02:00
f9fdcd2d07 build(deps): bump @typescript-eslint/parser in /web (#2837)
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.22.0 to 5.23.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.23.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-10 09:35:03 +02:00
ed58f21a21 build(deps): bump @typescript-eslint/eslint-plugin in /web (#2838)
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.22.0 to 5.23.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.23.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-10 09:33:50 +02:00
45af8eb4be build(deps): bump @docusaurus/preset-classic in /website (#2834)
Bumps [@docusaurus/preset-classic](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-preset-classic) from 2.0.0-beta.18 to 2.0.0-beta.20.
- [Release notes](https://github.com/facebook/docusaurus/releases)
- [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/docusaurus/commits/v2.0.0-beta.20/packages/docusaurus-preset-classic)

---
updated-dependencies:
- dependency-name: "@docusaurus/preset-classic"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-09 21:33:04 +02:00
88573105a0 build(deps): bump @docusaurus/plugin-client-redirects in /website (#2835)
Bumps [@docusaurus/plugin-client-redirects](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-plugin-client-redirects) from 2.0.0-beta.18 to 2.0.0-beta.20.
- [Release notes](https://github.com/facebook/docusaurus/releases)
- [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/docusaurus/commits/v2.0.0-beta.20/packages/docusaurus-plugin-client-redirects)

---
updated-dependencies:
- dependency-name: "@docusaurus/plugin-client-redirects"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-09 21:31:03 +02:00
f9469e3f99 website: format docs with prettier (#2833)
* run prettier

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add scim to comparison

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-09 21:22:41 +02:00
26d92d9259 build(deps): bump kubernetes from 23.3.0 to 23.6.0 (#2832) 2022-05-09 09:11:28 +02:00
9cb0d37d51 build(deps): bump rollup from 2.72.0 to 2.72.1 in /web (#2831) 2022-05-09 09:11:23 +02:00
5a25e1524a build(deps): bump eslint from 8.14.0 to 8.15.0 in /web (#2830) 2022-05-09 09:11:17 +02:00
9e1a518689 internal: add signal handler for SIGTERM
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-08 23:05:47 +02:00
cf5771dad3 Translate /web/src/locales/en.po in zh-Hans (#2827)
translation completed for the source file '/web/src/locales/en.po'
on the 'zh-Hans' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-05-08 19:43:59 +02:00
db5aafed36 Translate /web/src/locales/en.po in zh_CN (#2826)
translation completed for the source file '/web/src/locales/en.po'
on the 'zh_CN' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-05-08 19:43:49 +02:00
4b0324220a website/docs: prepare 2022.5 release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-08 17:32:21 +02:00
0183d2c880 root: match client-go openapi generator version
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-08 17:25:09 +02:00
c1fe18a261 ci: always generate Go API Client
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-08 16:50:58 +02:00
ab2299ba1e outposts/ldap: cached bind (#2824)
* initial cached ldap bind support

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add web

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* clean up api generation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use gh action for golangci-lint

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-08 16:48:53 +02:00
2678b381b9 web: Update Web API Client version (#2825)
Signed-off-by: GitHub <noreply@github.com>

Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
2022-05-08 16:14:02 +02:00
d3ef7920cb root: add bind mode to schema
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-08 16:08:06 +02:00
860269acf0 root: set SESSION_SAVE_EVERY_REQUEST to enable sliding sessions
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#1878
2022-05-07 22:32:56 +02:00
d2bd177b8f Apply translations in zh_CN (#2735)
translation completed for the source file '/locale/en/LC_MESSAGES/django.po'
on the 'zh_CN' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-05-07 21:33:08 +02:00
32cc03832a Apply translations in zh-Hans (#2736)
translation completed for the source file '/locale/en/LC_MESSAGES/django.po'
on the 'zh-Hans' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-05-07 21:32:59 +02:00
948d2cbdca web/user: add missing checkbox element in user settings (#2762) 2022-05-07 21:32:11 +02:00
22026f0755 website/integration: add Weblate integration with SAML (#2786)
* added weblate integration

* added missing entry in sidebarIntegrations
2022-05-07 21:26:10 +02:00
a7a7b5aacb root: export poetry deps to requirements.txt so we don't need poetry … (#2823)
* root: export poetry deps to requirements.txt so we don't need poetry installed, removed packages we don't need anymore

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-07 21:22:33 +02:00
03d5b9e7e9 build(deps): bump fuse.js from 6.6.0 to 6.6.1 in /web (#2810)
Bumps [fuse.js](https://github.com/krisk/Fuse) from 6.6.0 to 6.6.1.
- [Release notes](https://github.com/krisk/Fuse/releases)
- [Changelog](https://github.com/krisk/Fuse/blob/master/CHANGELOG.md)
- [Commits](https://github.com/krisk/Fuse/compare/v6.6.0...v6.6.1)

---
updated-dependencies:
- dependency-name: fuse.js
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-06 10:09:19 +02:00
30c7e6c94c providers/oauth2: fixed typo (PROMPT_CONSNET => PROMPT_CONSENT) (#2819) 2022-05-06 10:09:09 +02:00
1ba96586f7 build(deps): bump rollup from 2.71.1 to 2.72.0 in /web (#2811)
Bumps [rollup](https://github.com/rollup/rollup) from 2.71.1 to 2.72.0.
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rollup/rollup/compare/v2.71.1...v2.72.0)

---
updated-dependencies:
- dependency-name: rollup
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-06 09:53:57 +02:00
607f632515 build(deps): bump docker/login-action from 1 to 2 (#2812)
Bumps [docker/login-action](https://github.com/docker/login-action) from 1 to 2.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v1...v2)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-06 09:53:49 +02:00
58b46fbfcd build(deps): bump docker/setup-buildx-action from 1 to 2 (#2813)
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 1 to 2.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](https://github.com/docker/setup-buildx-action/compare/v1...v2)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-06 09:53:40 +02:00
9b53e26ab0 build(deps): bump docker/setup-qemu-action from 1.2.0 to 2.0.0 (#2814)
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 1.2.0 to 2.0.0.
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](https://github.com/docker/setup-qemu-action/compare/v1.2.0...v2.0.0)

---
updated-dependencies:
- dependency-name: docker/setup-qemu-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-06 09:53:28 +02:00
832d3175aa build(deps): bump docker/build-push-action from 2 to 3 (#2815)
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 2 to 3.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v2...v3)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-06 09:53:18 +02:00
ebea8369d6 build(deps-dev): bump selenium from 4.1.3 to 4.1.5 (#2816)
Bumps [selenium](https://github.com/SeleniumHQ/Selenium) from 4.1.3 to 4.1.5.
- [Release notes](https://github.com/SeleniumHQ/Selenium/releases)
- [Commits](https://github.com/SeleniumHQ/Selenium/commits)

---
updated-dependencies:
- dependency-name: selenium
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-06 09:53:07 +02:00
a8508aac99 build(deps): bump github.com/go-openapi/runtime from 0.24.0 to 0.24.1 (#2817)
Bumps [github.com/go-openapi/runtime](https://github.com/go-openapi/runtime) from 0.24.0 to 0.24.1.
- [Release notes](https://github.com/go-openapi/runtime/releases)
- [Commits](https://github.com/go-openapi/runtime/compare/v0.24.0...v0.24.1)

---
updated-dependencies:
- dependency-name: github.com/go-openapi/runtime
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-06 09:52:25 +02:00
59df02b3b8 root: disable stdout capturing for tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-05 23:08:36 +02:00
f00657f217 website/integrations: update opnsense integration guidance (#2808)
* website/docs: update opnsense integration guidance

* website/docs: remove `-user` opnsense integration
2022-05-05 12:26:16 +02:00
110bc762a1 build(deps): bump sentry-sdk from 1.5.10 to 1.5.11 (#2806)
Bumps [sentry-sdk](https://github.com/getsentry/sentry-python) from 1.5.10 to 1.5.11.
- [Release notes](https://github.com/getsentry/sentry-python/releases)
- [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-python/compare/1.5.10...1.5.11)

---
updated-dependencies:
- dependency-name: sentry-sdk
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-04 10:16:57 +02:00
f35e5f79aa build(deps): bump fuse.js from 6.5.3 to 6.6.0 in /web (#2800)
Bumps [fuse.js](https://github.com/krisk/Fuse) from 6.5.3 to 6.6.0.
- [Release notes](https://github.com/krisk/Fuse/releases)
- [Changelog](https://github.com/krisk/Fuse/blob/master/CHANGELOG.md)
- [Commits](https://github.com/krisk/Fuse/compare/v6.5.3...v6.6.0)

---
updated-dependencies:
- dependency-name: fuse.js
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-03 12:31:32 +02:00
3f32109706 build(deps): bump @rollup/plugin-node-resolve in /web (#2801)
Bumps [@rollup/plugin-node-resolve](https://github.com/rollup/plugins/tree/HEAD/packages/node-resolve) from 13.2.1 to 13.3.0.
- [Release notes](https://github.com/rollup/plugins/releases)
- [Changelog](https://github.com/rollup/plugins/blob/master/packages/node-resolve/CHANGELOG.md)
- [Commits](https://github.com/rollup/plugins/commits/node-resolve-v13.3.0/packages/node-resolve)

---
updated-dependencies:
- dependency-name: "@rollup/plugin-node-resolve"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-03 12:31:14 +02:00
0f042f2e4a build(deps): bump @typescript-eslint/eslint-plugin in /web (#2802)
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.21.0 to 5.22.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.22.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-03 12:31:02 +02:00
34d1eb140b build(deps): bump @typescript-eslint/parser in /web (#2803)
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.21.0 to 5.22.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.22.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-03 12:28:13 +02:00
62f67aabe3 build(deps-dev): bump pylint from 2.13.7 to 2.13.8 (#2804)
Bumps [pylint](https://github.com/PyCQA/pylint) from 2.13.7 to 2.13.8.
- [Release notes](https://github.com/PyCQA/pylint/releases)
- [Changelog](https://github.com/PyCQA/pylint/blob/main/ChangeLog)
- [Commits](https://github.com/PyCQA/pylint/compare/v2.13.7...v2.13.8)

---
updated-dependencies:
- dependency-name: pylint
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-03 10:49:18 +02:00
82c3eaa0f9 website/integrations: fix duplicate cn=
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-02 23:19:50 +02:00
31ede2ae1d build(deps): bump @babel/preset-env from 7.16.11 to 7.17.10 in /web (#2793) 2022-05-02 13:41:45 +02:00
54c672256f build(deps): bump postcss from 8.4.12 to 8.4.13 in /website (#2794) 2022-05-02 13:41:24 +02:00
5f47d46b6f build(deps): bump @babel/core from 7.17.9 to 7.17.10 in /web (#2795) 2022-05-02 13:40:57 +02:00
3f23bc0b85 build(deps): bump rollup from 2.70.2 to 2.71.1 in /web (#2796) 2022-05-02 13:40:44 +02:00
366142382b build(deps): bump @babel/plugin-transform-runtime in /web (#2797) 2022-05-02 13:40:23 +02:00
ddbe0aaf13 stages/user_delete: fix delete stage failing when pending user is not explicitly set
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-01 13:59:33 +02:00
75320bf579 website/docs: add missing breaking change in prompt stages
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-29 21:19:51 +02:00
15d8988569 Revert "lifecycle: use worker nr instead of process id to keep number of prometheus database files low"
This reverts commit 254249e38b.

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-29 18:14:04 +02:00
84930b4924 Revert "internal: fix high cpu when backend isnt healthy"
This reverts commit eb6cfd22a7.

Revert "root: handle JSON error in metrics too"

This reverts commit 1ede972222.

Revert "root: don't force multiprocess prometheus registry"

This reverts commit cd1d1b4402.

Revert "root: add error handling for prometheus view"

This reverts commit c0a883f76f.
2022-04-29 18:13:26 +02:00
1ede972222 root: handle JSON error in metrics too
this can happen when the worker is killed while writing metrics
2022-04-29 11:01:04 +00:00
cd1d1b4402 root: don't force multiprocess prometheus registry
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-29 10:53:47 +02:00
79caba45cc build(deps): bump lit from 2.2.2 to 2.2.3 in /web (#2787)
Bumps [lit](https://github.com/lit/lit/tree/HEAD/packages/lit) from 2.2.2 to 2.2.3.
- [Release notes](https://github.com/lit/lit/releases)
- [Changelog](https://github.com/lit/lit/blob/main/packages/lit/CHANGELOG.md)
- [Commits](https://github.com/lit/lit/commits/lit@2.2.3/packages/lit)

---
updated-dependencies:
- dependency-name: lit
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-29 10:25:07 +02:00
c101357051 build(deps): bump typescript from 4.6.3 to 4.6.4 in /web (#2788)
Bumps [typescript](https://github.com/Microsoft/TypeScript) from 4.6.3 to 4.6.4.
- [Release notes](https://github.com/Microsoft/TypeScript/releases)
- [Commits](https://github.com/Microsoft/TypeScript/compare/v4.6.3...v4.6.4)

---
updated-dependencies:
- dependency-name: typescript
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-29 10:24:57 +02:00
9bebb82bbf build(deps): bump webauthn from 1.5.0 to 1.5.2 (#2789)
Bumps [webauthn](https://github.com/duo-labs/py_webauthn) from 1.5.0 to 1.5.2.
- [Release notes](https://github.com/duo-labs/py_webauthn/releases)
- [Changelog](https://github.com/duo-labs/py_webauthn/blob/master/CHANGELOG.md)
- [Commits](https://github.com/duo-labs/py_webauthn/compare/v1.5.0...v1.5.2)

---
updated-dependencies:
- dependency-name: webauthn
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-29 10:24:46 +02:00
d95d2ca7fe build(deps): bump github.com/go-openapi/runtime from 0.23.3 to 0.24.0 (#2790)
Bumps [github.com/go-openapi/runtime](https://github.com/go-openapi/runtime) from 0.23.3 to 0.24.0.
- [Release notes](https://github.com/go-openapi/runtime/releases)
- [Commits](https://github.com/go-openapi/runtime/compare/v0.23.3...v0.24.0)

---
updated-dependencies:
- dependency-name: github.com/go-openapi/runtime
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-29 10:24:30 +02:00
c0a883f76f root: add error handling for prometheus view
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-29 10:17:53 +02:00
eb6cfd22a7 internal: fix high cpu when backend isnt healthy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-29 10:03:40 +02:00
254249e38b lifecycle: use worker nr instead of process id to keep number of prometheus database files low
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2784
2022-04-28 23:09:39 +02:00
da28bb7d3c build(deps): bump @typescript-eslint/parser in /web (#2774) 2022-04-26 14:42:41 +02:00
391c1ff911 build(deps): bump @patternfly/patternfly from 4.185.1 to 4.192.1 in /web (#2773) 2022-04-26 14:42:25 +02:00
1d475d0982 build(deps): bump paramiko from 2.10.3 to 2.10.4 (#2777) 2022-04-26 14:41:31 +02:00
f92fa61101 build(deps): bump drf-spectacular from 0.22.0 to 0.22.1 (#2778) 2022-04-26 14:41:24 +02:00
ccca397a77 build(deps): bump @typescript-eslint/eslint-plugin in /web (#2775) 2022-04-26 14:41:11 +02:00
162fd26f32 build(deps): bump github/codeql-action from 1 to 2 (#2776) 2022-04-26 14:41:02 +02:00
1d7a235766 build(deps): bump node from 16 to 18 (#2753)
Bumps node from 16 to 18.

---
updated-dependencies:
- dependency-name: node
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-25 12:30:08 +02:00
01a8deb77f build(deps): bump tslib from 2.3.1 to 2.4.0 in /web (#2754)
Bumps [tslib](https://github.com/Microsoft/tslib) from 2.3.1 to 2.4.0.
- [Release notes](https://github.com/Microsoft/tslib/releases)
- [Commits](https://github.com/Microsoft/tslib/compare/2.3.1...2.4.0)

---
updated-dependencies:
- dependency-name: tslib
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-25 12:29:54 +02:00
cba770a551 build(deps): bump eslint from 8.13.0 to 8.14.0 in /web (#2764)
Bumps [eslint](https://github.com/eslint/eslint) from 8.13.0 to 8.14.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.13.0...v8.14.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-25 12:29:33 +02:00
c67afc4084 build(deps): bump @lingui/detect-locale from 3.13.2 to 3.13.3 in /web (#2765)
Bumps [@lingui/detect-locale](https://github.com/lingui/js-lingui) from 3.13.2 to 3.13.3.
- [Release notes](https://github.com/lingui/js-lingui/releases)
- [Changelog](https://github.com/lingui/js-lingui/blob/main/CHANGELOG.md)
- [Commits](https://github.com/lingui/js-lingui/compare/v3.13.2...v3.13.3)

---
updated-dependencies:
- dependency-name: "@lingui/detect-locale"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-25 12:29:19 +02:00
4ed30fa61e build(deps): bump @lingui/cli from 3.13.2 to 3.13.3 in /web (#2768)
Bumps [@lingui/cli](https://github.com/lingui/js-lingui) from 3.13.2 to 3.13.3.
- [Release notes](https://github.com/lingui/js-lingui/releases)
- [Changelog](https://github.com/lingui/js-lingui/blob/main/CHANGELOG.md)
- [Commits](https://github.com/lingui/js-lingui/compare/v3.13.2...v3.13.3)

---
updated-dependencies:
- dependency-name: "@lingui/cli"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-25 12:29:06 +02:00
db16a0ffbe build(deps): bump @lingui/macro from 3.13.2 to 3.13.3 in /web (#2763)
Bumps [@lingui/macro](https://github.com/lingui/js-lingui) from 3.13.2 to 3.13.3.
- [Release notes](https://github.com/lingui/js-lingui/releases)
- [Changelog](https://github.com/lingui/js-lingui/blob/main/CHANGELOG.md)
- [Commits](https://github.com/lingui/js-lingui/compare/v3.13.2...v3.13.3)

---
updated-dependencies:
- dependency-name: "@lingui/macro"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-25 12:28:37 +02:00
99ec355710 build(deps): bump @rollup/plugin-commonjs from 21.1.0 to 22.0.0 in /web (#2766)
Bumps [@rollup/plugin-commonjs](https://github.com/rollup/plugins/tree/HEAD/packages/commonjs) from 21.1.0 to 22.0.0.
- [Release notes](https://github.com/rollup/plugins/releases)
- [Changelog](https://github.com/rollup/plugins/blob/master/packages/commonjs/CHANGELOG.md)
- [Commits](https://github.com/rollup/plugins/commits/commonjs-v22.0.0/packages/commonjs)

---
updated-dependencies:
- dependency-name: "@rollup/plugin-commonjs"
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-25 12:27:53 +02:00
9e1882cebd build(deps): bump @types/chart.js from 2.9.36 to 2.9.37 in /web (#2767)
Bumps [@types/chart.js](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/chart.js) from 2.9.36 to 2.9.37.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/chart.js)

---
updated-dependencies:
- dependency-name: "@types/chart.js"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-25 12:27:40 +02:00
80912cace0 build(deps): bump @lingui/core from 3.13.2 to 3.13.3 in /web (#2769)
Bumps [@lingui/core](https://github.com/lingui/js-lingui) from 3.13.2 to 3.13.3.
- [Release notes](https://github.com/lingui/js-lingui/releases)
- [Changelog](https://github.com/lingui/js-lingui/blob/main/CHANGELOG.md)
- [Commits](https://github.com/lingui/js-lingui/compare/v3.13.2...v3.13.3)

---
updated-dependencies:
- dependency-name: "@lingui/core"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-25 12:27:20 +02:00
0882894dc3 build(deps): bump country-flag-icons from 1.4.25 to 1.4.26 in /web (#2770)
Bumps [country-flag-icons](https://gitlab.com/catamphetamine/country-flag-icons) from 1.4.25 to 1.4.26.
- [Release notes](https://gitlab.com/catamphetamine/country-flag-icons/tags)
- [Changelog](https://gitlab.com/catamphetamine/country-flag-icons/blob/master/CHANGELOG.md)
- [Commits](https://gitlab.com/catamphetamine/country-flag-icons/compare/v1.4.25...v1.4.26)

---
updated-dependencies:
- dependency-name: country-flag-icons
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-25 12:27:05 +02:00
c1582147d7 build(deps-dev): bump pytest from 7.1.1 to 7.1.2 (#2771)
Bumps [pytest](https://github.com/pytest-dev/pytest) from 7.1.1 to 7.1.2.
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pytest-dev/pytest/compare/7.1.1...7.1.2)

---
updated-dependencies:
- dependency-name: pytest
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-25 12:24:58 +02:00
ab8b37a899 events: fix ignored instances not being a tuple
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-25 11:19:58 +02:00
9077eff34d root: add silk and debugging views
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-21 22:38:32 +02:00
2399fa456b policies: fix current user not being set in server-side policy deny
closes #2039

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-21 22:30:27 +02:00
c8c69a9a56 build(deps): bump codemirror from 5.65.2 to 5.65.3 in /web (#2750)
Bumps [codemirror](https://github.com/codemirror/CodeMirror) from 5.65.2 to 5.65.3.
- [Release notes](https://github.com/codemirror/CodeMirror/releases)
- [Changelog](https://github.com/codemirror/CodeMirror/blob/master/CHANGELOG.md)
- [Commits](https://github.com/codemirror/CodeMirror/compare/5.65.2...5.65.3)

---
updated-dependencies:
- dependency-name: codemirror
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-21 10:54:37 +02:00
1258f3bba2 build(deps-dev): bump pylint from 2.13.5 to 2.13.7 (#2751)
Bumps [pylint](https://github.com/PyCQA/pylint) from 2.13.5 to 2.13.7.
- [Release notes](https://github.com/PyCQA/pylint/releases)
- [Changelog](https://github.com/PyCQA/pylint/blob/main/ChangeLog)
- [Commits](https://github.com/PyCQA/pylint/compare/v2.13.5...v2.13.7)

---
updated-dependencies:
- dependency-name: pylint
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-21 10:54:29 +02:00
5488120e84 build(deps): bump duo-client from 4.3.2 to 4.4.0 (#2752)
Bumps [duo-client](https://github.com/duosecurity/duo_client_python) from 4.3.2 to 4.4.0.
- [Release notes](https://github.com/duosecurity/duo_client_python/releases)
- [Commits](https://github.com/duosecurity/duo_client_python/compare/4.3.2...4.4.0)

---
updated-dependencies:
- dependency-name: duo-client
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-21 10:54:18 +02:00
0b4ac54363 *: default to max 60 for fqdn_rand
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-20 20:07:25 +02:00
1a1434bfda *: decrease frequency of background tasks, smear tasks based on name and fqdn
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2159
2022-04-20 18:43:40 +02:00
1328c3e62c build(deps): bump @typescript-eslint/eslint-plugin in /web (#2746)
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.19.0 to 5.20.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.20.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-19 09:39:15 +02:00
1800b62cd6 build(deps): bump @typescript-eslint/parser in /web (#2747)
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.19.0 to 5.20.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.20.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-19 09:36:48 +02:00
32fa4c9fcb build(deps): bump @rollup/plugin-commonjs from 21.0.3 to 21.1.0 in /web (#2740)
Bumps [@rollup/plugin-commonjs](https://github.com/rollup/plugins/tree/HEAD/packages/commonjs) from 21.0.3 to 21.1.0.
- [Release notes](https://github.com/rollup/plugins/releases)
- [Changelog](https://github.com/rollup/plugins/blob/master/packages/commonjs/CHANGELOG.md)
- [Commits](https://github.com/rollup/plugins/commits/commonjs-v21.1.0/packages/commonjs)

---
updated-dependencies:
- dependency-name: "@rollup/plugin-commonjs"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-18 13:23:22 +02:00
15f0045a00 build(deps): bump rollup from 2.70.1 to 2.70.2 in /web (#2738)
Bumps [rollup](https://github.com/rollup/rollup) from 2.70.1 to 2.70.2.
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rollup/rollup/compare/v2.70.1...v2.70.2)

---
updated-dependencies:
- dependency-name: rollup
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-18 13:22:32 +02:00
ac2211d9da build(deps): bump moment from 2.29.2 to 2.29.3 in /web (#2737)
Bumps [moment](https://github.com/moment/moment) from 2.29.2 to 2.29.3.
- [Release notes](https://github.com/moment/moment/releases)
- [Changelog](https://github.com/moment/moment/blob/2.29.3/CHANGELOG.md)
- [Commits](https://github.com/moment/moment/compare/2.29.2...2.29.3)

---
updated-dependencies:
- dependency-name: moment
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-18 13:22:24 +02:00
cbd5b0dbfd build(deps): bump yaml from 2.0.0 to 2.0.1 in /web (#2739)
Bumps [yaml](https://github.com/eemeli/yaml) from 2.0.0 to 2.0.1.
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](https://github.com/eemeli/yaml/compare/v2.0.0...v2.0.1)

---
updated-dependencies:
- dependency-name: yaml
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-18 13:22:16 +02:00
8e4896d261 build(deps): bump @rollup/plugin-node-resolve in /web (#2741)
Bumps [@rollup/plugin-node-resolve](https://github.com/rollup/plugins/tree/HEAD/packages/node-resolve) from 13.2.0 to 13.2.1.
- [Release notes](https://github.com/rollup/plugins/releases)
- [Changelog](https://github.com/rollup/plugins/blob/master/packages/node-resolve/CHANGELOG.md)
- [Commits](https://github.com/rollup/plugins/commits/node-resolve-v13.2.1/packages/node-resolve)

---
updated-dependencies:
- dependency-name: "@rollup/plugin-node-resolve"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-18 13:22:01 +02:00
9481df619a build(deps): bump sentry-sdk from 1.5.9 to 1.5.10 (#2742)
Bumps [sentry-sdk](https://github.com/getsentry/sentry-python) from 1.5.9 to 1.5.10.
- [Release notes](https://github.com/getsentry/sentry-python/releases)
- [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-python/compare/1.5.9...1.5.10)

---
updated-dependencies:
- dependency-name: sentry-sdk
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-18 13:21:52 +02:00
d283a5236c core: add custom shell command which imports all models and creates events for model events
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-17 18:14:57 +02:00
6add88654e build(deps): bump goauthentik.io/api/v3 from 3.2022041.2 to 3.2022041.3 (#2734)
Bumps [goauthentik.io/api/v3](https://github.com/goauthentik/client-go) from 3.2022041.2 to 3.2022041.3.
- [Release notes](https://github.com/goauthentik/client-go/releases)
- [Commits](https://github.com/goauthentik/client-go/compare/v3.2022041.2...v3.2022041.3)

---
updated-dependencies:
- dependency-name: goauthentik.io/api/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-17 17:30:40 +02:00
e4486b98fc web: Update Web API Client version (#2733)
Signed-off-by: GitHub <noreply@github.com>

Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-17 17:05:43 +02:00
778065f468 core: add flag to globally disable impersonation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-17 16:52:55 +02:00
70794d79dd sources/oauth: Fix wording for OAuth source names (#2732) 2022-04-17 16:40:10 +02:00
6e5ac4bffc website/docs: add missing redis port to configuration page (#2731)
Added the `AUTHENTIK_REDIS__PORT` to the documentation.
2022-04-17 16:40:00 +02:00
4bab42fb58 Translate /locale/en/LC_MESSAGES/django.po in de (#2727) 2022-04-15 23:45:53 +02:00
c97823fe49 build(deps): bump goauthentik.io/api/v3 from 3.2022041.1 to 3.2022041.2 (#2726) 2022-04-15 11:09:56 +02:00
a3bb5d89cc events: fix created events only being logged as debug level
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-14 22:37:30 +02:00
f4f9f525d7 providers/oauth2: include application in login event
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-14 22:36:45 +02:00
555525ea9d build(deps): bump async from 2.6.3 to 2.6.4 in /website (#2725)
* root: use npm ci

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* build(deps): bump async from 2.6.3 to 2.6.4 in /website

Bumps [async](https://github.com/caolan/async) from 2.6.3 to 2.6.4.
- [Release notes](https://github.com/caolan/async/releases)
- [Changelog](https://github.com/caolan/async/blob/v2.6.4/CHANGELOG.md)
- [Commits](https://github.com/caolan/async/compare/v2.6.3...v2.6.4)

---
updated-dependencies:
- dependency-name: async
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-14 22:35:53 +02:00
e455e20312 root: use npm ci
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-14 22:33:36 +02:00
4c14e88a25 flows: pin dependency in migration
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-14 22:28:26 +02:00
7561ea15de providers/oauth2: add additional tracing to token view 2022-04-14 16:48:17 +00:00
8242b09394 flows: handle flow title formatting error better, add user to flow title context 2022-04-14 13:56:20 +00:00
6f0fa731c0 build(deps): bump golang from 1.18.0-bullseye to 1.18.1-bullseye (#2720)
Bumps golang from 1.18.0-bullseye to 1.18.1-bullseye.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-14 09:58:38 +02:00
576bb013ed build(deps): bump @rollup/plugin-typescript from 8.3.1 to 8.3.2 in /web (#2721)
Bumps [@rollup/plugin-typescript](https://github.com/rollup/plugins/tree/HEAD/packages/typescript) from 8.3.1 to 8.3.2.
- [Release notes](https://github.com/rollup/plugins/releases)
- [Changelog](https://github.com/rollup/plugins/blob/master/packages/typescript/CHANGELOG.md)
- [Commits](https://github.com/rollup/plugins/commits/typescript-v8.3.2/packages/typescript)

---
updated-dependencies:
- dependency-name: "@rollup/plugin-typescript"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-14 09:58:24 +02:00
aefedfb836 build(deps): bump goauthentik.io/api/v3 from 3.2022033.11 to 3.2022041.1 (#2722)
Bumps [goauthentik.io/api/v3](https://github.com/goauthentik/client-go) from 3.2022033.11 to 3.2022041.1.
- [Release notes](https://github.com/goauthentik/client-go/releases)
- [Commits](https://github.com/goauthentik/client-go/compare/v3.2022033.11...v3.2022041.1)

---
updated-dependencies:
- dependency-name: goauthentik.io/api/v3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-14 09:57:46 +02:00
4295ddb671 web: Update Web API Client version (#2718)
Signed-off-by: GitHub <noreply@github.com>

Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
2022-04-13 10:34:47 +02:00
9b9c0fe663 release: 2022.4.1 2022-04-12 22:07:34 +02:00
5a58f6ee64 providers/oauth2: remove test for non sa user
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-12 20:35:13 +02:00
da83c3af53 ci: disable translation schedule 2022-04-12 16:27:34 +00:00
e84b17d550 providers/oauth2: don't force service accounts for client_credentials flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-12 10:23:25 +02:00
b4fb0190a3 build(deps): bump @typescript-eslint/parser in /web (#2711) 2022-04-12 09:12:02 +02:00
bb52b95e5b build(deps): bump @typescript-eslint/eslint-plugin in /web (#2712) 2022-04-12 09:09:21 +02:00
a2b5d667af build(deps): bump @rollup/plugin-node-resolve in /web (#2710) 2022-04-12 09:09:10 +02:00
2df9c0479d build(deps): bump goauthentik.io/api/v3 (#2716) 2022-04-12 09:08:59 +02:00
5c673dc7bb build(deps): bump actions/setup-node from 3.1.0 to 3.1.1 (#2715) 2022-04-12 09:07:09 +02:00
da2dd7daf4 build(deps): bump twisted from 22.2.0 to 22.4.0 (#2713) 2022-04-12 09:06:54 +02:00
f2a80030d7 build(deps): bump sentry-sdk from 1.5.8 to 1.5.9 (#2714) 2022-04-12 09:06:40 +02:00
918183f472 core: compile backend translations (#2706)
Signed-off-by: GitHub <noreply@github.com>

Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
2022-04-11 22:27:32 +02:00
9da439623b stages/authenticator_duo: fix bad request being sent to duo when calling enrollment_status outside a flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2666
2022-04-11 21:02:32 +02:00
957bb1c5ef core: make generated token length configurable
closes #2574

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-11 20:57:16 +02:00
677d46d7fd website/docs: prepare 2022.4
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-11 20:54:16 +02:00
5af7baf36c web: Update Web API Client version (#2705)
Signed-off-by: GitHub <noreply@github.com>

Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
2022-04-11 20:46:22 +02:00
8b2ca822f5 core: compile backend translations (#2704)
Signed-off-by: GitHub <noreply@github.com>

Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
2022-04-11 20:46:10 +02:00
2303a97bb9 core: add method to set key of token
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2574
2022-04-11 20:43:39 +02:00
8be04cc013 providers/oauth2: fix elliptic curve keys attempting to use EC256 instead of ES256
closes #2703

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-11 20:05:58 +02:00
9b6e47e6b8 outposts/ldap: fix panic in type conversion when value is nil
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-11 15:52:58 +02:00
677621989a build(deps): bump django from 4.0.3 to 4.0.4 (#2702)
Bumps [django](https://github.com/django/django) from 4.0.3 to 4.0.4.
- [Release notes](https://github.com/django/django/releases)
- [Commits](https://github.com/django/django/compare/4.0.3...4.0.4)

---
updated-dependencies:
- dependency-name: django
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-11 10:39:51 +02:00
0d5125db76 build(deps): bump @patternfly/patternfly from 4.183.1 to 4.185.1 in /web (#2699)
Bumps [@patternfly/patternfly](https://github.com/patternfly/patternfly) from 4.183.1 to 4.185.1.
- [Release notes](https://github.com/patternfly/patternfly/releases)
- [Changelog](https://github.com/patternfly/patternfly/blob/main/RELEASE-NOTES.md)
- [Commits](https://github.com/patternfly/patternfly/compare/prerelease-v4.183.1...prerelease-v4.185.1)

---
updated-dependencies:
- dependency-name: "@patternfly/patternfly"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-11 09:51:41 +02:00
ed88f6594c build(deps): bump actions/upload-artifact from 2 to 3 (#2700)
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 2 to 3.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-11 09:51:28 +02:00
b1816f2101 build(deps): bump eslint from 8.12.0 to 8.13.0 in /web (#2698)
Bumps [eslint](https://github.com/eslint/eslint) from 8.12.0 to 8.13.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.12.0...v8.13.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-11 09:51:12 +02:00
fe60c26e11 build(deps): bump actions/setup-go from 2 to 3 (#2701)
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 2 to 3.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-11 09:49:51 +02:00
cca33a74b6 core: fix error when checking generated users with no expiry
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-10 17:53:46 +02:00
f977bf61eb providers/oauth2: make exp optional on jwt client_credentials flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-10 17:25:35 +02:00
f8f8a9bbb9 providers/oauth2: give keypairs private key preference over certificate in client_credentials jwt flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-10 16:27:53 +02:00
7a44d5768a web/flows: fix focus being continuously forced to the input
closes #2692

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-08 18:26:39 +02:00
d9e4219d70 Revert "build(deps): bump @sentry/tracing from 6.19.4 to 6.19.6 in /web (#2690)"
This reverts commit dfe3394d4e.
2022-04-08 10:38:58 +02:00
6db5df1b31 Revert "build(deps): bump @sentry/browser from 6.19.4 to 6.19.6 in /web (#2689)"
This reverts commit 0e59ed62f5.
2022-04-08 10:38:56 +02:00
e64ca4ab04 core: fix lint error
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-08 10:10:30 +02:00
0e59ed62f5 build(deps): bump @sentry/browser from 6.19.4 to 6.19.6 in /web (#2689)
Bumps [@sentry/browser](https://github.com/getsentry/sentry-javascript) from 6.19.4 to 6.19.6.
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-javascript/compare/6.19.4...6.19.6)

---
updated-dependencies:
- dependency-name: "@sentry/browser"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-08 10:08:34 +02:00
dfe3394d4e build(deps): bump @sentry/tracing from 6.19.4 to 6.19.6 in /web (#2690)
Bumps [@sentry/tracing](https://github.com/getsentry/sentry-javascript) from 6.19.4 to 6.19.6.
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-javascript/compare/6.19.4...6.19.6)

---
updated-dependencies:
- dependency-name: "@sentry/tracing"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-08 10:07:16 +02:00
9d4fb8048c build(deps): bump github.com/go-ldap/ldap/v3 from 3.4.2 to 3.4.3 (#2691)
Bumps [github.com/go-ldap/ldap/v3](https://github.com/go-ldap/ldap) from 3.4.2 to 3.4.3.
- [Release notes](https://github.com/go-ldap/ldap/releases)
- [Commits](https://github.com/go-ldap/ldap/compare/v3.4.2...v3.4.3)

---
updated-dependencies:
- dependency-name: github.com/go-ldap/ldap/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-08 10:07:06 +02:00
a7a517733e web: enable rollup cache
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-07 21:06:18 +02:00
e2f0a76309 outposts: check if docker ports should be mapped before comparing ports
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-07 17:30:33 +02:00
07267ac425 build(deps): bump yaml from 1.10.2 to 2.0.0 in /web (#2682)
Bumps [yaml](https://github.com/eemeli/yaml) from 1.10.2 to 2.0.0.
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](https://github.com/eemeli/yaml/compare/v1.10.2...v2.0.0)

---
updated-dependencies:
- dependency-name: yaml
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-07 10:02:52 +02:00
8fb7620004 build(deps): bump @babel/core from 7.17.8 to 7.17.9 in /web (#2681)
Bumps [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) from 7.17.8 to 7.17.9.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.17.9/packages/babel-core)

---
updated-dependencies:
- dependency-name: "@babel/core"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-07 10:02:35 +02:00
2ef85c4447 build(deps): bump lit from 2.2.1 to 2.2.2 in /web (#2683)
Bumps [lit](https://github.com/lit/lit/tree/HEAD/packages/lit) from 2.2.1 to 2.2.2.
- [Release notes](https://github.com/lit/lit/releases)
- [Changelog](https://github.com/lit/lit/blob/main/packages/lit/CHANGELOG.md)
- [Commits](https://github.com/lit/lit/commits/lit@2.2.2/packages/lit)

---
updated-dependencies:
- dependency-name: lit
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-07 10:02:22 +02:00
c3174ac044 build(deps): bump @babel/plugin-proposal-decorators in /web (#2684)
Bumps [@babel/plugin-proposal-decorators](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-proposal-decorators) from 7.17.8 to 7.17.9.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.17.9/packages/babel-plugin-proposal-decorators)

---
updated-dependencies:
- dependency-name: "@babel/plugin-proposal-decorators"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-07 10:01:06 +02:00
952b48541c build(deps): bump goauthentik.io/api/v3 from 3.2022033.9 to 3.2022033.10 (#2687) 2022-04-07 09:54:55 +02:00
a97ffce5f9 build(deps): bump webauthn from 1.4.0 to 1.5.0 (#2685) 2022-04-07 09:54:38 +02:00
5d514bd8c4 build(deps-dev): bump pylint from 2.13.4 to 2.13.5 (#2686) 2022-04-07 09:53:42 +02:00
128234324d Translate /web/src/locales/en.po in zh-Hans (#2680)
translation completed for the source file '/web/src/locales/en.po'
on the 'zh-Hans' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-04-06 17:38:54 +02:00
2d1bc2efcc Translate /web/src/locales/en.po in zh_CN (#2679)
translation completed for the source file '/web/src/locales/en.po'
on the 'zh_CN' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-04-06 17:38:48 +02:00
2a1af96838 web/admin: fix linting
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-06 10:46:08 +02:00
a6674440e6 web: Update Web API Client version (#2678)
Signed-off-by: GitHub <noreply@github.com>

Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
2022-04-06 10:45:34 +02:00
5861d41ad3 tenants: add tenant-level attributes, applied to users based on request
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-06 10:41:35 +02:00
fcd9c58a73 web/user: fix minor style issues
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-06 10:22:36 +02:00
4bf2878cf7 build(deps): bump @sentry/browser from 6.19.3 to 6.19.4 in /web (#2674) 2022-04-06 10:06:42 +02:00
79d508a020 build(deps): bump @sentry/tracing from 6.19.3 to 6.19.4 in /web (#2675) 2022-04-06 09:51:08 +02:00
03916b0b25 build(deps): bump codecov/codecov-action from 2 to 3 (#2676) 2022-04-06 09:50:54 +02:00
263964865c build(deps): bump celery from 5.2.5 to 5.2.6 (#2677) 2022-04-06 09:50:41 +02:00
21f92b4a65 website/docs: add docs for customisation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-06 00:06:28 +02:00
e38d03b304 web/user: make more themable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-05 23:47:15 +02:00
f2b540ed8a web/user: add column layouts
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-05 23:28:00 +02:00
79ad356d90 web/elements: insert spaces instead of tabs in codemirror
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-05 23:10:51 +02:00
e70490481d build(deps): bump minimist from 1.2.5 to 1.2.6 in /website (#2670)
Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6.
- [Release notes](https://github.com/substack/minimist/releases)
- [Commits](https://github.com/substack/minimist/compare/1.2.5...1.2.6)

---
updated-dependencies:
- dependency-name: minimist
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-05 10:28:52 +02:00
66ab9504e9 build(deps): bump minimist from 1.2.5 to 1.2.6 in /web (#2671)
Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6.
- [Release notes](https://github.com/substack/minimist/releases)
- [Commits](https://github.com/substack/minimist/compare/1.2.5...1.2.6)

---
updated-dependencies:
- dependency-name: minimist
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-05 10:28:31 +02:00
009173fe23 build(deps): bump @typescript-eslint/parser in /web (#2667)
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.17.0 to 5.18.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.18.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-05 10:15:29 +02:00
75a5335f0f build(deps): bump @typescript-eslint/eslint-plugin in /web (#2668)
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.17.0 to 5.18.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.18.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-05 10:11:15 +02:00
7a9452c66a build(deps): bump goauthentik.io/api/v3 from 3.2022033.8 to 3.2022033.9 (#2669)
Bumps [goauthentik.io/api/v3](https://github.com/goauthentik/client-go) from 3.2022033.8 to 3.2022033.9.
- [Release notes](https://github.com/goauthentik/client-go/releases)
- [Commits](https://github.com/goauthentik/client-go/compare/v3.2022033.8...v3.2022033.9)

---
updated-dependencies:
- dependency-name: goauthentik.io/api/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-05 10:11:04 +02:00
82a999f95d internal: disable HTML encoding in logrus
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-04 22:57:55 +02:00
0c2e9234bf ci: use native caching (#2665)
* ci: use native caching

* migrate to actions

* cleanup

* migrate more
2022-04-04 14:02:10 +02:00
964a3276a1 ci: bump cache 2022-04-04 09:58:05 +00:00
5185b027dc ci: remove unneeded tools 2022-04-04 09:28:57 +00:00
d690296120 ci: use go install 2022-04-04 09:21:33 +00:00
9252a1f9d3 ci: fix broken GHA cache again...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-04 10:45:30 +02:00
fc6742a17e web/admin: trigger update when provider wizard finishes
closes #2599

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-04 10:38:30 +02:00
31546da796 web: Update Web API Client version (#2664)
Signed-off-by: GitHub <noreply@github.com>

Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
2022-04-04 10:25:41 +02:00
4a6c46a5c9 root: upgrade to openapi generator v6
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-04 10:20:05 +02:00
20262f3f4b core: mark provider_obj as read_only
closes #2637

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-04 10:17:59 +02:00
dea61ef35e build(deps): bump moment from 2.29.1 to 2.29.2 in /web (#2657) 2022-04-04 09:49:11 +02:00
edda644e28 build(deps): bump react-before-after-slider-component in /website (#2656) 2022-04-04 09:48:44 +02:00
ee13ec1dca build(deps-dev): bump prettier from 2.6.1 to 2.6.2 in /website (#2658) 2022-04-04 09:48:18 +02:00
39bea1d5d0 build(deps): bump prettier from 2.6.1 to 2.6.2 in /web (#2659) 2022-04-04 09:48:07 +02:00
453dcd790f build(deps): bump actions/setup-node from 3.0.0 to 3.1.0 (#2661) 2022-04-04 09:47:44 +02:00
bb70e6c81d build(deps): bump celery from 5.2.3 to 5.2.5 (#2662) 2022-04-04 09:47:19 +02:00
4ff9db9d7e build(deps): bump goauthentik.io/api/v3 from 3.2022033.6 to 3.2022033.8 (#2663) 2022-04-04 09:47:04 +02:00
8b2e70d15d web/user: fix column size
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-03 18:19:14 +02:00
8e2f929933 Translate /web/src/locales/en.po in zh_CN (#2652)
translation completed for the source file '/web/src/locales/en.po'
on the 'zh_CN' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-04-03 13:58:44 +02:00
ae2d86096b Translate /web/src/locales/en.po in zh-Hans (#2653)
translation completed for the source file '/web/src/locales/en.po'
on the 'zh-Hans' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-04-03 13:58:33 +02:00
849c347e8c Translate /web/src/locales/en.po in zh_TW (#2654)
translation completed for the source file '/web/src/locales/en.po'
on the 'zh_TW' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-04-03 13:58:24 +02:00
c974298836 Translate /web/src/locales/en.po in zh-Hant (#2655)
translation completed for the source file '/web/src/locales/en.po'
on the 'zh-Hant' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-04-03 13:58:14 +02:00
b46eb7198b internal: handle log level not being set in config
closes #2650

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-03 13:23:55 +02:00
37db6764ab web: Update Web API Client version (#2649)
Signed-off-by: GitHub <noreply@github.com>

Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
2022-04-02 23:12:00 +02:00
633296503d core: add grouping to applications (#2648)
* core: add grouping to applications

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: add new field to tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-02 23:08:58 +02:00
508cec2fd5 web: migrate dropdowns to wizards (#2633)
* web/admin: add basic wizards for providers

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: add dark mode for wizard

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: migrate policies to wizard

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* start source

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* policies: sanitze_dict when returning log messages during tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* Revert "web/admin: migrate policies to wizard"

This reverts commit d8b7f62d3e.

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	web/src/locales/zh-Hans.po
#	web/src/locales/zh-Hant.po
#	web/src/locales/zh_TW.po

* web: rewrite wizard to be element based

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* further cleanup

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update sources

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: migrate property mappings

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* migrate stages

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* migrate misc dropdowns

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* migrate outpost integrations

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-02 19:48:17 +02:00
7a93614e4b policies: fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-02 18:31:02 +02:00
4f319eaa4f policies/dummy: bump to info to always get message
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-02 17:28:51 +02:00
86a8d00b3f policies: sanitze_dict when returning log messages during tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-02 17:15:44 +02:00
5fe8c1f3d7 policies: fix missing default for log_messages
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-02 16:44:49 +02:00
be91d893fb Translate /web/src/locales/en.po in zh_CN (#2644)
translation completed for the source file '/web/src/locales/en.po'
on the 'zh_CN' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-04-02 16:39:38 +02:00
1fc6aa5a02 Translate /web/src/locales/en.po in zh-Hans (#2645)
translation completed for the source file '/web/src/locales/en.po'
on the 'zh-Hans' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-04-02 16:39:30 +02:00
2256baced5 Translate /web/src/locales/en.po in zh-Hant (#2646)
translation completed for the source file '/web/src/locales/en.po'
on the 'zh-Hant' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-04-02 16:39:22 +02:00
f2af904aeb Translate /web/src/locales/en.po in zh_TW (#2647)
translation completed for the source file '/web/src/locales/en.po'
on the 'zh_TW' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-04-02 16:39:15 +02:00
030f612c38 web: Update Web API Client version (#2642)
Signed-off-by: GitHub <noreply@github.com>

Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
2022-04-01 22:10:45 +02:00
d84ff2bbca policies: add policy log messages to test endpoints
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-01 22:07:35 +02:00
4be238018b providers/oauth2: pass scope and other parameters to access policy request context
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2641
2022-04-01 21:39:05 +02:00
71c6313c46 Revert "build(deps): bump @mdx-js/react from 1.6.22 to 2.1.1 in /website (#2634)" (#2639)
This reverts commit f7daa7723d.
2022-04-01 10:45:26 +02:00
f7daa7723d build(deps): bump @mdx-js/react from 1.6.22 to 2.1.1 in /website (#2634)
Bumps [@mdx-js/react](https://github.com/mdx-js/mdx/tree/HEAD/packages/react) from 1.6.22 to 2.1.1.
- [Release notes](https://github.com/mdx-js/mdx/releases)
- [Changelog](https://github.com/mdx-js/mdx/blob/main/changelog.md)
- [Commits](https://github.com/mdx-js/mdx/commits/2.1.1/packages/react)

---
updated-dependencies:
- dependency-name: "@mdx-js/react"
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-01 10:06:30 +02:00
1ff35eef4c build(deps-dev): bump pylint from 2.13.3 to 2.13.4 (#2635)
Bumps [pylint](https://github.com/PyCQA/pylint) from 2.13.3 to 2.13.4.
- [Release notes](https://github.com/PyCQA/pylint/releases)
- [Changelog](https://github.com/PyCQA/pylint/blob/main/ChangeLog)
- [Commits](https://github.com/PyCQA/pylint/compare/v2.13.3...v2.13.4)

---
updated-dependencies:
- dependency-name: pylint
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-01 10:06:10 +02:00
743bb3e98f build(deps): bump goauthentik.io/api/v3 from 3.2022033.5 to 3.2022033.6 (#2636) 2022-04-01 10:04:25 +02:00
83c4d5393c web: Update Web API Client version (#2632)
Signed-off-by: GitHub <noreply@github.com>

Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
2022-03-31 20:24:11 +02:00
99008252f8 providers/oauth2: fix verification_keys being required
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-31 20:19:13 +02:00
4cf00ed5cf lifecycle: fix password and hostname not properly quoted
#2623
2022-03-31 16:37:54 +00:00
8689444954 providers/oauth2: add password grant support (treated as client_credentials)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-31 18:02:17 +02:00
4210f692ff Translate /web/src/locales/en.po in zh_CN (#2626)
translation completed for the source file '/web/src/locales/en.po'
on the 'zh_CN' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-03-31 09:33:18 +02:00
85a3578092 Translate /web/src/locales/en.po in zh-Hant (#2627)
translation completed for the source file '/web/src/locales/en.po'
on the 'zh-Hant' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-03-31 09:33:09 +02:00
6b05d44d1f Translate /web/src/locales/en.po in zh-Hans (#2628)
translation completed for the source file '/web/src/locales/en.po'
on the 'zh-Hans' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-03-31 09:33:00 +02:00
49b221ed68 Translate /web/src/locales/en.po in zh_TW (#2629)
translation completed for the source file '/web/src/locales/en.po'
on the 'zh_TW' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-03-31 09:32:48 +02:00
67b43c223c build(deps): bump goauthentik.io/api/v3 from 3.2022033.4 to 3.2022033.5 (#2630) 2022-03-31 08:59:31 +02:00
5f9dc4395a web: Update Web API Client version (#2625) 2022-03-31 01:03:08 +02:00
bb8af2f19b providers/oauth2: add client_assertion_type jwt bearer support (#2618) 2022-03-31 00:30:55 +02:00
996bd05ba6 api: fix API header auth not passing to next auth method
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-31 00:06:01 +02:00
ac03f5a97d website/docs: prepare 2022.4
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-30 23:43:36 +02:00
a1a64e25ee api: remove legacy http basic auth
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-30 23:39:08 +02:00
53851efacb Revert "web/elements: fix chart not rendering if update events happens before initial render"
This reverts commit f53343141e.
2022-03-30 10:36:50 +02:00
afea262e14 build(deps): bump @sentry/tracing from 6.19.2 to 6.19.3 in /web (#2619)
Bumps [@sentry/tracing](https://github.com/getsentry/sentry-javascript) from 6.19.2 to 6.19.3.
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-javascript/compare/6.19.2...6.19.3)

---
updated-dependencies:
- dependency-name: "@sentry/tracing"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-30 10:36:05 +02:00
53f92f01da build(deps): bump @sentry/browser from 6.19.2 to 6.19.3 in /web (#2620)
Bumps [@sentry/browser](https://github.com/getsentry/sentry-javascript) from 6.19.2 to 6.19.3.
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-javascript/compare/6.19.2...6.19.3)

---
updated-dependencies:
- dependency-name: "@sentry/browser"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-30 10:34:57 +02:00
a267686098 build(deps): bump @types/chart.js from 2.9.35 to 2.9.36 in /web (#2621)
Bumps [@types/chart.js](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/chart.js) from 2.9.35 to 2.9.36.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/chart.js)

---
updated-dependencies:
- dependency-name: "@types/chart.js"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-30 10:34:44 +02:00
9ee06b7d1f build(deps-dev): bump pylint from 2.13.2 to 2.13.3 (#2622)
Bumps [pylint](https://github.com/PyCQA/pylint) from 2.13.2 to 2.13.3.
- [Release notes](https://github.com/PyCQA/pylint/releases)
- [Changelog](https://github.com/PyCQA/pylint/blob/main/ChangeLog)
- [Commits](https://github.com/PyCQA/pylint/compare/v2.13.2...v2.13.3)

---
updated-dependencies:
- dependency-name: pylint
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-30 10:34:35 +02:00
f53343141e web/elements: fix chart not rendering if update events happens before initial render
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-29 11:33:40 +02:00
62250f4ec6 build(deps): bump @typescript-eslint/parser in /web (#2615)
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.16.0 to 5.17.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.17.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-29 10:29:27 +02:00
485329130b build(deps): bump @typescript-eslint/eslint-plugin in /web (#2616)
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.16.0 to 5.17.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.17.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-29 10:10:58 +02:00
6891c239e2 build(deps-dev): bump black from 22.1.0 to 22.3.0 (#2617)
Bumps [black](https://github.com/psf/black) from 22.1.0 to 22.3.0.
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](https://github.com/psf/black/compare/22.1.0...22.3.0)

---
updated-dependencies:
- dependency-name: black
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-29 10:10:34 +02:00
993c6472db crypto: only count discovered when cert was loaded successfully 2022-03-28 08:58:23 +00:00
123b0b2f05 core: fix pylint renamed variable 2022-03-28 08:58:13 +00:00
487b1e4f34 build(deps): bump @docusaurus/plugin-client-redirects in /website (#2606)
Bumps [@docusaurus/plugin-client-redirects](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-plugin-client-redirects) from 2.0.0-beta.17 to 2.0.0-beta.18.
- [Release notes](https://github.com/facebook/docusaurus/releases)
- [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/docusaurus/commits/v2.0.0-beta.18/packages/docusaurus-plugin-client-redirects)

---
updated-dependencies:
- dependency-name: "@docusaurus/plugin-client-redirects"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-28 09:47:27 +02:00
b308cfa8d7 build(deps): bump @formatjs/intl-listformat from 6.5.2 to 6.5.3 in /web (#2603)
Bumps [@formatjs/intl-listformat](https://github.com/formatjs/formatjs) from 6.5.2 to 6.5.3.
- [Release notes](https://github.com/formatjs/formatjs/releases)
- [Commits](https://github.com/formatjs/formatjs/compare/@formatjs/intl-listformat@6.5.2...@formatjs/intl-listformat@6.5.3)

---
updated-dependencies:
- dependency-name: "@formatjs/intl-listformat"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-28 09:46:17 +02:00
839884c65c build(deps-dev): bump pylint from 2.12.2 to 2.13.2 (#2612)
Bumps [pylint](https://github.com/PyCQA/pylint) from 2.12.2 to 2.13.2.
- [Release notes](https://github.com/PyCQA/pylint/releases)
- [Changelog](https://github.com/PyCQA/pylint/blob/main/ChangeLog)
- [Commits](https://github.com/PyCQA/pylint/compare/v2.12.2...v2.13.2)

---
updated-dependencies:
- dependency-name: pylint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-28 09:45:21 +02:00
dc93f5d4c9 build(deps): bump @docusaurus/preset-classic in /website (#2602)
Bumps [@docusaurus/preset-classic](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-preset-classic) from 2.0.0-beta.17 to 2.0.0-beta.18.
- [Release notes](https://github.com/facebook/docusaurus/releases)
- [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/docusaurus/commits/v2.0.0-beta.18/packages/docusaurus-preset-classic)

---
updated-dependencies:
- dependency-name: "@docusaurus/preset-classic"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-28 09:45:02 +02:00
735af9aaad build(deps-dev): bump prettier from 2.6.0 to 2.6.1 in /website (#2604) 2022-03-28 09:43:03 +02:00
9c52ee585f build(deps): bump @rollup/plugin-commonjs from 21.0.2 to 21.0.3 in /web (#2605) 2022-03-28 09:42:40 +02:00
4c5f01020e build(deps): bump eslint from 8.11.0 to 8.12.0 in /web (#2607) 2022-03-28 09:42:28 +02:00
fc315eb8da build(deps): bump eslint-plugin-custom-elements in /web (#2608) 2022-03-28 09:41:52 +02:00
b90d8b14d6 build(deps): bump prettier from 2.6.0 to 2.6.1 in /web (#2609) 2022-03-28 09:41:39 +02:00
1af49c930c build(deps): bump goauthentik.io/api/v3 from 3.2022033.3 to 3.2022033.4 (#2610) 2022-03-28 09:41:17 +02:00
624ae67b50 build(deps-dev): bump pylint-django from 2.5.2 to 2.5.3 (#2611) 2022-03-28 09:41:04 +02:00
cd2fb49f9b web: update api
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-27 19:06:12 +02:00
3da531ede3 Translate /web/src/locales/en.po in zh_CN (#2595)
translation completed for the source file '/web/src/locales/en.po'
on the 'zh_CN' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-03-27 15:52:24 +02:00
e3e4b2f818 Translate /web/src/locales/en.po in zh_TW (#2596)
translation completed for the source file '/web/src/locales/en.po'
on the 'zh_TW' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-03-27 15:52:14 +02:00
98391da0d0 Translate /web/src/locales/en.po in zh-Hans (#2598)
translation completed for the source file '/web/src/locales/en.po'
on the 'zh-Hans' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-03-27 15:52:00 +02:00
1555aed02f Translate /web/src/locales/en.po in zh-Hant (#2597)
translation completed for the source file '/web/src/locales/en.po'
on the 'zh-Hant' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-03-27 15:51:49 +02:00
7a01529511 root: lock openapi image
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-26 23:25:04 +01:00
bc3e6b3962 web/admin: fix missing protocols on generated nginx config
closes #2585

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-26 19:18:52 +01:00
7cbd5174f0 stages/invitation: fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-26 19:12:22 +01:00
788cd401f6 build(deps): bump ansi-regex from 4.1.0 to 4.1.1 in /web (#2593)
Bumps [ansi-regex](https://github.com/chalk/ansi-regex) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/chalk/ansi-regex/releases)
- [Commits](https://github.com/chalk/ansi-regex/compare/v4.1.0...v4.1.1)

---
updated-dependencies:
- dependency-name: ansi-regex
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-26 19:09:01 +01:00
bec8c8fe0a web: Update Web API Client version (#2592)
Signed-off-by: GitHub <noreply@github.com>

Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
2022-03-26 18:51:29 +01:00
3184a64482 web: live-convert to slug in fields where only slugs are allowed
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-26 18:49:08 +01:00
c7a83e6182 stages/invitation: add invitation name
closes #2583

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-26 18:32:59 +01:00
933919c647 web/admin: allow editing of invitations
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2583
2022-03-26 18:21:14 +01:00
7d3841e85f build(deps): bump python (#2586)
Bumps python from 3.10.3-slim-bullseye to 3.10.4-slim-bullseye.

---
updated-dependencies:
- dependency-name: python
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-25 09:44:53 +01:00
21e54d803f build(deps): bump typescript from 4.6.2 to 4.6.3 in /web (#2587)
Bumps [typescript](https://github.com/Microsoft/TypeScript) from 4.6.2 to 4.6.3.
- [Release notes](https://github.com/Microsoft/TypeScript/releases)
- [Commits](https://github.com/Microsoft/TypeScript/compare/v4.6.2...v4.6.3)

---
updated-dependencies:
- dependency-name: typescript
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-25 09:44:42 +01:00
883af97148 build(deps): bump @sentry/tracing from 6.19.1 to 6.19.2 in /web (#2578)
Bumps [@sentry/tracing](https://github.com/getsentry/sentry-javascript) from 6.19.1 to 6.19.2.
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-javascript/compare/6.19.1...6.19.2)

---
updated-dependencies:
- dependency-name: "@sentry/tracing"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-24 10:15:07 +01:00
3184019996 build(deps): bump @sentry/browser from 6.19.1 to 6.19.2 in /web (#2579)
Bumps [@sentry/browser](https://github.com/getsentry/sentry-javascript) from 6.19.1 to 6.19.2.
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-javascript/compare/6.19.1...6.19.2)

---
updated-dependencies:
- dependency-name: "@sentry/browser"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-24 10:14:08 +01:00
c0edaaf821 build(deps): bump peter-evans/create-pull-request from 3 to 4 (#2580)
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 3 to 4.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](https://github.com/peter-evans/create-pull-request/compare/v3...v4)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-24 10:13:58 +01:00
74ff9d04dd stages/prompt: set field default based on placeholder, fix duplicate fields
closes #2572

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-23 22:26:06 +01:00
969902f503 stages/prompt: filter rest_framework.fields.empty when field is not required
closes #2572

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-23 20:21:12 +01:00
04372e21dd events: handle types in event contexts
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2572
2022-03-23 19:49:55 +01:00
0c53650216 website/docs: terminology clear unneeded sentence. (#2577)
certificates: minor improvements
2022-03-23 17:38:36 +01:00
8e028c2feb website/docs: added missing client_id in client_credential grant type (#2576) 2022-03-23 15:07:09 +01:00
d75a864f0e providers/oauth2: map internal groups to GitHub teams in GHE OAuth emulation (#2497)
* providers/oauth2: impl `/user/teams` endpoint for Github OAuth2

This commit adds a functional `/user/teams` endpoint for the emulated Github OAuth2 service.
The teams a user is part of are based on the user's groups in Authentik.

* providers/oauth2: Move org template inside loop; Change slug to use Django slugify

* providers/oauth2: Remove placeholder replacement

* Possibly fix complaints from the linters

* Update github.py

* Change organization name

* Update github.py
2022-03-23 12:05:20 +01:00
81f3b133f6 web/user: dont show flow title in user settings
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2572
2022-03-23 10:18:53 +01:00
b887916f5b web/flows: fix styling for access denied stage
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2572
2022-03-23 10:16:43 +01:00
2a354aa64f website/integrations: Fix Kimai Group mapping attribute (#2565)
* Fix: Group mapping attribute

Missed it before, sorry.
Now it works properly

* Fix: branding

Co-authored-by: hexx.one <dominics.pc@gmail.com>
2022-03-23 10:08:31 +01:00
d9724e6885 build(deps): bump @fortawesome/fontawesome-free in /web (#2568) 2022-03-23 09:27:07 +01:00
d092e8e4bc build(deps): bump eslint-plugin-custom-elements in /web (#2569) 2022-03-23 09:26:51 +01:00
e5b8975459 build(deps): bump country-flag-icons from 1.4.24 to 1.4.25 in /web (#2570) 2022-03-23 09:26:30 +01:00
4f4784f4d8 build(deps): bump peter-evans/enable-pull-request-automerge from 1 to 2 (#2571) 2022-03-23 09:26:16 +01:00
51194cbf42 outposts/ldap: use backend group num_pk
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-22 23:54:50 +01:00
4d5a619cc0 build(deps): bump goauthentik.io/api/v3 from 3.2022033.2 to 3.2022033.3 (#2566)
Bumps [goauthentik.io/api/v3](https://github.com/goauthentik/client-go) from 3.2022033.2 to 3.2022033.3.
- [Release notes](https://github.com/goauthentik/client-go/releases)
- [Commits](https://github.com/goauthentik/client-go/compare/v3.2022033.2...v3.2022033.3)

---
updated-dependencies:
- dependency-name: goauthentik.io/api/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-22 23:47:43 +01:00
2314340823 build(deps): bump goauthentik.io/api/v3 from 3.2022033.1 to 3.2022033.2 (#2562)
Bumps [goauthentik.io/api/v3](https://github.com/goauthentik/client-go) from 3.2022033.1 to 3.2022033.2.
- [Release notes](https://github.com/goauthentik/client-go/releases)
- [Commits](https://github.com/goauthentik/client-go/compare/v3.2022033.1...v3.2022033.2)

---
updated-dependencies:
- dependency-name: goauthentik.io/api/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-22 21:41:54 +01:00
7c6b2c843b web: Update Web API Client version (#2563)
Signed-off-by: GitHub <noreply@github.com>

Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
2022-03-22 21:41:44 +01:00
0c2b32da31 core: add num_pk to group for applications that need a numerical group id
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2497
2022-03-22 21:37:11 +01:00
9ad4c736f1 stages/email: allow overriding of destination email in plan context
closes #2445

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-22 21:19:34 +01:00
0c0b9ca84a build(deps): bump node-forge from 1.2.1 to 1.3.0 in /website (#2560)
Bumps [node-forge](https://github.com/digitalbazaar/forge) from 1.2.1 to 1.3.0.
- [Release notes](https://github.com/digitalbazaar/forge/releases)
- [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md)
- [Commits](https://github.com/digitalbazaar/forge/compare/v1.2.1...v1.3.0)

---
updated-dependencies:
- dependency-name: node-forge
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-22 20:49:35 +01:00
4154b62565 stages/prompt: fix non-required fields not allowing blank values, add more tests
closes #2544

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-22 20:38:04 +01:00
5a07d4ec66 web/admin: fix typo in flow launch URL
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-22 20:20:38 +01:00
64b758c8fa web: Update Web API Client version (#2558)
Signed-off-by: GitHub <noreply@github.com>

Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
2022-03-22 20:19:53 +01:00
a0e29d42a6 web/user: fix success popup showing after each flow stage
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

closes #2547

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-22 20:17:16 +01:00
0bbea79c64 root: update schema with latest drf-spectacular
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-22 20:15:15 +01:00
467ad29656 website/integrations: Add service documentation for "Kimai" timetracker (#2548)
* Add documentation for Kimai

* website: fix kimai application slug

* Add kimai sidebar integration

Co-authored-by: hexx.one <dominics.pc@gmail.com>
2022-03-22 18:20:04 +01:00
d2fc1226f8 website/integrations: Add service documentation for pgAdmin (#2556) 2022-03-22 18:19:27 +01:00
5c50a18b6f build(deps): bump @typescript-eslint/parser in /web (#2549)
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.15.0 to 5.16.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.16.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-22 10:07:02 +01:00
75505a2077 build(deps): bump @sentry/tracing from 6.18.2 to 6.19.1 in /web (#2552)
Bumps [@sentry/tracing](https://github.com/getsentry/sentry-javascript) from 6.18.2 to 6.19.1.
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-javascript/compare/6.18.2...6.19.1)

---
updated-dependencies:
- dependency-name: "@sentry/tracing"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-22 10:05:45 +01:00
6d7525b5a1 build(deps): bump @typescript-eslint/eslint-plugin in /web (#2550)
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.15.0 to 5.16.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.16.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-22 10:04:53 +01:00
4ca7ba427a build(deps): bump @sentry/browser from 6.18.2 to 6.19.1 in /web (#2551)
Bumps [@sentry/browser](https://github.com/getsentry/sentry-javascript) from 6.18.2 to 6.19.1.
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-javascript/compare/6.18.2...6.19.1)

---
updated-dependencies:
- dependency-name: "@sentry/browser"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-22 10:04:43 +01:00
740fafa86d build(deps): bump actions/cache from 2.1.7 to 3 (#2553)
Bumps [actions/cache](https://github.com/actions/cache) from 2.1.7 to 3.
- [Release notes](https://github.com/actions/cache/releases)
- [Commits](https://github.com/actions/cache/compare/v2.1.7...v3)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-22 10:04:35 +01:00
4b80f52e11 build(deps): bump drf-spectacular from 0.21.2 to 0.22.0 (#2554)
Bumps [drf-spectacular](https://github.com/tfranzel/drf-spectacular) from 0.21.2 to 0.22.0.
- [Release notes](https://github.com/tfranzel/drf-spectacular/releases)
- [Changelog](https://github.com/tfranzel/drf-spectacular/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/tfranzel/drf-spectacular/compare/0.21.2...0.22.0)

---
updated-dependencies:
- dependency-name: drf-spectacular
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-22 10:04:25 +01:00
7ae2bdc35f build(deps): bump goauthentik.io/api/v3 from 3.2022032.1 to 3.2022033.1 (#2555)
Bumps [goauthentik.io/api/v3](https://github.com/goauthentik/client-go) from 3.2022032.1 to 3.2022033.1.
- [Release notes](https://github.com/goauthentik/client-go/releases)
- [Commits](https://github.com/goauthentik/client-go/compare/v3.2022032.1...v3.2022033.1)

---
updated-dependencies:
- dependency-name: goauthentik.io/api/v3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-22 10:03:43 +01:00
34473903dd web: Update Web API Client version (#2545)
Signed-off-by: GitHub <noreply@github.com>

Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
2022-03-22 00:20:25 +01:00
86a4a7dcee release: 2022.3.3 2022-03-21 22:37:13 +01:00
73fe866cb6 website/docs: prepare 2022.3.3
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-21 22:37:01 +01:00
8b95e9f97a crypto: open files in read-only mode for importing (#2536)
closes #2535
2022-03-21 10:46:09 +01:00
a3eb72d160 website/integrations: Document using pfSense as Provider Integration (#2534)
* Add pfSense documentation

* add pfSense to sidebar

* Add pfsense secure setup

* rearrangement of sections for better clarity

* Add port value in unsecure setup

* change admonitions type for unsecure setup

* add `Test you setup` section

* add `Change pfSense default authentication backend` section

* Minor corrections

Co-authored-by: Danaël Giordana <danael@giordana.cc>
2022-03-21 10:45:30 +01:00
b418db6ecf build(deps): bump @babel/plugin-proposal-decorators in /web (#2537)
Bumps [@babel/plugin-proposal-decorators](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-proposal-decorators) from 7.17.2 to 7.17.8.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.17.8/packages/babel-plugin-proposal-decorators)

---
updated-dependencies:
- dependency-name: "@babel/plugin-proposal-decorators"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-21 10:02:15 +01:00
6cb1ab1d2b build(deps): bump country-flag-icons from 1.4.22 to 1.4.24 in /web (#2538)
Bumps [country-flag-icons](https://gitlab.com/catamphetamine/country-flag-icons) from 1.4.22 to 1.4.24.
- [Release notes](https://gitlab.com/catamphetamine/country-flag-icons/tags)
- [Changelog](https://gitlab.com/catamphetamine/country-flag-icons/blob/master/CHANGELOG.md)
- [Commits](https://gitlab.com/catamphetamine/country-flag-icons/compare/v1.4.22...v1.4.24)

---
updated-dependencies:
- dependency-name: country-flag-icons
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-21 10:01:09 +01:00
ae09dac720 build(deps): bump @babel/core from 7.17.7 to 7.17.8 in /web (#2539)
Bumps [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) from 7.17.7 to 7.17.8.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.17.8/packages/babel-core)

---
updated-dependencies:
- dependency-name: "@babel/core"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-21 10:00:53 +01:00
44c9ad19a7 build(deps): bump sentry-sdk from 1.5.7 to 1.5.8 (#2540)
Bumps [sentry-sdk](https://github.com/getsentry/sentry-python) from 1.5.7 to 1.5.8.
- [Release notes](https://github.com/getsentry/sentry-python/releases)
- [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-python/compare/1.5.7...1.5.8)

---
updated-dependencies:
- dependency-name: sentry-sdk
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-21 10:00:40 +01:00
554272a927 build(deps): bump paramiko from 2.10.2 to 2.10.3 (#2541)
Bumps [paramiko](https://github.com/paramiko/paramiko) from 2.10.2 to 2.10.3.
- [Release notes](https://github.com/paramiko/paramiko/releases)
- [Changelog](https://github.com/paramiko/paramiko/blob/main/NEWS)
- [Commits](https://github.com/paramiko/paramiko/compare/2.10.2...2.10.3)

---
updated-dependencies:
- dependency-name: paramiko
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-21 10:00:26 +01:00
acf2af8f66 build(deps): bump github.com/go-openapi/runtime from 0.23.2 to 0.23.3 (#2542)
Bumps [github.com/go-openapi/runtime](https://github.com/go-openapi/runtime) from 0.23.2 to 0.23.3.
- [Release notes](https://github.com/go-openapi/runtime/releases)
- [Commits](https://github.com/go-openapi/runtime/compare/v0.23.2...v0.23.3)

---
updated-dependencies:
- dependency-name: github.com/go-openapi/runtime
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-21 09:59:19 +01:00
b45a442447 outposts/ldap: fix contexts
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-19 18:28:27 +01:00
75a720ead1 outposts/ldap: prevent operations error from nil dereference (#2447)
closes #2526
2022-03-19 18:26:26 +01:00
615ce287ce Translate /web/src/locales/en.po in zh_CN (#2529)
translation completed for the source file '/web/src/locales/en.po'
on the 'zh_CN' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-03-19 17:46:55 +01:00
aa8d97249a Translate /web/src/locales/en.po in zh-Hans (#2530)
translation completed for the source file '/web/src/locales/en.po'
on the 'zh-Hans' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-03-19 17:46:46 +01:00
2390df17f1 Translate /web/src/locales/en.po in zh_TW (#2532)
translation completed for the source file '/web/src/locales/en.po'
on the 'zh_TW' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-03-19 17:46:34 +01:00
c022052539 Translate /web/src/locales/en.po in zh-Hant (#2531)
translation completed for the source file '/web/src/locales/en.po'
on the 'zh-Hant' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-03-19 17:46:21 +01:00
13c050e2a6 web: fix style for selected item in select in dark mode
closes #2528

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-18 21:20:11 +01:00
ef371b3750 web/admin: default to not include current session in flow play, add option to start with current session
closes #2527

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-18 19:41:11 +01:00
bb1f79347b build(deps): bump python (#2524)
Bumps python from 3.10.2-slim-bullseye to 3.10.3-slim-bullseye.

---
updated-dependencies:
- dependency-name: python
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-18 10:14:07 +01:00
6ed0d6d124 build(deps-dev): bump pytest from 7.1.0 to 7.1.1 (#2525)
Bumps [pytest](https://github.com/pytest-dev/pytest) from 7.1.0 to 7.1.1.
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pytest-dev/pytest/compare/7.1.0...7.1.1)

---
updated-dependencies:
- dependency-name: pytest
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-18 10:13:54 +01:00
4ed60fe36b build(deps): bump postcss from 8.4.11 to 8.4.12 in /website (#2512) 2022-03-17 09:46:38 +01:00
ca9fa79095 build(deps): bump @types/grecaptcha from 3.0.3 to 3.0.4 in /web (#2513) 2022-03-17 09:46:23 +01:00
a2408cefcf build(deps): bump golang from 1.17.8-bullseye to 1.18.0-bullseye (#2511) 2022-03-17 09:45:44 +01:00
145eaa5de3 build(deps): bump prettier from 2.5.1 to 2.6.0 in /web (#2515) 2022-03-17 09:45:15 +01:00
1991c930f2 build(deps-dev): bump prettier from 2.5.1 to 2.6.0 in /website (#2516) 2022-03-17 09:44:55 +01:00
736f84b670 build(deps): bump country-flag-icons from 1.4.21 to 1.4.22 in /web (#2517) 2022-03-17 09:44:41 +01:00
d4d5c2675b build(deps): bump urllib3 from 1.26.8 to 1.26.9 (#2518) 2022-03-17 09:44:25 +01:00
be232e2b77 core: fix provider launch URL being prioritised over manually configured launch URL
closes #2493

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-16 10:26:55 +01:00
42389188ad web/elements: make SearchSelect optionally blankable
closes #2504

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-16 10:12:47 +01:00
1f6af8c221 web/admin: fix user defaulting to 0 when not set in PolicyBindingForm
closes #2496

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-16 10:12:47 +01:00
f4955e3e62 build(deps): bump github.com/stretchr/testify from 1.7.0 to 1.7.1 (#2502) 2022-03-16 09:31:14 +01:00
a8ef3096c1 build(deps): bump postcss from 8.4.8 to 8.4.11 in /website (#2498) 2022-03-16 09:29:05 +01:00
14f76b2575 build(deps): bump webcomponent-qr-code from 1.0.5 to 1.0.6 in /web (#2499) 2022-03-16 09:28:51 +01:00
50065d37b9 build(deps): bump @fortawesome/fontawesome-free in /web (#2500) 2022-03-16 09:28:40 +01:00
a54670fb91 build(deps): bump lit from 2.2.0 to 2.2.1 in /web (#2501) 2022-03-16 09:28:28 +01:00
51fda51cbf build(deps): bump goauthentik.io/api/v3 from 3.2022031.2 to 3.2022032.1 (#2503) 2022-03-16 09:27:22 +01:00
53d0205e86 outposts/proxy: use Prefix in ingress for k8s
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-15 19:01:08 +01:00
0f56d00959 website/docs: added example for custom user attributes (#2406)
* added example for custom user attributes

* simplified example

Co-authored-by: croudsarabi <constantin.roudsarabi@andrena.de>
2022-03-15 18:12:02 +01:00
b7a6fccdf9 web: Update Web API Client version (#2491)
Signed-off-by: GitHub <noreply@github.com>

Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
2022-03-15 10:28:36 +01:00
522f49f48c Merge branch 'version-2022.3' 2022-03-15 10:07:40 +01:00
e685f11514 build(deps): bump @typescript-eslint/eslint-plugin in /web (#2486) 2022-03-15 09:35:36 +01:00
1841b9b4c6 build(deps): bump rollup from 2.70.0 to 2.70.1 in /web (#2485) 2022-03-15 09:32:23 +01:00
40e37a5c2c build(deps): bump @typescript-eslint/parser in /web (#2487) 2022-03-15 09:31:27 +01:00
ac838645a9 build(deps): bump @babel/core from 7.17.5 to 7.17.7 in /web (#2488) 2022-03-15 09:31:06 +01:00
be40d67c4d build(deps): bump paramiko from 2.10.1 to 2.10.2 (#2489) 2022-03-15 09:30:46 +01:00
700cc06f45 build(deps): bump goauthentik.io/api/v3 from 3.2022031.1 to 3.2022031.2 (#2490) 2022-03-15 09:30:30 +01:00
260a7aac63 release: 2022.3.2 2022-03-15 00:01:01 +01:00
37df054f4c website/docs: prepare 2022.3.2
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-14 23:59:38 +01:00
a3df414f24 sources/ldap: fix parent_group not being applied
closes #2464

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-14 22:13:20 +01:00
dcaa8d6322 flows: revert default flow user change
closes #2483

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-14 22:05:30 +01:00
e03dd70f2f web/user: filter applications by launch URL lto show empty state
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-14 21:15:47 +01:00
ceb894039e stages/authenticator_validate: fix passwordless flows not working
closes #2484

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-14 21:15:47 +01:00
a77616e942 website/integrations: add rocket.chat (#2470)
* Add files via upload

* Revert "Add Rocket.chat Instructions to Integrations Page"

* Adding Rocket.chat Integration documentation

* Adding Rocketchat to integrations/services

* Fix authentik name in 2 screenshots
2022-03-14 15:13:54 +01:00
47601a767b website/docs: fix invalid queries in docs
closes #2482
2022-03-14 12:38:22 +00:00
c7a825c393 lib: lower default sample rate 2022-03-14 12:38:14 +00:00
181c55aef1 website/docs: add http-basic to sonarr docs 2022-03-14 12:19:53 +01:00
631b1fcc29 web: Update Web API Client version (#2481)
Signed-off-by: GitHub <noreply@github.com>

Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
2022-03-14 10:42:29 +01:00
54f170650a core: replace uid with uuid search
uid can't be searched it as its a computed field

closes #2480

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-14 10:35:55 +01:00
3bdb551e74 root: add make target for server and web
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-14 10:32:14 +01:00
96b2631ec4 build(deps): bump paramiko from 2.9.2 to 2.10.1 (#2475)
Bumps [paramiko](https://github.com/paramiko/paramiko) from 2.9.2 to 2.10.1.
- [Release notes](https://github.com/paramiko/paramiko/releases)
- [Changelog](https://github.com/paramiko/paramiko/blob/main/NEWS)
- [Commits](https://github.com/paramiko/paramiko/compare/2.9.2...2.10.1)

---
updated-dependencies:
- dependency-name: paramiko
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-14 10:02:34 +01:00
4fffa6d2cc build(deps-dev): bump importlib-metadata from 4.11.2 to 4.11.3 (#2476)
Bumps [importlib-metadata](https://github.com/python/importlib_metadata) from 4.11.2 to 4.11.3.
- [Release notes](https://github.com/python/importlib_metadata/releases)
- [Changelog](https://github.com/python/importlib_metadata/blob/main/CHANGES.rst)
- [Commits](https://github.com/python/importlib_metadata/compare/v4.11.2...v4.11.3)

---
updated-dependencies:
- dependency-name: importlib-metadata
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-14 10:02:24 +01:00
e46c70e13d build(deps): bump @patternfly/patternfly from 4.179.1 to 4.183.1 in /web (#2474)
Bumps [@patternfly/patternfly](https://github.com/patternfly/patternfly) from 4.179.1 to 4.183.1.
- [Release notes](https://github.com/patternfly/patternfly/releases)
- [Changelog](https://github.com/patternfly/patternfly/blob/main/RELEASE-NOTES.md)
- [Commits](https://github.com/patternfly/patternfly/compare/prerelease-v4.179.1...prerelease-v4.183.1)

---
updated-dependencies:
- dependency-name: "@patternfly/patternfly"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-14 10:02:09 +01:00
7d4e7f84f4 build(deps): bump eslint from 8.10.0 to 8.11.0 in /web (#2473)
Bumps [eslint](https://github.com/eslint/eslint) from 8.10.0 to 8.11.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.10.0...v8.11.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-14 10:01:58 +01:00
d49640ca9b build(deps): bump goauthentik.io/api/v3 from 3.2022021.4 to 3.2022031.1 (#2477)
Bumps [goauthentik.io/api/v3](https://github.com/goauthentik/client-go) from 3.2022021.4 to 3.2022031.1.
- [Release notes](https://github.com/goauthentik/client-go/releases)
- [Commits](https://github.com/goauthentik/client-go/compare/v3.2022021.4...v3.2022031.1)

---
updated-dependencies:
- dependency-name: goauthentik.io/api/v3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-14 10:00:52 +01:00
ed2cf44471 build(deps-dev): bump pytest from 7.0.1 to 7.1.0 (#2478)
Bumps [pytest](https://github.com/pytest-dev/pytest) from 7.0.1 to 7.1.0.
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pytest-dev/pytest/compare/7.0.1...7.1.0)

---
updated-dependencies:
- dependency-name: pytest
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-14 10:00:30 +01:00
5b1d15276a build(deps): bump uvicorn from 0.17.5 to 0.17.6 (#2479)
Bumps [uvicorn](https://github.com/encode/uvicorn) from 0.17.5 to 0.17.6.
- [Release notes](https://github.com/encode/uvicorn/releases)
- [Changelog](https://github.com/encode/uvicorn/blob/master/CHANGELOG.md)
- [Commits](https://github.com/encode/uvicorn/compare/0.17.5...0.17.6)

---
updated-dependencies:
- dependency-name: uvicorn
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-14 10:00:09 +01:00
d9275a3350 web/elements: fix search-select hover background
closes #2471

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-13 01:58:40 +01:00
2e81dddc1d web/elements: fix search select background in dark mode
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2471
2022-03-13 01:53:42 +01:00
abc73deda0 web/elements: fix error with blank SearchSelect elements in forms
closes #2469

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-11 20:36:54 +01:00
becec6b7d8 web: Update Web API Client version (#2468)
Signed-off-by: GitHub <noreply@github.com>

Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
2022-03-11 19:10:27 +01:00
ab516f782b website/user: fix duplicate help text in prompts
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-11 19:05:41 +01:00
d7b3c545aa Merge branch 'version-2022.3' 2022-03-11 11:02:51 +01:00
81550d9d1d website/docs: add release notes to sidebar
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-11 10:59:19 +01:00
72e5768c2f build(deps): bump channels-redis from 3.3.1 to 3.4.0 (#2465) 2022-03-11 09:17:27 +01:00
11cf5fc472 build(deps): bump github.com/getsentry/sentry-go from 0.12.0 to 0.13.0 (#2466) 2022-03-11 09:17:05 +01:00
fedb81571d release: 2022.3.1 2022-03-10 19:12:29 +01:00
37528e1bba stages/authenticator_validate: fix lint
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-10 09:56:04 +01:00
97ef2a6f5f build(deps-dev): bump selenium from 4.1.2 to 4.1.3 (#2461) 2022-03-10 09:33:34 +01:00
cc1509cf57 stages/authenticator_validate: fix logic error when multiple authenticator devices can be selected
closes #2290

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-10 00:46:42 +01:00
0dfecc6ae2 stages/authenticator_*: fix device.confirmed being set incorrectly
closes #2330

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-10 00:19:49 +01:00
c1e4d78672 root: deprecate :stable tag
#2439

we haven't released an -rc release in a while and I don't really see a need for them anymore, so lets simplify the release process

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-09 23:48:32 +01:00
0ab427b5bb website/docs: prepare 2022.3 release
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-09 23:42:25 +01:00
a9f095d1d9 website/docs: add docs for different flow executors
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-09 23:36:09 +01:00
de17207c68 lib: fix default geoip path
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2453
2022-03-09 21:57:29 +01:00
d9675695fe root: remove backup remainders
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-09 21:56:18 +01:00
ec7f372fa9 build(deps): bump @sentry/browser from 6.18.1 to 6.18.2 in /web (#2455)
Bumps [@sentry/browser](https://github.com/getsentry/sentry-javascript) from 6.18.1 to 6.18.2.
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-javascript/compare/6.18.1...6.18.2)

---
updated-dependencies:
- dependency-name: "@sentry/browser"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-09 09:27:16 +01:00
8a675152e6 build(deps): bump @sentry/tracing from 6.18.1 to 6.18.2 in /web (#2456)
Bumps [@sentry/tracing](https://github.com/getsentry/sentry-javascript) from 6.18.1 to 6.18.2.
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-javascript/compare/6.18.1...6.18.2)

---
updated-dependencies:
- dependency-name: "@sentry/tracing"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-09 09:24:34 +01:00
228fe01f92 build(deps): bump sentry-sdk from 1.5.6 to 1.5.7 (#2457)
Bumps [sentry-sdk](https://github.com/getsentry/sentry-python) from 1.5.6 to 1.5.7.
- [Release notes](https://github.com/getsentry/sentry-python/releases)
- [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-python/compare/1.5.6...1.5.7)

---
updated-dependencies:
- dependency-name: sentry-sdk
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-09 09:23:35 +01:00
b9547ece49 build(deps): bump @typescript-eslint/eslint-plugin in /web (#2448)
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.13.0 to 5.14.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.14.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-08 09:41:17 +01:00
6e9bc143bd build(deps): bump @typescript-eslint/parser in /web (#2449)
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.13.0 to 5.14.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.14.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-08 09:40:28 +01:00
8cd4bf1be8 build(deps): bump rollup from 2.69.2 to 2.70.0 in /web (#2450)
Bumps [rollup](https://github.com/rollup/rollup) from 2.69.2 to 2.70.0.
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rollup/rollup/compare/v2.69.2...v2.70.0)

---
updated-dependencies:
- dependency-name: rollup
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-08 09:38:55 +01:00
76660e4666 internal: add tests with querystring
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-07 22:03:36 +01:00
73b2e2cb82 build(deps): bump golang from 1.17.7-bullseye to 1.17.8-bullseye (#2440) 2022-03-07 09:30:47 +01:00
d741d6dcf1 build(deps): bump postcss from 8.4.7 to 8.4.8 in /website (#2441) 2022-03-07 09:30:28 +01:00
2575fa6db7 build(deps): bump rollup from 2.69.0 to 2.69.2 in /web (#2442) 2022-03-07 09:30:12 +01:00
7512c57a2e build(deps-dev): bump bandit from 1.7.3 to 1.7.4 (#2443) 2022-03-07 09:30:02 +01:00
e6e2dfd757 build(deps): bump github.com/go-openapi/runtime from 0.23.1 to 0.23.2 (#2444) 2022-03-07 09:29:40 +01:00
920d1f1b0e providers/oauth2: initial client_credentials grant support (#2437)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-05 23:24:55 +01:00
680d4fc20d website/integrations: Remove extra trailing bracket in matrix config (#2435)
In the sample code, there was an extra training "}" in the localpart_template causing all usernames to be appended with "=7D" before the server designation, such as:

@[Username]=7D:[ServerName]
2022-03-04 21:31:25 +01:00
4d3b25ea66 web: fix lint
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-04 09:52:19 +01:00
5106c0d0c1 build(deps): bump twisted from 22.1.0 to 22.2.0 (#2431) 2022-03-04 09:36:08 +01:00
fd09ade054 build(deps): bump @docusaurus/preset-classic in /website (#2433) 2022-03-04 09:34:29 +01:00
01629fe9e3 build(deps): bump @docusaurus/plugin-client-redirects in /website (#2434) 2022-03-04 09:31:50 +01:00
5be97e98e4 web: update flow background
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-03 20:00:53 +01:00
b1fd801ceb tenants: fix syntax error in expression for locale 2022-03-03 11:50:46 +00:00
62a939b91d internal: bump api client to v3
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-03 10:40:07 +01:00
257ac04be4 website: fix go-get repo
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-03 10:32:23 +01:00
ec5e6c14a2 web: Update Web API Client version (#2429)
Signed-off-by: GitHub <noreply@github.com>

Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
2022-03-03 10:22:49 +01:00
1e1d9f1bdd core/api: allow filtering users by uid, add uid to search
closes #2428

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-03 10:19:56 +01:00
da1ea51dad Translate /web/src/locales/en.po in zh_CN (#2421)
translation completed for the source file '/web/src/locales/en.po'
on the 'zh_CN' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-03-03 09:45:47 +01:00
6ee3b8d644 web: Update Web API Client version (#2420)
Signed-off-by: GitHub <noreply@github.com>

Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
2022-03-03 09:45:37 +01:00
6155c69b7c Translate /web/src/locales/en.po in zh_TW (#2423)
translation completed for the source file '/web/src/locales/en.po'
on the 'zh_TW' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-03-03 09:45:20 +01:00
136d40d919 Translate /web/src/locales/en.po in zh-Hans (#2422)
translation completed for the source file '/web/src/locales/en.po'
on the 'zh-Hans' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-03-03 09:45:08 +01:00
bb1bb9e22a Translate /web/src/locales/en.po in zh-Hant (#2424)
translation completed for the source file '/web/src/locales/en.po'
on the 'zh-Hant' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-03-03 09:44:57 +01:00
05e84b63a2 build(deps): bump rollup from 2.68.0 to 2.69.0 in /web (#2426) 2022-03-03 09:29:43 +01:00
7ab55f7afa build(deps): bump @goauthentik/api in /web (#2425) 2022-03-03 09:24:23 +01:00
f5ec5245c5 build(deps): bump github.com/pires/go-proxyproto from 0.6.1 to 0.6.2 (#2427) 2022-03-03 09:24:03 +01:00
4f4f954693 core: customisable user settings (#2397)
* tenants: add user_settings flow, add basic flow and basic new executor

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/user: use flow PromptStage instead of custom stage

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flows: add tenant to StageHost interface

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/user: fix form missing component

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/user: re-add success message

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/user: improve support for multiple error messages

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* stages/prompt: allow expressions in prompt placeholders

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* stages/prompt: add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: always set pending user

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: never cache stage configuration flow plans

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* stages/user_write: fix error when pending user is anonymous user

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: add checkbox for prompt placeholder expression

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* website/docs: add prompt expression docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* stages/prompt: add ak-locale field type

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* tenants: fix default policy

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/user: add function to do global refresh

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flows: fix rendering of ak-locale

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* tenants: fix default policy, add error handling to placeholder, fix locale attribute

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-03 00:13:06 +01:00
c57fbcfd89 sources/oauth: log body when get_profile fails
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-02 20:37:42 +01:00
025fc3fe96 build(deps): bump actions/checkout from 2 to 3 (#2415)
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-02 09:56:53 +01:00
4d079522c4 build(deps): bump django from 4.0.2 to 4.0.3 (#2416)
Bumps [django](https://github.com/django/django) from 4.0.2 to 4.0.3.
- [Release notes](https://github.com/django/django/releases)
- [Commits](https://github.com/django/django/compare/4.0.2...4.0.3)

---
updated-dependencies:
- dependency-name: django
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-02 09:56:32 +01:00
08acc7ba41 providers/oauth2: fix invalid launch URL being generated 2022-03-01 15:29:21 +00:00
7bdd32506e web: cleanup default footer links 2022-03-01 15:27:21 +00:00
6283fedcd9 build(deps): bump @typescript-eslint/parser in /web (#2409) 2022-03-01 09:20:29 +01:00
7a0badc81b build(deps): bump @sentry/browser from 6.18.0 to 6.18.1 in /web (#2410) 2022-03-01 09:20:15 +01:00
1e134aa446 build(deps): bump typescript from 4.5.5 to 4.6.2 in /web (#2408) 2022-03-01 09:19:34 +01:00
27bc5489c5 build(deps): bump @sentry/tracing from 6.18.0 to 6.18.1 in /web (#2411) 2022-03-01 09:18:40 +01:00
2dca45917c build(deps): bump @typescript-eslint/eslint-plugin in /web (#2412) 2022-03-01 09:18:28 +01:00
66a4338b48 build(deps): bump actions/setup-python from 2 to 3 (#2413) 2022-03-01 09:18:14 +01:00
a4dfc7e068 build(deps): bump kubernetes from 22.6.0 to 23.3.0 (#2414) 2022-03-01 09:17:55 +01:00
f98a9bed9f build(deps-dev): bump bandit from 1.7.2 to 1.7.3 (#2403)
* build(deps-dev): bump bandit from 1.7.2 to 1.7.3

Bumps [bandit](https://github.com/PyCQA/bandit) from 1.7.2 to 1.7.3.
- [Release notes](https://github.com/PyCQA/bandit/releases)
- [Commits](https://github.com/PyCQA/bandit/compare/1.7.2...1.7.3)

---
updated-dependencies:
- dependency-name: bandit
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* sigh

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-28 10:13:51 +01:00
5d1bf4a0af website: update search config
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-28 09:54:47 +01:00
34635ab928 build(deps): bump @docusaurus/preset-classic in /website (#2400) 2022-02-28 09:16:48 +01:00
fabe1130c1 build(deps): bump @docusaurus/plugin-client-redirects in /website (#2401) 2022-02-28 09:14:22 +01:00
8feda9c2b1 build(deps): bump eslint from 8.9.0 to 8.10.0 in /web (#2399) 2022-02-28 09:14:03 +01:00
074928cac1 build(deps): bump wsproto from 1.0.0 to 1.1.0 (#2402) 2022-02-28 09:13:50 +01:00
2308f90270 build(deps-dev): bump importlib-metadata from 4.11.1 to 4.11.2 (#2404) 2022-02-28 09:13:10 +01:00
13adca0763 website/integrations: add hashicorp vault integration to website (#2363)
* add hashicorp vault

basic instructions for hashicorp vault

* removed auth0, updated redirect_uri's

removed auth0, updated redirect_uri's to include localhost

* Add hashicorp vault to app list

Add hashicorp-vault to the applications sidebar
2022-02-28 00:03:18 +01:00
50ded723d1 web: Update Web API Client version (#2398)
Signed-off-by: GitHub <noreply@github.com>

Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
2022-02-27 15:17:11 +01:00
e9064509fe sources/oauth: Add Mailcow oauth source (#2380)
* Feat: Add Mailcow oauth source

* Feat: Add mailcow icon

* Run make

* Feat: Add tests

* Fix: Remainder from discord test

* Docs: Add mailcow oauth source docs

* Docs: add mailcow source to menu

* Fix: Mailcow provider type in test

* Fix: Formatting

* Fix: Doc file name
2022-02-27 15:06:02 +01:00
6fdf3ad3e5 internal/outpost: improve logging and add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2393
2022-02-26 22:29:56 +01:00
fb60cefb72 web/flows: fix rendering of help text on prompt stages
closes #2310

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-26 17:56:08 +01:00
61f7db314a web/admin: use searchable select field for users and groups in policy binding form
closes #2285

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-26 17:49:04 +01:00
ef7952cab3 web/admin: improve user and group management by showing related objects
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2391
2022-02-26 17:48:25 +01:00
7e5d8624c8 web: fix locale change not updating all elements
closes #2365

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-26 16:29:12 +01:00
2c54be85be web: prioritise ?locale parameter over saved locale
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-26 16:24:29 +01:00
2f8dbe9b97 core: handle all exceptions for applications listing
closes #2382

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-26 16:08:38 +01:00
cebe44403c build(deps): bump prismjs from 1.26.0 to 1.27.0 in /web (#2394)
Bumps [prismjs](https://github.com/PrismJS/prism) from 1.26.0 to 1.27.0.
- [Release notes](https://github.com/PrismJS/prism/releases)
- [Changelog](https://github.com/PrismJS/prism/blob/master/CHANGELOG.md)
- [Commits](https://github.com/PrismJS/prism/compare/v1.26.0...v1.27.0)

---
updated-dependencies:
- dependency-name: prismjs
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-26 15:18:37 +01:00
7261017e13 build(deps): bump prismjs from 1.26.0 to 1.27.0 in /website (#2395)
Bumps [prismjs](https://github.com/PrismJS/prism) from 1.26.0 to 1.27.0.
- [Release notes](https://github.com/PrismJS/prism/releases)
- [Changelog](https://github.com/PrismJS/prism/blob/master/CHANGELOG.md)
- [Commits](https://github.com/PrismJS/prism/compare/v1.26.0...v1.27.0)

---
updated-dependencies:
- dependency-name: prismjs
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-26 15:18:26 +01:00
0b3d33f428 build(deps): bump @sentry/tracing from 6.17.9 to 6.18.0 in /web (#2385) 2022-02-25 09:58:43 +01:00
6f0cbd5fa6 build(deps): bump rapidoc from 9.1.8 to 9.2.0 in /website (#2383) 2022-02-25 09:58:02 +01:00
fb94aefd2f build(deps): bump postcss from 8.4.6 to 8.4.7 in /website (#2384) 2022-02-25 09:57:27 +01:00
c4c8390eff build(deps): bump rapidoc from 9.1.8 to 9.2.0 in /web (#2386) 2022-02-25 09:57:08 +01:00
8c2e4478fd build(deps): bump @sentry/browser from 6.17.9 to 6.18.0 in /web (#2387) 2022-02-25 09:56:58 +01:00
94029ee612 build(deps): bump actions/setup-node from 2 to 3.0.0 (#2388) 2022-02-25 09:56:20 +01:00
8db49f9eca build(deps-dev): bump selenium from 4.1.1 to 4.1.2 (#2389) 2022-02-25 09:56:06 +01:00
7bd25d90f4 core: compile backend translations (#2381) 2022-02-24 11:31:12 +01:00
133528ee90 website/docs: add email sender name explanation
closes #2378

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-24 10:39:33 +01:00
578bd8fcb3 Translate /web/src/locales/en.po in zh-Hans (#2370)
translation completed for the source file '/web/src/locales/en.po'
on the 'zh-Hans' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-02-24 10:12:10 +01:00
4c2ef95253 Translate /web/src/locales/en.po in zh_CN (#2371)
translation completed for the source file '/web/src/locales/en.po'
on the 'zh_CN' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-02-24 10:11:54 +01:00
702a59222d Apply translations in zh_CN (#2372)
translation completed for the source file '/locale/en/LC_MESSAGES/django.po'
on the 'zh_CN' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-02-24 10:11:43 +01:00
48e2121a75 Translate /web/src/locales/en.po in zh_TW (#2373)
translation completed for the source file '/web/src/locales/en.po'
on the 'zh_TW' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-02-24 10:11:32 +01:00
61249786ff Translate /web/src/locales/en.po in zh-Hant (#2374)
translation completed for the source file '/web/src/locales/en.po'
on the 'zh-Hant' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-02-24 10:11:20 +01:00
008af4ccce build(deps): bump @rollup/plugin-typescript from 8.3.0 to 8.3.1 in /web (#2375)
Bumps [@rollup/plugin-typescript](https://github.com/rollup/plugins/tree/HEAD/packages/typescript) from 8.3.0 to 8.3.1.
- [Release notes](https://github.com/rollup/plugins/releases)
- [Changelog](https://github.com/rollup/plugins/blob/master/packages/typescript/CHANGELOG.md)
- [Commits](https://github.com/rollup/plugins/commits/typescript-v8.3.1/packages/typescript)

---
updated-dependencies:
- dependency-name: "@rollup/plugin-typescript"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-24 10:10:43 +01:00
02e3010efe build(deps): bump @patternfly/patternfly from 4.171.1 to 4.179.1 in /web (#2376)
Bumps [@patternfly/patternfly](https://github.com/patternfly/patternfly) from 4.171.1 to 4.179.1.
- [Release notes](https://github.com/patternfly/patternfly/releases)
- [Changelog](https://github.com/patternfly/patternfly/blob/main/RELEASE-NOTES.md)
- [Commits](https://github.com/patternfly/patternfly/compare/prerelease-v4.171.1...prerelease-v4.179.1)

---
updated-dependencies:
- dependency-name: "@patternfly/patternfly"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-24 10:10:29 +01:00
aca4795e0c build(deps): bump @rollup/plugin-commonjs from 21.0.1 to 21.0.2 in /web (#2377)
Bumps [@rollup/plugin-commonjs](https://github.com/rollup/plugins/tree/HEAD/packages/commonjs) from 21.0.1 to 21.0.2.
- [Release notes](https://github.com/rollup/plugins/releases)
- [Changelog](https://github.com/rollup/plugins/blob/master/packages/commonjs/CHANGELOG.md)
- [Commits](https://github.com/rollup/plugins/commits/commonjs-v21.0.2/packages/commonjs)

---
updated-dependencies:
- dependency-name: "@rollup/plugin-commonjs"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-24 10:10:04 +01:00
ff0febfecd build(deps-dev): bump selenium from 4.1.0 to 4.1.1 (#2379)
Bumps [selenium](https://github.com/SeleniumHQ/Selenium) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/SeleniumHQ/Selenium/releases)
- [Commits](https://github.com/SeleniumHQ/Selenium/commits)

---
updated-dependencies:
- dependency-name: selenium
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-24 10:09:53 +01:00
4daad4b514 web/admin: always show group/user policy options and display disclaimer
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-23 23:31:03 +01:00
677bcaadd7 core: add initial app launch url (#2367)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-23 22:48:55 +01:00
c6e9ecdd37 build(deps): bump rollup from 2.67.3 to 2.68.0 in /web (#2358) 2022-02-23 09:50:51 +01:00
c9ecad6262 build(deps): bump @rollup/plugin-replace from 3.1.0 to 4.0.0 in /web (#2359) 2022-02-23 09:50:41 +01:00
e545b3b401 build(deps): bump @rollup/plugin-babel from 5.3.0 to 5.3.1 in /web (#2360) 2022-02-23 09:50:29 +01:00
fec96ea013 build(deps): bump sentry-sdk from 1.5.4 to 1.5.6 (#2361) 2022-02-23 09:50:16 +01:00
1ac1c50b67 build(deps): bump github.com/go-openapi/runtime from 0.23.0 to 0.23.1 (#2362) 2022-02-23 09:49:40 +01:00
d2f189c1d0 root: exempt enhancement issues from stale
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-22 20:34:39 +01:00
fb33906637 internal/ldap: fix panic when parsing lists with mixed types
closes #2355

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-22 19:56:55 +01:00
6d3a94f24f build(deps): bump @typescript-eslint/eslint-plugin in /web (#2352) 2022-02-22 09:45:12 +01:00
84f594e658 build(deps): bump codemirror from 5.65.1 to 5.65.2 in /web (#2353) 2022-02-22 09:43:58 +01:00
1486bd5ab2 build(deps): bump @typescript-eslint/parser in /web (#2354) 2022-02-22 09:43:36 +01:00
2c00f4da2d build(deps): bump rollup from 2.67.2 to 2.67.3 in /web (#2347)
Bumps [rollup](https://github.com/rollup/rollup) from 2.67.2 to 2.67.3.
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rollup/rollup/compare/v2.67.2...v2.67.3)

---
updated-dependencies:
- dependency-name: rollup
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-21 09:40:51 +01:00
c10a23220b build(deps): bump rapidoc from 9.1.4 to 9.1.8 in /website (#2348)
Bumps [rapidoc](https://github.com/mrin9/RapiDoc) from 9.1.4 to 9.1.8.
- [Release notes](https://github.com/mrin9/RapiDoc/releases)
- [Commits](https://github.com/mrin9/RapiDoc/compare/v9.1.4...v9.1.8)

---
updated-dependencies:
- dependency-name: rapidoc
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-21 09:39:45 +01:00
f20243d545 build(deps): bump rapidoc from 9.1.4 to 9.1.8 in /web (#2349)
Bumps [rapidoc](https://github.com/mrin9/RapiDoc) from 9.1.4 to 9.1.8.
- [Release notes](https://github.com/mrin9/RapiDoc/releases)
- [Commits](https://github.com/mrin9/RapiDoc/compare/v9.1.4...v9.1.8)

---
updated-dependencies:
- dependency-name: rapidoc
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-21 09:39:32 +01:00
903c6422ad build(deps-dev): bump pylint-django from 2.5.1 to 2.5.2 (#2350)
Bumps [pylint-django](https://github.com/PyCQA/pylint-django) from 2.5.1 to 2.5.2.
- [Release notes](https://github.com/PyCQA/pylint-django/releases)
- [Changelog](https://github.com/PyCQA/pylint-django/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/PyCQA/pylint-django/compare/v2.5.1...v2.5.2)

---
updated-dependencies:
- dependency-name: pylint-django
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-21 09:39:19 +01:00
f5ab955536 build(deps-dev): bump coverage from 6.3.1 to 6.3.2 (#2351)
Bumps [coverage](https://github.com/nedbat/coveragepy) from 6.3.1 to 6.3.2.
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](https://github.com/nedbat/coveragepy/compare/6.3.1...6.3.2)

---
updated-dependencies:
- dependency-name: coverage
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-21 09:39:03 +01:00
3a861f0497 Translate /web/src/locales/en.po in de (#2343)
translation completed for the source file '/web/src/locales/en.po'
on the 'de' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-02-18 12:43:41 +01:00
744f250d05 providers/proxy: always set rd param in addition to session to prevent wrong url in session
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-18 10:32:22 +01:00
83d435bd3b build(deps): bump lit from 2.1.4 to 2.2.0 in /web (#2339)
Bumps [lit](https://github.com/lit/lit/tree/HEAD/packages/lit) from 2.1.4 to 2.2.0.
- [Release notes](https://github.com/lit/lit/releases)
- [Changelog](https://github.com/lit/lit/blob/main/packages/lit/CHANGELOG.md)
- [Commits](https://github.com/lit/lit/commits/lit@2.2.0/packages/lit)

---
updated-dependencies:
- dependency-name: lit
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-18 09:58:56 +01:00
945cdfe212 build(deps): bump @babel/core from 7.17.4 to 7.17.5 in /web (#2340)
Bumps [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) from 7.17.4 to 7.17.5.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.17.5/packages/babel-core)

---
updated-dependencies:
- dependency-name: "@babel/core"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-18 09:58:21 +01:00
fcc0963fab build(deps): bump lxml from 4.7.1 to 4.8.0 (#2341)
Bumps [lxml](https://github.com/lxml/lxml) from 4.7.1 to 4.8.0.
- [Release notes](https://github.com/lxml/lxml/releases)
- [Changelog](https://github.com/lxml/lxml/blob/master/CHANGES.txt)
- [Commits](https://github.com/lxml/lxml/compare/lxml-4.7.1...lxml-4.8.0)

---
updated-dependencies:
- dependency-name: lxml
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-18 09:58:07 +01:00
2ab4fcd757 build(deps): bump webauthn from 1.3.0 to 1.4.0 (#2342)
Bumps [webauthn](https://github.com/duo-labs/py_webauthn) from 1.3.0 to 1.4.0.
- [Release notes](https://github.com/duo-labs/py_webauthn/releases)
- [Changelog](https://github.com/duo-labs/py_webauthn/blob/master/CHANGELOG.md)
- [Commits](https://github.com/duo-labs/py_webauthn/compare/v1.3.0...v1.4.0)

---
updated-dependencies:
- dependency-name: webauthn
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-18 09:57:53 +01:00
bfe31b15ad web: fix locale codes
closes #2332

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-17 22:37:54 +01:00
49c4b43f32 website/docs: better explain icon URL behaviour
closes #2337

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-17 22:37:17 +01:00
19b1f3a8c1 internal/outpost: fix logic error
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-17 20:50:47 +01:00
80f218a6bf core: also handle TypeError for invalid app URL formatting
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-17 18:23:11 +01:00
61aaa90226 build(deps): bump @sentry/browser from 6.17.8 to 6.17.9 in /web (#2331)
Bumps [@sentry/browser](https://github.com/getsentry/sentry-javascript) from 6.17.8 to 6.17.9.
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-javascript/compare/6.17.8...6.17.9)

---
updated-dependencies:
- dependency-name: "@sentry/browser"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-17 10:24:21 +01:00
7fdda5a387 build(deps): bump @sentry/tracing from 6.17.8 to 6.17.9 in /web (#2333)
Bumps [@sentry/tracing](https://github.com/getsentry/sentry-javascript) from 6.17.8 to 6.17.9.
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-javascript/compare/6.17.8...6.17.9)

---
updated-dependencies:
- dependency-name: "@sentry/tracing"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-17 10:18:49 +01:00
94597fd2ad build(deps): bump uvicorn from 0.17.4 to 0.17.5 (#2334)
Bumps [uvicorn](https://github.com/encode/uvicorn) from 0.17.4 to 0.17.5.
- [Release notes](https://github.com/encode/uvicorn/releases)
- [Changelog](https://github.com/encode/uvicorn/blob/master/CHANGELOG.md)
- [Commits](https://github.com/encode/uvicorn/compare/0.17.4...0.17.5)

---
updated-dependencies:
- dependency-name: uvicorn
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-17 10:18:29 +01:00
09808883f4 build(deps-dev): bump pylint-django from 2.5.0 to 2.5.1 (#2335)
Bumps [pylint-django](https://github.com/PyCQA/pylint-django) from 2.5.0 to 2.5.1.
- [Release notes](https://github.com/PyCQA/pylint-django/releases)
- [Changelog](https://github.com/PyCQA/pylint-django/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/PyCQA/pylint-django/compare/v2.5.0...v2.5.1)

---
updated-dependencies:
- dependency-name: pylint-django
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-17 10:17:51 +01:00
81ecb85a55 Translate /web/src/locales/en.po in zh-Hans (#2326)
translation completed for the source file '/web/src/locales/en.po'
on the 'zh-Hans' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-02-16 13:41:44 +01:00
21bfaa3927 Translate /web/src/locales/en.po in zh_TW (#2327)
translation completed for the source file '/web/src/locales/en.po'
on the 'zh_TW' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-02-16 13:41:36 +01:00
1c9c7be1c0 Translate /web/src/locales/en.po in zh-Hant (#2328)
translation completed for the source file '/web/src/locales/en.po'
on the 'zh-Hant' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-02-16 13:41:28 +01:00
5a11dc567e web: Update Web API Client version (#2325)
Signed-off-by: GitHub <noreply@github.com>

Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
2022-02-16 11:33:54 +01:00
4a1acd377b release: 2022.2.1 2022-02-16 10:51:55 +01:00
c5b84a91d1 website/docs: add 2022.2 release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-16 10:27:25 +01:00
e77ecda3b8 root: update security
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-16 10:20:32 +01:00
4e317c10c5 Revert "website/docs: revert to akprox for now"
This reverts commit 9070df6c26.

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	website/docs/providers/proxy/_nginx_ingress.md
#	website/docs/providers/proxy/_nginx_proxy_manager.md
#	website/docs/providers/proxy/_nginx_standalone.md
2022-02-16 10:19:33 +01:00
eb05a3ddb8 build(deps): bump @sentry/browser from 6.17.7 to 6.17.8 in /web (#2318) 2022-02-16 09:13:04 +01:00
a22d6a0924 build(deps): bump @sentry/tracing from 6.17.7 to 6.17.8 in /web (#2319) 2022-02-16 09:10:54 +01:00
3f0d67779a build(deps): bump lit from 2.1.3 to 2.1.4 in /web (#2320) 2022-02-16 09:10:38 +01:00
0a937ae8e9 build(deps): bump @babel/core from 7.17.2 to 7.17.4 in /web (#2321) 2022-02-16 09:10:23 +01:00
f8d94f3039 build(deps): bump github.com/go-ldap/ldap/v3 from 3.4.1 to 3.4.2 (#2323) 2022-02-16 09:10:04 +01:00
6bb261ac62 build(deps): bump github.com/gorilla/websocket from 1.4.2 to 1.5.0 (#2324) 2022-02-16 09:09:39 +01:00
45f2c5bae7 web/admin: fix invalid URLs in example proxy config
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-15 23:24:27 +01:00
5d8c1aa0b0 outposts/proxy: correctly check host in forward domain redirect
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#1997
2022-02-15 14:58:19 +01:00
0101368369 outposts/proxy: fix logic error in rd argument
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#1997
2022-02-15 13:43:55 +01:00
4854f81592 outposts/proxy: correctly handle ?rd= param
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#1997
2022-02-15 11:05:03 +01:00
4bed6e02e5 Revert "build(deps): bump sentry-sdk from 1.5.4 to 1.5.5 (#2315)"
This reverts commit b6edf990e0.
2022-02-15 10:24:11 +01:00
908f123d0e website/docs: update nginx config
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-15 10:24:08 +01:00
256dd24a1e build(deps): bump @typescript-eslint/parser in /web (#2312)
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.11.0 to 5.12.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.12.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-15 10:06:18 +01:00
d4284407f9 build(deps): bump @typescript-eslint/eslint-plugin in /web (#2313)
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.11.0 to 5.12.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.12.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-15 10:04:33 +01:00
80da5dfc52 build(deps): bump webauthn from 1.2.1 to 1.3.0 (#2314)
Bumps [webauthn](https://github.com/duo-labs/py_webauthn) from 1.2.1 to 1.3.0.
- [Release notes](https://github.com/duo-labs/py_webauthn/releases)
- [Changelog](https://github.com/duo-labs/py_webauthn/blob/master/CHANGELOG.md)
- [Commits](https://github.com/duo-labs/py_webauthn/compare/v1.2.1...v1.3.0)

---
updated-dependencies:
- dependency-name: webauthn
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-15 10:04:17 +01:00
b6edf990e0 build(deps): bump sentry-sdk from 1.5.4 to 1.5.5 (#2315)
Bumps [sentry-sdk](https://github.com/getsentry/sentry-python) from 1.5.4 to 1.5.5.
- [Release notes](https://github.com/getsentry/sentry-python/releases)
- [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-python/compare/1.5.4...1.5.5)

---
updated-dependencies:
- dependency-name: sentry-sdk
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-15 09:56:32 +01:00
a66dcf9382 build(deps): bump kubernetes from 21.7.0 to 22.6.0 (#2316)
Bumps [kubernetes](https://github.com/kubernetes-client/python) from 21.7.0 to 22.6.0.
- [Release notes](https://github.com/kubernetes-client/python/releases)
- [Changelog](https://github.com/kubernetes-client/python/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kubernetes-client/python/compare/v21.7.0...v22.6.0)

---
updated-dependencies:
- dependency-name: kubernetes
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-15 09:56:22 +01:00
9095a840d5 build(deps-dev): bump importlib-metadata from 4.11.0 to 4.11.1 (#2317)
Bumps [importlib-metadata](https://github.com/python/importlib_metadata) from 4.11.0 to 4.11.1.
- [Release notes](https://github.com/python/importlib_metadata/releases)
- [Changelog](https://github.com/python/importlib_metadata/blob/main/CHANGES.rst)
- [Commits](https://github.com/python/importlib_metadata/compare/v4.11.0...v4.11.1)

---
updated-dependencies:
- dependency-name: importlib-metadata
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-15 09:56:12 +01:00
72259f6479 events: fix lint
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-14 23:15:45 +01:00
0973c74b9d providers/oauth2: fix redirect_uri being lowercased on successful validation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-14 23:04:00 +01:00
c7ed4f7ac1 events: check mtime on geoip database
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-14 22:42:46 +01:00
3d577cf15e *: add placeholder custom.css to easily allow user customisation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-14 20:05:00 +01:00
5474a32573 Translate /web/src/locales/en.po in zh_TW (#2308) 2022-02-14 15:36:54 +01:00
a5940b88e3 Translate /web/src/locales/en.po in zh-Hant (#2307) 2022-02-14 15:36:37 +01:00
ff15716012 Translate /web/src/locales/en.po in zh-Hans (#2306) 2022-02-14 15:36:27 +01:00
c040b13b29 providers/proxy: remove leading slash to allow subdirectories in proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2305
2022-02-14 12:51:04 +01:00
4915e980c5 providers/proxy: revert Host header behaviour
closes #2284

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-14 12:39:16 +01:00
df362dd9ea core: handle error when formatting launch URL fails closes #2304 2022-02-14 12:02:51 +01:00
d4e4f93cb4 Revert "build(deps): bump sentry-sdk from 1.5.4 to 1.5.5 (#2303)"
This reverts commit 3de224690a.
2022-02-14 09:55:39 +01:00
3af0de6a00 Revert "root: disable sentry's auto_session_tracking"
This reverts commit 4f24d61290.
2022-02-14 09:55:35 +01:00
4f24d61290 root: disable sentry's auto_session_tracking
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-14 09:44:12 +01:00
4c5c4dcf2c build(deps): bump @sentry/tracing from 6.17.6 to 6.17.7 in /web (#2296) 2022-02-14 08:57:12 +01:00
660b5cb6c6 build(deps): bump chart.js from 3.7.0 to 3.7.1 in /web (#2297) 2022-02-14 08:56:52 +01:00
6ff1ea73a9 build(deps): bump @sentry/browser from 6.17.6 to 6.17.7 in /web (#2298) 2022-02-14 08:56:13 +01:00
3de224690a build(deps): bump sentry-sdk from 1.5.4 to 1.5.5 (#2303) 2022-02-14 08:56:02 +01:00
d4624b510a build(deps): bump eslint from 8.8.0 to 8.9.0 in /web (#2299) 2022-02-14 08:55:42 +01:00
8856d762d0 build(deps): bump @rollup/plugin-replace from 3.0.1 to 3.1.0 in /web (#2300) 2022-02-14 08:55:27 +01:00
5d1cbf14d1 build(deps): bump actions/github-script from 5 to 6 (#2301) 2022-02-14 08:55:11 +01:00
6d5207f644 build(deps-dev): bump pytest from 7.0.0 to 7.0.1 (#2302) 2022-02-14 08:54:53 +01:00
3b6497cd51 outposts: ensure keypair is set for SSH connections
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-13 15:39:37 +01:00
ff7320b0f8 website/docs: update nginx ingress docs again
closes #2235

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-13 14:48:47 +01:00
e5a393c534 internal: increase logging for no hostname found
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-13 14:36:56 +01:00
bb4be944dc sources/ldap: use merger that only appends unique items to list
closes #2211

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-13 14:20:13 +01:00
21efee8f44 admin: add additional logging when restarting a task
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-12 18:40:21 +01:00
f61549a60f providers/proxy: enable TLS in ingress via traefik annotation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#1997
2022-02-12 18:35:24 +01:00
0a7bafd1b2 website/docs: add nginx note for domain auth
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-12 18:14:14 +01:00
b3987c5fa0 website/docs: update nginx ingress docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2235
2022-02-12 18:06:04 +01:00
0da043a9fe outposts: make local discovery configurable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-12 17:27:41 +01:00
f336f204cb stages/authenticator_validate: fix handling when single configuration stage is selected
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-12 17:27:33 +01:00
3bfcf18492 build(deps): bump follow-redirects from 1.14.6 to 1.14.8 in /website (#2293)
Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.14.6 to 1.14.8.
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](https://github.com/follow-redirects/follow-redirects/compare/v1.14.6...v1.14.8)

---
updated-dependencies:
- dependency-name: follow-redirects
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-12 16:59:10 +01:00
dfafe8b43d web: Update Web API Client version (#2292)
Signed-off-by: GitHub <noreply@github.com>

Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
2022-02-12 16:58:10 +01:00
b5d43b15f8 providers/oauth2: add support for explicit response_mode
closes #1953

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-12 16:56:47 +01:00
2ccab75021 stages/authenticator_validate: add ability to select multiple configuration stages which the user can choose
closes #1843

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-12 16:55:50 +01:00
9070df6c26 website/docs: revert to akprox for now
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-11 23:37:46 +01:00
a1c8ad55ad web: add german locale
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-11 22:09:05 +01:00
872c05c690 Translate /web/src/locales/en.po in de (#2291)
translation completed for the source file '/web/src/locales/en.po'
on the 'de' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-02-11 20:16:47 +01:00
a9528dc1b5 build(deps): bump golang from 1.17.6-bullseye to 1.17.7-bullseye (#2286) 2022-02-11 09:45:53 +01:00
0e59ade1f2 build(deps): bump rollup from 2.67.1 to 2.67.2 in /web (#2287) 2022-02-11 09:45:35 +01:00
5ac49c695d build(deps): bump country-flag-icons from 1.4.20 to 1.4.21 in /web (#2288) 2022-02-11 09:45:22 +01:00
3a30ecbe76 build(deps-dev): bump importlib-metadata from 4.10.1 to 4.11.0 (#2289) 2022-02-11 09:45:03 +01:00
1f838bb2aa outposts/proxy: add X-Forwarded-Host since Host now gets changed by the proxy
closes #2284

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-10 23:09:55 +01:00
cc42830e23 website/integrations: add Paperless-ng instructions (#2225)
* Update instructions

I've updated the steps to provide some clarity around certain areas that tripped me up as a newcomer to authentik trying to follow these instructions.

* Added Paperless

Added authentik instructions for Paperless-ng

* Moved to paperless-ng directory

* Minor update to remove redundant part

Removed example authentik.company as these instructions do not require referencing authentik host name directly.

* Added Paperless-ng

* Typo fix

* Formatting changes

Updated changes based on feedback
2022-02-10 09:45:22 +01:00
593eb959ca Translate /web/src/locales/en.po in zh-Hans (#2278)
translation completed for the source file '/web/src/locales/en.po'
on the 'zh-Hans' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-02-10 09:44:55 +01:00
5bb6785ad6 Translate /web/src/locales/en.po in zh-Hant (#2279)
translation completed for the source file '/web/src/locales/en.po'
on the 'zh-Hant' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-02-10 09:44:47 +01:00
535c11a729 Translate /web/src/locales/en.po in zh_TW (#2280)
translation completed for the source file '/web/src/locales/en.po'
on the 'zh_TW' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-02-10 09:44:39 +01:00
a0fa8d8524 web: Update Web API Client version (#2277)
Signed-off-by: GitHub <noreply@github.com>

Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
2022-02-09 22:46:16 +01:00
c14025c579 Merge branch 'version-2022.1'
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	poetry.lock
2022-02-09 22:45:26 +01:00
8bc3db7c90 release: 2022.1.5 2022-02-09 22:42:34 +01:00
eaad564e23 release: 2022.1.5 2022-02-09 22:31:26 +01:00
511a94975b website/docs: add 2022.1.5 release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-09 22:31:14 +01:00
015810a2fd internal: fix CSRF error caused by Host header
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-09 22:22:53 +01:00
e70e6b84c2 internal: trace headers and url for backend requests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-09 22:22:50 +01:00
d0b9c9a26f internal: remove uvicorn server header
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-09 22:22:46 +01:00
3e403fa348 internal: improve error handling for internal reverse proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-09 22:22:41 +01:00
48f4a971ef internal: don't attempt to lookup SNI Certificate if no SNI is sent
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-09 22:22:39 +01:00
6314be14ad core: allow formatting strings to be used for applications' launch URLs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-09 22:22:29 +01:00
1a072c6c39 web/admin: fix mismatched icons in overview and lists
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-09 22:22:26 +01:00
ef2eed0bdf outposts: fix compare_ports to support both service and container ports
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-09 22:22:20 +01:00
91227b1e96 outposts: fix service reconciler re-creating services
closes #2095

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-09 22:22:16 +01:00
67d68629da providers/proxy: fix Host/:Authority not being modified
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-09 22:22:08 +01:00
e875db8f66 stages/authenticator_validate: handle non-existent device_challenges
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-09 22:22:02 +01:00
055a76393d outposts: remove node_port on V1ServicePort checks to prevent service creation loops
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2095
2022-02-09 22:21:58 +01:00
0754821628 providers/proxy: improve error handling for invalid backend_override
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-09 22:21:55 +01:00
fca88d9896 sources/ldap: log entire exception
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-09 22:21:48 +01:00
dfe0404c51 sources/saml: fix server error
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-09 22:21:24 +01:00
fa61696b46 sources/saml: fix incorrect ProtocolBinding being sent
closes #2213

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-09 22:21:15 +01:00
e5773738f4 outposts: fix channel not always having a logger attribute
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-09 22:21:12 +01:00
cac8539d79 providers/proxy: fix nil error in claims
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-09 22:21:08 +01:00
cf600f6f26 build(deps): bump uvicorn from 0.17.1 to 0.17.3 (#2229)
Bumps [uvicorn](https://github.com/encode/uvicorn) from 0.17.1 to 0.17.3.
- [Release notes](https://github.com/encode/uvicorn/releases)
- [Changelog](https://github.com/encode/uvicorn/blob/master/CHANGELOG.md)
- [Commits](https://github.com/encode/uvicorn/compare/0.17.1...0.17.3)

---
updated-dependencies:
- dependency-name: uvicorn
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-09 17:56:53 +01:00
e194715c3e internal: fix CSRF error caused by Host header
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-09 14:34:55 +01:00
787f02d5dc Translate /web/src/locales/en.po in pl (#2274)
translation completed for the source file '/web/src/locales/en.po'
on the 'pl' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-02-09 14:07:05 +01:00
a0ed01a610 Translate /web/src/locales/en.po in pl_PL (#2275)
translation completed for the source file '/web/src/locales/en.po'
on the 'pl_PL' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-02-09 14:06:41 +01:00
02ba493759 internal: trace headers and url for backend requests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-09 12:48:17 +01:00
a7fea5434d internal: remove uvicorn server header
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-09 12:38:47 +01:00
4fb783e953 internal: improve error handling for internal reverse proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-09 12:33:37 +01:00
affbf85699 internal: don't attempt to lookup SNI Certificate if no SNI is sent
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-09 12:33:25 +01:00
0d92112a3f website/docs: add backend_override docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-09 10:41:42 +01:00
b1ad3ec9db website/docs: highlight breaking nginx header change
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-09 10:33:04 +01:00
c0601baca6 web: add additional locales
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-09 10:09:07 +01:00
057c5c5e9a build(deps): bump @sentry/tracing from 6.17.5 to 6.17.6 in /web (#2270) 2022-02-09 09:04:15 +01:00
05429ab848 build(deps): bump @babel/plugin-proposal-decorators in /web (#2272) 2022-02-09 09:04:02 +01:00
b66d51a699 Translate /web/src/locales/en.po in zh-Hans (#2267) 2022-02-09 09:03:51 +01:00
f834bc0ff2 Translate /web/src/locales/en.po in zh-Hant (#2269) 2022-02-09 09:03:29 +01:00
93fd883d7a Translate /web/src/locales/en.po in zh_TW (#2268) 2022-02-09 09:03:16 +01:00
7e080d4d68 build(deps): bump @babel/core from 7.17.0 to 7.17.2 in /web (#2271) 2022-02-09 09:02:34 +01:00
3e3ca22d04 build(deps): bump @sentry/browser from 6.17.5 to 6.17.6 in /web (#2273) 2022-02-09 09:02:15 +01:00
e741caa6b3 core: allow formatting strings to be used for applications' launch URLs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-08 23:46:23 +01:00
4343246a41 *: rename akprox to outpost.goauthentik.io (#2266)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-08 20:25:38 +01:00
3f6f83b4b6 web/admin: fix mismatched icons in overview and lists
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-08 19:03:57 +01:00
c63e1c9b87 outposts: fix compare_ports to support both service and container ports
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-08 17:40:49 +01:00
f44cf06d22 outposts: fix service reconciler re-creating services
closes #2095

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-08 17:23:00 +01:00
3f609b8601 Translate /web/src/locales/en.po in zh_TW (#2263)
translation completed for the source file '/web/src/locales/en.po'
on the 'zh_TW' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-02-08 16:36:25 +01:00
edd89b44a4 Translate /web/src/locales/en.po in zh-Hans (#2262)
translation completed for the source file '/web/src/locales/en.po'
on the 'zh-Hans' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-02-08 16:36:12 +01:00
3e58748862 Translate /web/src/locales/en.po in zh-Hant (#2261)
translation completed for the source file '/web/src/locales/en.po'
on the 'zh-Hant' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-02-08 16:36:02 +01:00
7088a6b0e6 providers/proxy: fix Host/:Authority not being modified
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-08 16:30:26 +01:00
6c880e0e62 website/docs: Enable 'secure' option for pwgen (#2260)
* Enable 'secure' option for pwgen

As per the [pwgen manual](https://linux.die.net/man/1/pwgen, "pwgen manual"), the "-s"(secure) option instructs pwgen to generate completely random passwords, where as the default for pwgen is to generate more memorable passwords. Since, the passwords generated in this part of the installation process are to be "remembered" by the dot env file, I believe that users may benefit from the additional entropy provided by the "-s" option in pwgen.

* Enable 'secure' option for pwgen
2022-02-08 12:24:29 +01:00
cb1e70be7f website/integrations: add documentation for roundcube webmail client (#2104)
* Add documentation for roundcube webmail client

Includes required dovecot configuration snippet.

* added roundcube to sidebar links

* fixed typo

* clean up formatting 

Tighten up extra info and match format to other integration documents

* fix roundcube wiki url display
2022-02-08 12:24:14 +01:00
6ba150f737 build(deps): bump @sentry/browser from 6.17.4 to 6.17.5 in /web (#2252)
Bumps [@sentry/browser](https://github.com/getsentry/sentry-javascript) from 6.17.4 to 6.17.5.
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-javascript/compare/6.17.4...6.17.5)

---
updated-dependencies:
- dependency-name: "@sentry/browser"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-08 09:49:33 +01:00
131769ea73 build(deps): bump @typescript-eslint/parser in /web (#2253)
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.10.2 to 5.11.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.11.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-08 09:49:15 +01:00
e68adbb30d build(deps): bump rollup from 2.67.0 to 2.67.1 in /web (#2254)
Bumps [rollup](https://github.com/rollup/rollup) from 2.67.0 to 2.67.1.
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rollup/rollup/compare/v2.67.0...v2.67.1)

---
updated-dependencies:
- dependency-name: rollup
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-08 09:48:54 +01:00
f1eef09099 build(deps): bump @sentry/tracing from 6.17.4 to 6.17.5 in /web (#2255)
Bumps [@sentry/tracing](https://github.com/getsentry/sentry-javascript) from 6.17.4 to 6.17.5.
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-javascript/compare/6.17.4...6.17.5)

---
updated-dependencies:
- dependency-name: "@sentry/tracing"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-08 09:48:46 +01:00
5ab3c7fa9f build(deps): bump lit from 2.1.2 to 2.1.3 in /web (#2256)
Bumps [lit](https://github.com/lit/lit/tree/HEAD/packages/lit) from 2.1.2 to 2.1.3.
- [Release notes](https://github.com/lit/lit/releases)
- [Changelog](https://github.com/lit/lit/blob/main/packages/lit/CHANGELOG.md)
- [Commits](https://github.com/lit/lit/commits/lit@2.1.3/packages/lit)

---
updated-dependencies:
- dependency-name: lit
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-08 09:48:41 +01:00
d0cec39a0f build(deps): bump @typescript-eslint/eslint-plugin in /web (#2257)
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.10.2 to 5.11.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.11.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-08 09:48:00 +01:00
e15f53a39a build(deps): bump @fortawesome/fontawesome-free in /web (#2258)
Bumps [@fortawesome/fontawesome-free](https://github.com/FortAwesome/Font-Awesome) from 5.15.4 to 6.0.0.
- [Release notes](https://github.com/FortAwesome/Font-Awesome/releases)
- [Changelog](https://github.com/FortAwesome/Font-Awesome/blob/master/CHANGELOG.md)
- [Commits](https://github.com/FortAwesome/Font-Awesome/compare/5.15.4...6.0.0)

---
updated-dependencies:
- dependency-name: "@fortawesome/fontawesome-free"
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-08 09:47:44 +01:00
25fb995663 build(deps): bump twisted from 21.7.0 to 22.1.0 (#2259)
Bumps [twisted](https://github.com/twisted/twisted) from 21.7.0 to 22.1.0.
- [Release notes](https://github.com/twisted/twisted/releases)
- [Changelog](https://github.com/twisted/twisted/blob/trunk/NEWS.rst)
- [Commits](https://github.com/twisted/twisted/compare/twisted-21.7.0...twisted-22.1.0)

---
updated-dependencies:
- dependency-name: twisted
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-08 09:44:32 +01:00
eac658c64f web: update background image
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-07 20:46:47 +01:00
15e2032493 stages/authenticator_validate: handle non-existent device_challenges
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-07 20:31:49 +01:00
c87f6cd9d9 outposts: remove node_port on V1ServicePort checks to prevent service creation loops
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2095
2022-02-07 20:26:14 +01:00
e758995458 providers/proxy: improve error handling for invalid backend_override
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-07 19:59:06 +01:00
20c284a188 website/docs: improve docs for application access
closes #2245

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-07 19:42:42 +01:00
b0936ea8f3 sources/ldap: log entire exception
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-07 19:37:39 +01:00
bfc0f4a413 build(deps): bump github.com/go-openapi/runtime from 0.22.0 to 0.23.0 (#2249)
Bumps [github.com/go-openapi/runtime](https://github.com/go-openapi/runtime) from 0.22.0 to 0.23.0.
- [Release notes](https://github.com/go-openapi/runtime/releases)
- [Commits](https://github.com/go-openapi/runtime/compare/v0.22.0...v0.23.0)

---
updated-dependencies:
- dependency-name: github.com/go-openapi/runtime
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-07 10:04:05 +01:00
1a9a90cf6a build(deps): bump @formatjs/intl-listformat from 6.5.1 to 6.5.2 in /web (#2248)
Bumps [@formatjs/intl-listformat](https://github.com/formatjs/formatjs) from 6.5.1 to 6.5.2.
- [Release notes](https://github.com/formatjs/formatjs/releases)
- [Commits](https://github.com/formatjs/formatjs/compare/@formatjs/intl-listformat@6.5.1...@formatjs/intl-listformat@6.5.2)

---
updated-dependencies:
- dependency-name: "@formatjs/intl-listformat"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-07 10:03:36 +01:00
00f1a6fa48 build(deps): bump github.com/go-openapi/strfmt from 0.21.1 to 0.21.2 (#2250)
Bumps [github.com/go-openapi/strfmt](https://github.com/go-openapi/strfmt) from 0.21.1 to 0.21.2.
- [Release notes](https://github.com/go-openapi/strfmt/releases)
- [Commits](https://github.com/go-openapi/strfmt/compare/v0.21.1...v0.21.2)

---
updated-dependencies:
- dependency-name: github.com/go-openapi/strfmt
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-07 10:03:20 +01:00
33754a06d2 website/integrations: update gitea integration documentation (#2182)
Newer gitea versions now expose "additional OIDC mapping" to admin GUI.
The configuration file change required in previous versions can now be
done in the GUI.
2022-02-06 15:17:52 +01:00
69b838e1cf web: Update Web API Client version (#2244)
Signed-off-by: GitHub <noreply@github.com>

Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
2022-02-05 18:56:13 +01:00
d5e04a2301 *: remove deprecated backup (#2129)
* *: remove backup

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix lint

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* website/docs: add docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* *: final cleanup

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* ci: use correct pyproject when migrating from stable

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* website/docs: fix broken docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-05 18:54:15 +01:00
fbf251280f core: compile backend translations (#2243)
Signed-off-by: GitHub <noreply@github.com>

Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
2022-02-05 16:52:38 +01:00
eaadf62f01 Apply translations in zh-Hant (#2242)
translation completed for the source file '/locale/en/LC_MESSAGES/django.po'
on the 'zh-Hant' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-02-05 16:23:51 +01:00
8c33e7a7c1 Apply translations in zh_TW (#2241)
translation completed for the source file '/locale/en/LC_MESSAGES/django.po'
on the 'zh_TW' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-02-05 16:23:43 +01:00
a7d9a80a28 Apply translations in zh-Hans (#2240)
translation completed for the source file '/locale/en/LC_MESSAGES/django.po'
on the 'zh-Hans' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-02-05 16:23:36 +01:00
2ea5dce8d3 build(deps): bump uvicorn from 0.17.3 to 0.17.4 (#2238)
Bumps [uvicorn](https://github.com/encode/uvicorn) from 0.17.3 to 0.17.4.
- [Release notes](https://github.com/encode/uvicorn/releases)
- [Changelog](https://github.com/encode/uvicorn/blob/master/CHANGELOG.md)
- [Commits](https://github.com/encode/uvicorn/compare/0.17.3...0.17.4)

---
updated-dependencies:
- dependency-name: uvicorn
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-05 16:23:27 +01:00
14bf01efe4 build(deps-dev): bump pytest from 6.2.5 to 7.0.0 (#2237)
Bumps [pytest](https://github.com/pytest-dev/pytest) from 6.2.5 to 7.0.0.
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pytest-dev/pytest/compare/6.2.5...7.0.0)

---
updated-dependencies:
- dependency-name: pytest
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-05 16:23:19 +01:00
67b24a60e4 build(deps): bump boto3 from 1.20.48 to 1.20.49 (#2236)
Bumps [boto3](https://github.com/boto/boto3) from 1.20.48 to 1.20.49.
- [Release notes](https://github.com/boto/boto3/releases)
- [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst)
- [Commits](https://github.com/boto/boto3/compare/1.20.48...1.20.49)

---
updated-dependencies:
- dependency-name: boto3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-05 16:23:03 +01:00
e6775297cb build(deps): bump pycryptodome from 3.14.0 to 3.14.1 (#2239)
Bumps [pycryptodome](https://github.com/Legrandin/pycryptodome) from 3.14.0 to 3.14.1.
- [Release notes](https://github.com/Legrandin/pycryptodome/releases)
- [Changelog](https://github.com/Legrandin/pycryptodome/blob/master/Changelog.rst)
- [Commits](https://github.com/Legrandin/pycryptodome/compare/v3.14.0...v3.14.1)

---
updated-dependencies:
- dependency-name: pycryptodome
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-05 16:22:51 +01:00
4e4e2b36b6 sources/saml: fix server error
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-05 15:41:26 +01:00
3189c56fc3 website/docs: default to upgrade with install flag set (#2234) 2022-02-04 22:36:34 +01:00
5b5ea47b7a Translate /web/src/locales/en.po in pl_PL (#2233)
translation completed for the source file '/web/src/locales/en.po'
on the 'pl_PL' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-02-04 21:59:00 +01:00
caa382f898 build(deps): bump @trivago/prettier-plugin-sort-imports in /web (#2227)
Bumps [@trivago/prettier-plugin-sort-imports](https://github.com/trivago/prettier-plugin-sort-imports) from 3.1.1 to 3.2.0.
- [Release notes](https://github.com/trivago/prettier-plugin-sort-imports/releases)
- [Changelog](https://github.com/trivago/prettier-plugin-sort-imports/blob/master/CHANGELOG.md)
- [Commits](https://github.com/trivago/prettier-plugin-sort-imports/compare/v3.1.1...v3.2.0)

---
updated-dependencies:
- dependency-name: "@trivago/prettier-plugin-sort-imports"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-04 10:17:21 +01:00
2d63488197 build(deps): bump boto3 from 1.20.47 to 1.20.48 (#2228)
Bumps [boto3](https://github.com/boto/boto3) from 1.20.47 to 1.20.48.
- [Release notes](https://github.com/boto/boto3/releases)
- [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst)
- [Commits](https://github.com/boto/boto3/compare/1.20.47...1.20.48)

---
updated-dependencies:
- dependency-name: boto3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-04 10:16:52 +01:00
c1c8e4c8d4 build(deps): bump uvicorn from 0.17.1 to 0.17.3 (#2229)
Bumps [uvicorn](https://github.com/encode/uvicorn) from 0.17.1 to 0.17.3.
- [Release notes](https://github.com/encode/uvicorn/releases)
- [Changelog](https://github.com/encode/uvicorn/blob/master/CHANGELOG.md)
- [Commits](https://github.com/encode/uvicorn/compare/0.17.1...0.17.3)

---
updated-dependencies:
- dependency-name: uvicorn
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-04 10:16:37 +01:00
a0e451c5e5 website/integrations: clarify some steps Nextcloud SAML (#2222)
I've updated the steps to provide some clarity around certain areas that tripped me up as a newcomer to authentik trying to follow these instructions.
2022-02-03 23:15:57 +01:00
eaba8006e6 sources/saml: fix incorrect ProtocolBinding being sent
closes #2213

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-03 18:20:06 +01:00
39ff202f8c outposts: fix channel not always having a logger attribute
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-03 17:58:54 +01:00
654e0d6245 providers/proxy: fix nil error in claims
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-03 17:58:38 +01:00
ec04443493 build(deps): bump @babel/plugin-proposal-decorators in /web (#2215)
Bumps [@babel/plugin-proposal-decorators](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-proposal-decorators) from 7.16.7 to 7.17.0.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.17.0/packages/babel-plugin-proposal-decorators)

---
updated-dependencies:
- dependency-name: "@babel/plugin-proposal-decorators"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-03 09:40:17 +01:00
d247c262af build(deps): bump @sentry/tracing from 6.17.3 to 6.17.4 in /web (#2214)
Bumps [@sentry/tracing](https://github.com/getsentry/sentry-javascript) from 6.17.3 to 6.17.4.
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-javascript/compare/6.17.3...6.17.4)

---
updated-dependencies:
- dependency-name: "@sentry/tracing"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-03 09:39:32 +01:00
dff49b2bef build(deps): bump @sentry/browser from 6.17.3 to 6.17.4 in /web (#2216)
Bumps [@sentry/browser](https://github.com/getsentry/sentry-javascript) from 6.17.3 to 6.17.4.
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-javascript/compare/6.17.3...6.17.4)

---
updated-dependencies:
- dependency-name: "@sentry/browser"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-03 09:38:53 +01:00
50666a76fb build(deps): bump flowchart.js from 1.17.0 to 1.17.1 in /web (#2217)
Bumps [flowchart.js](https://github.com/adrai/flowchart.js) from 1.17.0 to 1.17.1.
- [Release notes](https://github.com/adrai/flowchart.js/releases)
- [Changelog](https://github.com/adrai/flowchart.js/blob/master/releasenotes.md)
- [Commits](https://github.com/adrai/flowchart.js/compare/v1.17.0...v1.17.1)

---
updated-dependencies:
- dependency-name: flowchart.js
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-03 09:38:43 +01:00
b51a7f9746 build(deps): bump @babel/plugin-transform-runtime in /web (#2218)
Bumps [@babel/plugin-transform-runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-runtime) from 7.16.10 to 7.17.0.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.17.0/packages/babel-plugin-transform-runtime)

---
updated-dependencies:
- dependency-name: "@babel/plugin-transform-runtime"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-03 09:38:32 +01:00
001dfd9f6c build(deps): bump @babel/core from 7.16.12 to 7.17.0 in /web (#2219)
Bumps [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) from 7.16.12 to 7.17.0.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.17.0/packages/babel-core)

---
updated-dependencies:
- dependency-name: "@babel/core"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-03 09:38:21 +01:00
5e4fbeeb25 build(deps): bump rollup from 2.66.1 to 2.67.0 in /web (#2220)
Bumps [rollup](https://github.com/rollup/rollup) from 2.66.1 to 2.67.0.
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rollup/rollup/compare/v2.66.1...v2.67.0)

---
updated-dependencies:
- dependency-name: rollup
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-03 09:38:03 +01:00
2c910bf6ca build(deps): bump boto3 from 1.20.46 to 1.20.47 (#2221)
Bumps [boto3](https://github.com/boto/boto3) from 1.20.46 to 1.20.47.
- [Release notes](https://github.com/boto/boto3/releases)
- [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst)
- [Commits](https://github.com/boto/boto3/compare/1.20.46...1.20.47)

---
updated-dependencies:
- dependency-name: boto3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-03 09:37:26 +01:00
9b11319e81 build(deps-dev): bump coverage from 6.3 to 6.3.1 (#2209)
Bumps [coverage](https://github.com/nedbat/coveragepy) from 6.3 to 6.3.1.
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](https://github.com/nedbat/coveragepy/compare/6.3...6.3.1)

---
updated-dependencies:
- dependency-name: coverage
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-02 09:49:44 +01:00
40dc4b3fb8 build(deps): bump postcss from 8.4.5 to 8.4.6 in /website (#2207) 2022-02-02 09:41:37 +01:00
0e37b98968 build(deps): bump drf-spectacular from 0.21.1 to 0.21.2 (#2210) 2022-02-02 09:40:22 +01:00
7e132eb014 web: Update Web API Client version (#2206)
Signed-off-by: GitHub <noreply@github.com>

Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
2022-02-01 21:04:47 +01:00
49dfb4756e release: 2022.1.4 2022-02-01 20:12:55 +01:00
814758e2aa website/docs: prepare 2022.1.4
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-01 19:27:25 +01:00
5c42dac5e2 web/user: include locale code in locale selection
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-01 19:19:37 +01:00
88603fa4f7 providers/proxy: set traefik labels using object_naming_template instead of UUID 2022-02-01 17:13:27 +00:00
0232c4e162 lifecycle: send analytics in gunicorn config to decrease outgoing requests when workers get restarted
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-01 15:01:43 +01:00
11753c1fe1 build(deps): bump django from 4.0.1 to 4.0.2 (#2204)
Bumps [django](https://github.com/django/django) from 4.0.1 to 4.0.2.
- [Release notes](https://github.com/django/django/releases)
- [Commits](https://github.com/django/django/compare/4.0.1...4.0.2)

---
updated-dependencies:
- dependency-name: django
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-01 10:59:04 +01:00
f5cc6c67ec providers/proxy: fix routing for external_host when using forward_auth_domain
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2180
2022-02-01 10:14:46 +01:00
8b8ed3527a build(deps): bump @typescript-eslint/parser in /web (#2200) 2022-02-01 09:11:41 +01:00
1aa0274e7c build(deps): bump @typescript-eslint/eslint-plugin in /web (#2201) 2022-02-01 09:09:34 +01:00
ecd33ca0c1 build(deps): bump github.com/go-openapi/runtime from 0.21.1 to 0.22.0 (#2202) 2022-02-01 09:09:18 +01:00
e93be0de9a sources/ldap: add list_flatten function to property mappings, enable on managed LDAP mappings
closes #2199

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-31 23:07:32 +01:00
a5adc4f8ed core: fix view_token permission not being assigned on token creation for non-admin user
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-31 20:00:30 +01:00
a6baed9753 web/flows: fix width on flow container 2022-01-31 14:11:25 +00:00
ceaf832e63 root: remove boto integration in sentry to ease backup removal 2022-01-31 13:47:18 +00:00
a6b0b14685 Translate /web/src/locales/en.po in pl (#2197)
translation completed for the source file '/web/src/locales/en.po'
on the 'pl' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-01-31 14:17:26 +01:00
f679250edd lifecycle: remove gunicorn reload option
should help with #2159
2022-01-31 12:06:08 +00:00
acc4de2235 web: add pl locale 2022-01-31 11:50:05 +00:00
56a8276dbf website/integrations: update active directory docs (#2177) 2022-01-31 12:11:01 +01:00
6dfe6edbef website/integrations: add zulip (#2106)
* add zulip to sidebar links

* added Zulip chat integration documentation

* fix markdown typo

* add note about using Post for saml binding

* added missing ACS info and cleaned up

format matches other integration documents
2022-01-31 12:10:30 +01:00
6af4bd0d9a build(deps): bump construct-style-sheets-polyfill in /web (#2189)
Bumps [construct-style-sheets-polyfill](https://github.com/calebdwilliams/construct-style-sheets) from 3.0.5 to 3.1.0.
- [Release notes](https://github.com/calebdwilliams/construct-style-sheets/releases)
- [Changelog](https://github.com/calebdwilliams/construct-style-sheets/blob/main/CHANGELOG.md)
- [Commits](https://github.com/calebdwilliams/construct-style-sheets/commits)

---
updated-dependencies:
- dependency-name: construct-style-sheets-polyfill
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-31 12:09:13 +01:00
7ee7f6bd6a Translate /web/src/locales/en.po in pl (#2196)
translation completed for the source file '/web/src/locales/en.po'
on the 'pl' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-01-31 10:00:37 +01:00
f8b8334010 build(deps): bump @patternfly/patternfly from 4.164.2 to 4.171.1 in /web (#2192) 2022-01-31 09:05:17 +01:00
d4b65dc4b4 build(deps): bump @sentry/browser from 6.17.2 to 6.17.3 in /web (#2191) 2022-01-31 09:04:40 +01:00
e4bbd3b1c0 build(deps): bump eslint from 8.7.0 to 8.8.0 in /web (#2190) 2022-01-31 09:03:47 +01:00
87de5e625d build(deps): bump @sentry/tracing from 6.17.2 to 6.17.3 in /web (#2193) 2022-01-31 09:03:32 +01:00
efbe51673e build(deps): bump pycryptodome from 3.13.0 to 3.14.0 (#2194) 2022-01-31 09:03:10 +01:00
a95bea53ea build(deps): bump github.com/prometheus/client_golang (#2195) 2022-01-31 09:02:56 +01:00
6021fc0f52 providers/proxy: fix backend override persisting for other users
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-30 22:29:34 +01:00
1415b68ff4 web: add es locale
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-30 21:43:55 +01:00
be6853ac52 Translate /web/src/locales/en.po in es (#2188)
translation completed for the source file '/web/src/locales/en.po'
on the 'es' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-01-30 21:38:30 +01:00
7fd6be5abb providers/proxy: add backend_override
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-30 21:35:08 +01:00
91d6f572a5 scripts: cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-30 21:34:37 +01:00
016a9ce34e build(deps): bump boto3 from 1.20.45 to 1.20.46 (#2187) 2022-01-30 00:52:25 +01:00
8adb95af7f build(deps): bump uvicorn from 0.17.0.post1 to 0.17.1 (#2186) 2022-01-30 00:52:08 +01:00
1dc54775d8 build(deps): bump requests-oauthlib from 1.3.0 to 1.3.1 (#2185) 2022-01-30 00:51:59 +01:00
370ef716b5 build(deps-dev): bump black from 21.12b0 to 22.1.0 (#2184) 2022-01-30 00:51:49 +01:00
16e56ad9ca website/docs: add rough documentation style guide
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-29 23:52:03 +01:00
b5b5a9eed3 web/admin: only check first half of locale when detecting
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2178
2022-01-28 12:35:37 +01:00
8b22e7bcc3 core: compile backend translations (#2179) 2022-01-28 11:09:29 +01:00
d48b5b9511 Translate /locale/en/LC_MESSAGES/django.po in es (#2175)
translation completed for the source file '/locale/en/LC_MESSAGES/django.po'
on the 'es' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-01-28 09:55:56 +01:00
0eccaa3f1e build(deps): bump boto3 from 1.20.44 to 1.20.45 (#2176)
Bumps [boto3](https://github.com/boto/boto3) from 1.20.44 to 1.20.45.
- [Release notes](https://github.com/boto/boto3/releases)
- [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst)
- [Commits](https://github.com/boto/boto3/compare/1.20.44...1.20.45)

---
updated-dependencies:
- dependency-name: boto3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-28 09:55:16 +01:00
67d550a80d providers/proxy: don't include hostname and scheme in redirect when we only got a path and not a full URL
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-27 18:23:08 +01:00
ebb5711c32 providers/proxy: add support for X-Original-URI in nginx, better handle missing headers and report errors to authentik
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-27 18:14:02 +01:00
79ec872232 build(deps): bump @docusaurus/plugin-client-redirects in /website (#2173)
Bumps [@docusaurus/plugin-client-redirects](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-plugin-client-redirects) from 2.0.0-beta.14 to 2.0.0-beta.15.
- [Release notes](https://github.com/facebook/docusaurus/releases)
- [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/docusaurus/commits/v2.0.0-beta.15/packages/docusaurus-plugin-client-redirects)

---
updated-dependencies:
- dependency-name: "@docusaurus/plugin-client-redirects"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-27 10:14:14 +01:00
4284e14ff7 build(deps): bump @docusaurus/preset-classic in /website (#2172)
Bumps [@docusaurus/preset-classic](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-preset-classic) from 2.0.0-beta.14 to 2.0.0-beta.15.
- [Release notes](https://github.com/facebook/docusaurus/releases)
- [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/docusaurus/commits/v2.0.0-beta.15/packages/docusaurus-preset-classic)

---
updated-dependencies:
- dependency-name: "@docusaurus/preset-classic"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-27 10:12:06 +01:00
92a09779d0 build(deps): bump boto3 from 1.20.43 to 1.20.44 (#2174) 2022-01-27 09:28:02 +01:00
14c621631d web: Update Web API Client version (#2170)
Signed-off-by: GitHub <noreply@github.com>

Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
2022-01-26 23:30:56 +01:00
c55f503b9b release: 2022.1.3 2022-01-26 22:15:28 +01:00
a908cad976 website/docs: add release notes for 2022.1.3
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-26 21:41:15 +01:00
c2586557d8 root: fix redis passwords not being encoded correctly
closes #2130

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-26 20:45:45 +01:00
01c80a82e2 web/admin: fix SMS Stage form not working
closes #2127

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-26 20:39:38 +01:00
0d47654651 root: add max-requests for gunicorn and max tasks for celery
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-26 10:04:58 +01:00
1183095833 build(deps): bump @sentry/tracing from 6.17.1 to 6.17.2 in /web (#2162) 2022-01-26 09:35:10 +01:00
c281b11bdc build(deps): bump lit from 2.1.1 to 2.1.2 in /web (#2161) 2022-01-26 09:22:05 +01:00
61fe45a58c build(deps): bump @sentry/browser from 6.17.1 to 6.17.2 in /web (#2163) 2022-01-26 09:21:52 +01:00
d43aab479c build(deps): bump rollup from 2.66.0 to 2.66.1 in /web (#2164) 2022-01-26 09:21:43 +01:00
7f8383427a build(deps): bump sentry-sdk from 1.5.3 to 1.5.4 (#2165) 2022-01-26 09:21:24 +01:00
a06d6cf33d build(deps-dev): bump bandit from 1.7.1 to 1.7.2 (#2166) 2022-01-26 09:21:09 +01:00
5b7cb205c9 build(deps): bump boto3 from 1.20.42 to 1.20.43 (#2167) 2022-01-26 09:20:50 +01:00
293a932d20 build(deps-dev): bump coverage from 6.2 to 6.3 (#2168) 2022-01-26 09:20:34 +01:00
fff901ff03 rootL Fix goauthentik.io URL in Readme (#2158) 2022-01-25 20:36:44 +01:00
f47c936295 internal: add optional debug server listening on 9900
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-25 17:18:53 +01:00
88d5aec618 web/admin: fix links which look like labels
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-25 16:13:30 +01:00
96ae68cf09 internal: make error message less confusing
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-25 15:45:21 +01:00
63b3434b6f website/docs: improve nginx examples
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-25 14:25:21 +01:00
947ecec02b outposts/ldap: Fix more case sensitivity issues. (#2144) 2022-01-25 11:27:27 +01:00
1c2b452406 outposts/proxy: fix potential empty redirect, add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2141
2022-01-25 10:57:53 +01:00
47777529ac build(deps): bump @formatjs/intl-listformat from 6.5.0 to 6.5.1 in /web (#2154) 2022-01-25 09:50:29 +01:00
949095c376 build(deps): bump @lingui/macro from 3.13.1 to 3.13.2 in /web (#2152) 2022-01-25 09:49:59 +01:00
4b112c2799 build(deps): bump @sentry/browser from 6.16.1 to 6.17.1 in /web (#2146) 2022-01-25 09:49:48 +01:00
291a2516b1 build(deps): bump @typescript-eslint/eslint-plugin in /web (#2149) 2022-01-25 09:49:29 +01:00
4dcfd021e2 build(deps): bump @lingui/detect-locale from 3.13.1 to 3.13.2 in /web (#2147) 2022-01-25 09:49:13 +01:00
ca50848db3 build(deps): bump boto3 from 1.20.41 to 1.20.42 (#2156) 2022-01-25 09:49:01 +01:00
0bb3e3c558 build(deps): bump @lingui/cli from 3.13.1 to 3.13.2 in /web (#2148) 2022-01-25 09:48:50 +01:00
e4b25809ab build(deps): bump @typescript-eslint/parser in /web (#2150) 2022-01-25 09:48:03 +01:00
7bf932f8e2 build(deps): bump @sentry/tracing from 6.16.1 to 6.17.1 in /web (#2151) 2022-01-25 09:47:52 +01:00
99d04528b0 build(deps): bump country-flag-icons from 1.4.19 to 1.4.20 in /web (#2153) 2022-01-25 09:47:43 +01:00
e48d172036 build(deps): bump @lingui/core from 3.13.1 to 3.13.2 in /web (#2155) 2022-01-25 09:47:34 +01:00
c2388137a8 build(deps): bump uvicorn from 0.17.0 to 0.17.0.post1 (#2157) 2022-01-25 09:47:05 +01:00
650e2cbc38 internal: remove duplicate log messages
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-24 22:25:35 +01:00
b32800ea71 outposts/proxy: trace full headers to debug
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-24 22:08:31 +01:00
e1c0c0b20c internal: don't override server header
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-24 22:05:11 +01:00
fe39e39dcd lifecycle: make secret_key warning more prominent
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2131
2022-01-24 21:52:16 +01:00
883f213b03 lifecycle: wait for db in worker
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-24 21:51:57 +01:00
538996f617 web: Update Web API Client version (#2143)
Signed-off-by: GitHub <noreply@github.com>

Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
2022-01-24 21:46:39 +01:00
2f4c92deb9 Merge branch 'version-2022.1' 2022-01-24 21:42:12 +01:00
ef335ec083 outposts/proxy: add more test cases for domain-level auth
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-24 21:41:15 +01:00
07b09df3fe internal: add more outpost tests, add support for X-Original-URL
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-24 20:50:13 +01:00
e70e031a1f internal: start adding tests to outpost
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-24 20:12:25 +01:00
c7ba183dc0 providers/proxy: fix traefik label
closes #2128

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-24 17:45:09 +01:00
3ed23a37ea website/docs: add 2022.1.2 release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-24 11:34:13 +01:00
3d724db0e3 release: 2022.1.2 2022-01-24 11:28:00 +01:00
2997542114 lib: disable backup by default, add note to configuration 2022-01-24 10:00:15 +00:00
84b18fff96 ci: cache-v2
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-24 09:37:04 +01:00
1dce408c72 internal/proxyv2: only allow access to /akprox in nginx mode when forward url could be extracted
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-24 09:30:33 +01:00
e5ff47bf14 build(deps): bump @lingui/cli from 3.13.0 to 3.13.1 in /web (#2133) 2022-01-24 08:49:03 +01:00
b53bf331c3 build(deps): bump @lingui/macro from 3.13.0 to 3.13.1 in /web (#2135) 2022-01-24 08:48:51 +01:00
90e9a8b34c build(deps): bump rollup from 2.64.0 to 2.66.0 in /web (#2139) 2022-01-24 08:48:26 +01:00
845f842783 build(deps): bump @lingui/core from 3.13.0 to 3.13.1 in /web (#2136) 2022-01-24 08:48:17 +01:00
7397849c60 build(deps): bump rapidoc from 9.1.3 to 9.1.4 in /website (#2132) 2022-01-24 08:47:45 +01:00
6dd46b5fc5 build(deps): bump @babel/core from 7.16.10 to 7.16.12 in /web (#2134) 2022-01-24 08:47:35 +01:00
89ca79ed10 build(deps): bump @lingui/detect-locale from 3.13.0 to 3.13.1 in /web (#2137) 2022-01-24 08:47:15 +01:00
713bef895c build(deps): bump rapidoc from 9.1.3 to 9.1.4 in /web (#2138) 2022-01-24 08:46:37 +01:00
925115e9ce build(deps): bump github.com/go-openapi/runtime from 0.21.0 to 0.21.1 (#2140) 2022-01-24 08:46:17 +01:00
42f5cf8c93 outposts: allow custom label for docker containers
closes #2128

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-23 21:55:58 +01:00
82cc1d536a providers/proxy: add PathPrefix to auto-traefik labels
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2128
2022-01-23 21:55:46 +01:00
08af2fd46b website/docs: deprecate inbuilt backup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-23 21:51:22 +01:00
70e3b27a4d root: upgrade python dependencies
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-23 21:27:16 +01:00
6a411d7960 policies/hibp: ensure password is encodable
closes AUTHENTIK-1SA

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-23 21:23:24 +01:00
33567b56d7 lifecycle: replace lowercase, deprecated prometheus_multiproc_dir
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-23 21:21:06 +01:00
0c1954aeb7 web: Update Web API Client version (#2126)
Signed-off-by: GitHub <noreply@github.com>

Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
2022-01-22 19:06:20 +01:00
f4a6c70e98 release: 2022.1.1 2022-01-22 18:28:40 +01:00
5f198e7fe4 website/docs: update 2022.1
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-22 12:29:20 +01:00
d172d32817 ci: bump golangci
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-21 23:22:59 +01:00
af3fb5c2cd internal: use math.MaxInt for compatibility
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#1819
2022-01-21 23:11:17 +01:00
885efb526e web/admin: also set embedded outpost host when it doesn't include scheme
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-21 13:51:34 +01:00
3bfb8b2cb2 outposts/proxyv2: allow access to /akprox urls in forward auth mode to make routing in nginx/traefik easier
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-21 13:43:16 +01:00
9fc5ff4b77 outposts/proxyv2: fix JWKS url pointing to localhost on embedded outpost
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-21 13:29:51 +01:00
dd8b579dd6 lib: ignore paramiko logger
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-21 10:46:33 +01:00
e12cbd8711 website/docs: add 2022.1
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-21 09:47:49 +01:00
62d35f8f8c build(deps): bump codemirror from 5.65.0 to 5.65.1 in /web (#2122) 2022-01-21 09:06:27 +01:00
49be504c13 build(deps): bump @babel/preset-env from 7.16.10 to 7.16.11 in /web (#2123) 2022-01-21 09:06:04 +01:00
edad55e51d build(deps): bump typescript from 4.5.4 to 4.5.5 in /web (#2124) 2022-01-21 09:05:51 +01:00
38086fa8bb build(deps): bump boto3 from 1.20.39 to 1.20.40 (#2125) 2022-01-21 09:05:32 +01:00
c4f9a3e9a7 build(deps): bump @babel/preset-env from 7.16.8 to 7.16.10 in /web (#2114) 2022-01-20 08:45:49 +01:00
930df791bd build(deps): bump python (#2113) 2022-01-20 08:45:28 +01:00
9a6086634c build(deps): bump boto3 from 1.20.38 to 1.20.39 (#2117) 2022-01-20 08:45:03 +01:00
b68e65355a build(deps): bump @babel/core from 7.16.7 to 7.16.10 in /web (#2115) 2022-01-20 08:44:47 +01:00
72d33a91dd build(deps): bump @babel/plugin-transform-runtime in /web (#2116) 2022-01-20 08:44:28 +01:00
7067e3d69a build(deps): bump github.com/prometheus/client_golang (#2118) 2022-01-20 08:44:01 +01:00
4db370d24e website/docs: add flow inspector docs
closes #2105

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-19 19:31:21 +01:00
41e7b9b73f outposts/proxyv2: fix before-redirect url not being saved in proxy mode
closes #2109

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-19 19:16:30 +01:00
7f47f93e4e internal: cleanup log messages
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-19 19:01:24 +01:00
89abd44b76 lifecycle: add early check for missing/invalid secret key
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-19 09:53:53 +01:00
14c7d8c4f4 internal: route traffic to proxy providers based on cookie domain when multiple domain-level providers exist
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2079
2022-01-18 23:19:43 +01:00
525976a81b root: upgrade python dependencies
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-18 21:35:07 +01:00
64a2126ea4 website/docs: fix typo in port mapping in manifest (#2103)
Otherwise it causes:

```
error: error validating "outpost.yaml": error validating data: ValidationError(Service.spec.ports[1].port): invalid type for io.k8s.api.core.v1.ServicePort.port: got "string", expected "integer"; if you choose to ignore these errors, turn validation off with --validate=false
```
2022-01-18 19:57:55 +01:00
994c5882ab root: fix error if secret_key is purely numerical
closes #2099

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-18 09:17:33 +01:00
ad64d51e85 build(deps): bump @typescript-eslint/eslint-plugin in /web (#2100)
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.9.1 to 5.10.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.10.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-18 09:16:54 +01:00
a184a7518a build(deps): bump @typescript-eslint/parser from 5.9.1 to 5.10.0 in /web (#2101)
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.9.1 to 5.10.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.10.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-18 09:14:58 +01:00
943fd80920 web: ignore additional error
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-17 22:05:23 +01:00
01bb18b8c4 root: allow customisation of ports in compose without override
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-17 14:48:02 +01:00
94baaaa5a5 build(deps): bump eslint from 8.6.0 to 8.7.0 in /web (#2096) 2022-01-17 09:19:59 +01:00
40b164ce94 build(deps): bump rollup from 2.63.0 to 2.64.0 in /web (#2097) 2022-01-17 09:18:30 +01:00
1d7c7801e7 website/docs: prepare 2022.1 release
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-16 18:22:25 +01:00
0db0a12ef3 root: rename csrf header
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-16 16:17:44 +01:00
8008aba450 web: directly read csrf token before injecting into request
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-16 16:10:55 +01:00
eaeab27004 lib: add support for custom env
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-16 14:56:02 +01:00
111fbf119b *: refactor prometheus gauges to directly updating metrics view
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-16 13:57:07 +01:00
300ad88447 web: add polyfill for Intl.ListFormat
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-15 14:56:18 +01:00
92cc0c9c64 root: decrease to 10 backup history
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-14 19:59:50 +01:00
18ff803370 outposts: trigger service update on k8s when selector doesnt match
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-14 11:42:57 +01:00
819af78e2b internal: make internal go version match python version
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-14 10:45:37 +01:00
6338785ce1 outposts: change label app.kubernetes.io/name to include outpost type
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-14 10:34:54 +01:00
973e151dff outposts: add Additional version labels to managed k8s deployments
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-13 17:48:01 +01:00
fae6d83f27 *: simplify extracting current version info
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-13 17:47:31 +01:00
ed84fe0b8d root: set samesite for csrf cookie
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-12 23:14:14 +01:00
1ee603403e root: upgrade python dependencies
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-12 23:02:39 +01:00
7db7b7cc4d stages/authenticator_validate: fix lint
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-12 23:00:28 +01:00
68a98cd86c web: Update Web API Client version (#2091)
Signed-off-by: GitHub <noreply@github.com>

Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
2022-01-12 22:59:59 +01:00
e758db5727 stages/authenticator_webauthn: make more WebAuthn options configurable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-12 22:57:49 +01:00
4d7d700afa providers/oauth2: change default redirect uri behaviour; set first used url when blank and use star for wildcard
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-12 22:44:57 +01:00
f9a5add01d root: include build in analytics
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-12 22:18:52 +01:00
2986b56389 root: fix backups running every minute instead of once
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-12 22:09:44 +01:00
58f79b525d web/admin: fix invalid build due to wrong import
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-11 11:40:59 +01:00
0a1c0dae05 build(deps): bump @typescript-eslint/eslint-plugin in /web (#2085) 2022-01-11 08:59:13 +01:00
e18ef8dab6 build(deps): bump @babel/preset-env from 7.16.7 to 7.16.8 in /web (#2087) 2022-01-11 08:58:45 +01:00
3cacc59bec build(deps): bump @typescript-eslint/parser from 5.9.0 to 5.9.1 in /web (#2086) 2022-01-11 08:57:51 +01:00
4eea46d399 build(deps): bump @babel/plugin-transform-runtime in /web (#2088) 2022-01-11 08:57:28 +01:00
11e25617bd crypto: fully parse certificate on validation in serializer to prevent invalid certificates from being saved
closes #2082

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-10 20:36:50 +01:00
4817126811 website/integrations: fix synapse docs based on upstream docs
closes #2080

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-10 20:19:56 +01:00
0181361efa website/integrations: use Signing Key instead of RSA Key
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-10 20:18:05 +01:00
8ff8e1d5f7 web/admin: fix missing configure flow setting on webuahtn setup stage form
closes #2084

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-10 20:15:34 +01:00
19d5902a92 flows: handle error if flow title contains invalid format string
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-10 19:49:27 +01:00
71dffb21a9 outposts: improve error handling for outpost service connection state
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-10 19:44:13 +01:00
bd283c506d web/flows: remove node directly instead of using removeChild()
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-10 19:37:51 +01:00
ef564e5f1a web: fix double plural in label
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-10 18:58:56 +01:00
2543224c7c core: dont return 404 when trying to view key of expired token
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-10 17:53:09 +01:00
077eee9310 Revert "build(deps): bump goauthentik.io/api from 0.2021125.1 to 1.2021.9 (#2083)"
This reverts commit d894eeaa67.
2022-01-10 10:03:48 +01:00
d894eeaa67 build(deps): bump goauthentik.io/api from 0.2021125.1 to 1.2021.9 (#2083)
Bumps [goauthentik.io/api](https://github.com/goauthentik/client-go) from 0.2021125.1 to 1.2021.9.
- [Release notes](https://github.com/goauthentik/client-go/releases)
- [Commits](https://github.com/goauthentik/client-go/commits)

---
updated-dependencies:
- dependency-name: goauthentik.io/api
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-10 09:39:30 +01:00
452bfb39bf Revert "web/elements: re-enable codemirror line numbers (fixed on firefox)"
This reverts commit 4c166dcf52.

closes #2081

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-09 22:24:32 +01:00
6b6702521f api: don't return error reporting enabled when debug is enabled
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-07 21:53:22 +01:00
c07b8d95d0 outposts/proxy: remove deprecated headers
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-07 17:01:23 +01:00
bf347730b3 outposts/ldap: remove deprecated fields
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-07 09:52:19 +01:00
ececfc3a30 internal: fix comment formatting for TODOs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-07 09:51:41 +01:00
b76546de0c Translate /web/src/locales/en.po in tr (#2074) 2022-01-07 09:16:02 +01:00
424d490a60 build(deps): bump golang from 1.17.5-bullseye to 1.17.6-bullseye (#2075) 2022-01-07 09:14:44 +01:00
127dd85214 build(deps): bump lit from 2.1.0 to 2.1.1 in /web (#2076) 2022-01-07 09:14:23 +01:00
10570ac7f8 build(deps): bump goauthentik.io/api from 0.2021124.9 to 0.2021125.1 (#2077) 2022-01-07 09:14:07 +01:00
dc5667b0b8 web: Update Web API Client version (#2073)
Signed-off-by: GitHub <noreply@github.com>

Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
2022-01-06 22:23:23 +01:00
ec9cacb610 ci: post-release cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-06 22:22:50 +01:00
0027dbc0e5 root: remove old api path
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-06 22:21:21 +01:00
c15e4b24a1 release: 2021.12.5 2022-01-06 21:29:12 +01:00
b6f518ffe6 lifecycle: fix tests in container not working
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-06 21:29:08 +01:00
4e476fd4e9 website/docs: update 2021.12.5 release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-06 21:15:27 +01:00
03503363e5 core: fix UserSelfSerializer's save() overwriting other user attributes
closes #2070

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-06 18:23:06 +01:00
22d6621b02 root run backup every 24 hours
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-06 15:29:11 +01:00
0023df64c8 root: bump python packages
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-06 14:31:54 +01:00
59a259e43a build(deps): bump @rollup/plugin-node-resolve in /web (#2066) 2022-01-06 08:48:54 +01:00
c6f39f5eb4 build(deps): bump lit from 2.0.2 to 2.1.0 in /web (#2067) 2022-01-06 08:48:27 +01:00
e3c0aad48a build(deps): bump goauthentik.io/api from 0.2021124.8 to 0.2021124.9 (#2068) 2022-01-06 08:48:07 +01:00
91dd33cee6 policies/reputation: trigger save on update
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-05 22:06:20 +01:00
5a2c367e89 policies/reputation: fix test
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-05 21:44:15 +01:00
3b05c9cb1a web: Update Web API Client version (#2065)
Signed-off-by: GitHub <noreply@github.com>

Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
2022-01-05 21:18:19 +01:00
6e53f1689d policies/reputation: rework reputation to use a single entry, include geo_ip data
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-05 21:02:33 +01:00
e3be0f2550 Merge branch 'next' 2022-01-05 10:00:52 +01:00
294f2243c1 build(deps): bump rollup from 2.62.0 to 2.63.0 in /web (#2064) 2022-01-05 08:47:09 +01:00
7b1373e8d6 core: fix lint error
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-04 23:17:37 +01:00
e70b486f20 outposts: handle error in certificate cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-04 22:53:37 +01:00
b90174f153 root: use django-dbbackup 4
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-04 22:17:07 +01:00
7d7acd8494 root: add ak wrapper script to be installed with poetry
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-04 22:17:07 +01:00
4d9d7c5efb Translate /web/src/locales/en.po in tr (#2063)
translation completed for the source file '/web/src/locales/en.po'
on the 'tr' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-01-04 22:17:02 +01:00
d614b3608d root: use packaged version of django-dbbackup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-04 22:06:12 +01:00
beb2715fa7 root: bump python dependencies
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-04 22:05:12 +01:00
5769ff45b5 core: add goauthentik.io/user/can-change-name
closes #2054

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-04 19:03:12 +01:00
9d6f79558f tenants: forbid creation of multiple default tenants
closes #2059

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-04 19:01:20 +01:00
41d5bff9d3 web/admin: fix delete form for tenants missing columns
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-04 18:54:56 +01:00
ec84ba9b6d website/docs: prepare 2021.12.5
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-04 18:35:45 +01:00
042a62f99e build(deps): bump @typescript-eslint/parser from 5.8.1 to 5.9.0 in /web (#2055) 2022-01-04 05:44:30 +01:00
907f02cfee core: compile backend translations (#2057) 2022-01-04 05:43:59 +01:00
53fe412bf9 build(deps): bump @typescript-eslint/eslint-plugin in /web (#2056) 2022-01-04 05:43:27 +01:00
ef9e177fe9 build(deps): bump goauthentik.io/api from 0.2021124.6 to 0.2021124.8 (#2058) 2022-01-04 05:42:52 +01:00
28e675596b web/flows: only add helper username input if using native shadow dom to prevent browser confusion
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-03 22:30:56 +01:00
9b7f57cc75 web/flows: add workaround for autofocus not working in password stage
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-03 22:25:28 +01:00
935a8f4d58 core: add tests for non-applicable flows with flow manager
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-03 22:14:52 +01:00
01fcbb325b website/integrations: add github org checking policy example
closes #2047

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-03 22:06:24 +01:00
7d3d17acb9 core: add error handling in source flow manager when flow isn't applicable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-03 21:57:55 +01:00
e434321f7c website/integrations: remove github url as they are auto-managed
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-03 21:38:19 +01:00
ebd476be14 sources/oauth: fix sources not allowing blank values
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2047
2022-01-03 21:36:14 +01:00
31ba543c62 *: don't use exception keyword with structlog
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-03 21:33:52 +01:00
a101d48b5a core: passthrough connection and additional data to FlowManager
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2047
2022-01-03 21:31:26 +01:00
4c166dcf52 web/elements: re-enable codemirror line numbers (fixed on firefox)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-03 21:30:28 +01:00
47b1f025e1 web/admin: move additional scopes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-03 21:30:15 +01:00
8f44c792ac sources/oauth: fix github provider not including correct base scopes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2047
2022-01-03 21:04:18 +01:00
e57b6f2347 web/admin: mark additional scopes as non-required
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2047
2022-01-03 20:59:20 +01:00
275d0dfd03 web: Update Web API Client version (#2053)
Signed-off-by: GitHub <noreply@github.com>

Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
2022-01-03 16:46:09 +01:00
f18cbace7a Translate /locale/en/LC_MESSAGES/django.po in de (#2052)
translation completed for the source file '/locale/en/LC_MESSAGES/django.po'
on the 'de' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-01-03 16:45:57 +01:00
212220554f sources/oauth: add additional scopes field to get additional data from provider
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2047
2022-01-03 16:43:52 +01:00
a596392bc3 web: Update Web API Client version (#2051)
Signed-off-by: GitHub <noreply@github.com>

Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
2022-01-03 13:35:51 +01:00
3e22740eac core: add API endpoint to directly set user's password
closes #2040

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-03 13:31:58 +01:00
d18a691f63 core: prevent LDAP password being set for internal hash upgrades
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-03 13:23:42 +01:00
3cd5e68bc1 web/admin: add missing Okta label
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-03 12:36:21 +01:00
c741c13132 internal: fix listen attempt on shutdown
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-03 12:36:11 +01:00
924f6f104a build(deps): bump eslint from 8.5.0 to 8.6.0 in /web (#2048) 2022-01-03 10:34:36 +01:00
454594025b build(deps): bump goauthentik.io/api from 0.2021124.5 to 0.2021124.6 (#2049) 2022-01-03 10:34:19 +01:00
e72097292c web/flows: fix helper form not being removed from identification stage (improve password manager compatibility)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-02 20:03:34 +01:00
ab17a12184 web/user: fix auto-detected locale not being re-activated when switching to auto-detect
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-02 20:01:51 +01:00
776f3f69a5 core: compile backend translations (#2046) 2022-01-02 10:37:18 +01:00
8560c7150a Translate /locale/en/LC_MESSAGES/django.po in tr (#2044) 2022-01-02 00:15:18 +01:00
301386fb4a Translate /web/src/locales/en.po in tr (#2045) 2022-01-02 00:12:51 +01:00
68e8b6990b web: Update Web API Client version (#2043)
Signed-off-by: GitHub <noreply@github.com>

Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
2022-01-01 20:28:23 +01:00
4f800c4758 web/flows: include user in access denied stage
closes #2039

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-01 20:25:49 +01:00
90c31c2214 flows: add test helpers to simplify and improve checking of stages, remove force_str
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-01 20:25:32 +01:00
50e3d317b2 flows: use WithUserInfoChallenge for AccessDeniedChallenge
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2039
2022-01-01 19:45:34 +01:00
3eed7bb010 lib: dont send any sentry events when testing
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-01 18:56:14 +01:00
0ef8edc9f1 web/user: add language selection
closes #2041

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-01 18:25:03 +01:00
a6373ebb33 web: fix tr locale not being loaded
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-31 16:19:17 +01:00
bf8ce55eea web/admin: fix display when groups/users don't fit on a single row
closes #2030

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-31 12:03:21 +01:00
61b4fcb5f3 build(deps): bump @rollup/plugin-node-resolve in /web (#2032) 2021-12-31 08:54:30 +01:00
81275e3bd1 build(deps): bump @babel/preset-env from 7.16.5 to 7.16.7 in /web (#2033) 2021-12-31 08:54:13 +01:00
7988bf7748 build(deps): bump @babel/plugin-proposal-decorators in /web (#2034) 2021-12-31 08:54:03 +01:00
00d8eec360 build(deps): bump @babel/core from 7.16.5 to 7.16.7 in /web (#2035) 2021-12-31 08:53:08 +01:00
82150c8e84 build(deps): bump @babel/preset-typescript from 7.16.5 to 7.16.7 in /web (#2036) 2021-12-31 08:52:58 +01:00
1dbd749a74 build(deps): bump @babel/plugin-transform-runtime in /web (#2037) 2021-12-31 08:52:44 +01:00
a96479f16c build(deps): bump goauthentik.io/api from 0.2021124.3 to 0.2021124.5 (#2038) 2021-12-31 08:52:27 +01:00
5d5fb1f37e web/elements: fix alignment of chipgroup on modal add
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-30 22:37:53 +01:00
b6f4d6a5eb web/elements: fix spacing between chips in chip-group
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2030
2021-12-30 22:34:55 +01:00
8ab5c04c2c web/admin: show flow title in list
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-30 22:10:31 +01:00
386944117e web: Update Web API Client version (#2031)
Signed-off-by: GitHub <noreply@github.com>

Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
2021-12-30 22:02:52 +01:00
9154b9b85d web/user: rework user source connection UI
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-30 21:59:41 +01:00
fc19372709 flows: fix migration removing flow titles
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-30 21:00:00 +01:00
e5d9c6537c web: add tr to locales
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-30 16:56:28 +01:00
bf5cbac314 web/admin: fix alignment in outpost list when expanding rows
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-30 16:35:32 +01:00
5cca637a3d root: add opencontainer labels to dockerfiles
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-30 16:33:13 +01:00
5bfb8b454b web: fix broken links
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-30 16:27:16 +01:00
4d96437972 web: Update Web API Client version (#2028)
Signed-off-by: GitHub <noreply@github.com>

Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
2021-12-30 15:19:13 +01:00
d03b0b8152 outposts: include outposts build hash in state
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-30 15:16:34 +01:00
c249b55ff5 *: use py3.10 syntax for unions, remove old Type[] import when possible
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-30 14:59:01 +01:00
1e1876b34c root: bump python dependencies
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-29 13:03:29 +01:00
a27493ad1b build(deps): bump @rollup/plugin-replace from 3.0.0 to 3.0.1 in /web (#2027)
Bumps [@rollup/plugin-replace](https://github.com/rollup/plugins/tree/HEAD/packages/replace) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/rollup/plugins/releases)
- [Changelog](https://github.com/rollup/plugins/blob/master/packages/replace/CHANGELOG.md)
- [Commits](https://github.com/rollup/plugins/commits/alias-v3.0.1/packages/replace)

---
updated-dependencies:
- dependency-name: "@rollup/plugin-replace"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-12-29 12:27:35 +01:00
95b1ab820e build(deps): bump @typescript-eslint/eslint-plugin in /web (#2026) 2021-12-28 09:21:09 +01:00
5cf9f0002b build(deps): bump @typescript-eslint/parser from 5.8.0 to 5.8.1 in /web (#2025) 2021-12-28 09:15:39 +01:00
fc7a452b0c flows: update default flow titles
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-27 22:04:35 +01:00
25ee0e4b45 root: bump dependencies
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-27 20:45:15 +01:00
46f12e62e8 flows: don't create EventAction.FLOW_EXECUTION
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-27 15:07:33 +01:00
4245dea25a build(deps): bump rollup from 2.61.1 to 2.62.0 in /web (#2020) 2021-12-27 08:46:37 +01:00
908db3df81 build(deps): bump goauthentik.io/api from 0.2021124.2 to 0.2021124.3 (#2021) 2021-12-27 08:46:24 +01:00
ef4f9aa437 Translate /web/src/locales/en.po in tr (#2019)
translation completed updated for the source file '/web/src/locales/en.po'
on the 'tr' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2021-12-26 18:44:41 +01:00
902dd83c67 Translate /web/src/locales/en.po in tr (#2016)
translation completed updated for the source file '/web/src/locales/en.po'
on the 'tr' language.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2021-12-26 18:39:20 +01:00
1c4b78b5f4 Translate /web/src/locales/en.po in tr (#2005) 2021-12-26 18:37:10 +01:00
d854d819d1 web/flows: fix duplicate loading spinners when using webauthn
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-26 15:14:56 +01:00
f246da6b73 outposts/proxy: fix error checking for type assertion
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-26 14:57:32 +01:00
4a56b5e827 web: fix background for modals on light theme
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-26 14:53:23 +01:00
53b10e64f8 outposts: fix error when client hasn't be initialised
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-26 14:26:48 +01:00
27e4c7027c web: fix potential panic
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-26 14:24:44 +01:00
410d1b97cd outposts/proxy: add support for multiple states, when multiple requests are redirect at once
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-26 14:16:02 +01:00
f93f7e635b web: fix styling for modals, ensure correct classes are used
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-25 20:30:35 +01:00
74eba04735 web: remove page header colour, match user navbar to admin sidebar
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-25 19:46:53 +01:00
01bdaffe36 root: remove kubernetes version constraint
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-25 19:23:31 +01:00
f6b556713a root: fix missing ssh directory from container
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-25 19:18:47 +01:00
abe38bb16a outposts: fix __exit__ being called without params
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-25 17:52:20 +01:00
f2b8d45999 web/admin: include key type in list
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-25 16:54:28 +01:00
3f61dff1cb web: Update Web API Client version (#1996)
Signed-off-by: GitHub <noreply@github.com>

Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
2021-12-25 16:53:57 +01:00
b19da6d774 crypto: return private key's type (required for some oauth2 providers)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-25 16:51:28 +01:00
7c55616e29 outposts: fix creation of from_env docker client
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-25 16:48:23 +01:00
952a7f07c1 website/docs: fix typo
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-25 16:38:56 +01:00
6510b97c1e outposts: add remote docker integration via SSH
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-25 16:31:34 +01:00
19b707a0fb ci: fix translation command
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-25 13:42:08 +01:00
320a600349 root: migrate pipenv to poetry (#1995) 2021-12-24 23:25:38 +01:00
10110deae5 web/admin: add Admin in titlebar for admin interface
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-24 20:04:21 +01:00
884c546f32 outposts: clean up flow executor
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-24 19:52:19 +01:00
abec906677 root: bump python packages
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-24 15:13:36 +01:00
22d1dd801c root: also use analytics uuid for sentry
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-24 15:13:27 +01:00
03891cbe09 build(deps): bump chart.js from 3.6.2 to 3.7.0 in /web (#1993) 2021-12-24 09:50:16 +01:00
3c5157dfd4 build(deps): bump fuse.js from 6.5.0 to 6.5.3 in /web (#1992) 2021-12-24 09:49:31 +01:00
d241e8d51d build(deps): bump @types/chart.js from 2.9.34 to 2.9.35 in /web (#1991) 2021-12-24 09:49:14 +01:00
7ba15884ed build(deps): bump goauthentik.io/api from 0.2021123.3 to 0.2021124.2 (#1994) 2021-12-24 09:48:47 +01:00
47356915b1 outposts: fix outpost's sentry not sending release
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-23 19:01:32 +01:00
2520c92b78 website/docs: add additional docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-23 18:51:18 +01:00
e7e0e6d213 lib: strip values for timedelta from string
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-23 18:49:35 +01:00
ca0250e19f core: add meta theme-color
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-23 18:49:24 +01:00
cf4c7c1bcb web: fix missing closing tag
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-23 18:35:33 +01:00
670af8789a web: Update Web API Client version (#1990)
Signed-off-by: GitHub <noreply@github.com>

Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
2021-12-23 18:29:32 +01:00
5c5634830f stages/identification: add field for passwordless flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-23 18:27:00 +01:00
b6b0edb7ad website/docs: use compose override for certbot instead separate stack
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-23 18:03:35 +01:00
45440abc80 web: Update Web API Client version (#1989)
Signed-off-by: GitHub <noreply@github.com>

Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
2021-12-23 11:05:34 +01:00
9c42b75567 release: 2021.12.4 2021-12-23 10:32:48 +01:00
e9a477c1eb root: cleanup bumpversion config
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-23 10:32:46 +01:00
fa60655a5d build(deps): bump github.com/getsentry/sentry-go from 0.11.0 to 0.12.0 (#1987) 2021-12-23 09:54:46 +01:00
5d729b4878 build(deps): bump fuse.js from 6.4.6 to 6.5.0 in /web (#1986) 2021-12-23 09:48:27 +01:00
8692f7233f build(deps): bump goauthentik.io/api from 0.2021123.2 to 0.2021123.3 (#1988) 2021-12-23 09:47:56 +01:00
457e17fec3 website/docs: add small let's encrypt docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-23 00:59:06 +01:00
87e99625e6 internal: update tenant certificates on outpost refresh
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-23 00:38:49 +01:00
6f32eeea43 website/docs: prepare 2021.12.4
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 23:37:04 +01:00
dfcf8b2d40 root: update python dependencies
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 23:36:56 +01:00
846006f2e3 events: create test notification with event with data
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 23:32:29 +01:00
f557b2129f *: fix random typos
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 23:13:18 +01:00
6dc2003e34 providers/oauth2: fix tests validating JWT incorrectly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 23:00:57 +01:00
0149c89003 providers/oauth2: fix invalid assignments in JWKS view
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 22:41:28 +01:00
f458cae954 providers/proxy: add error handing when field is already gone
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 22:31:53 +01:00
f01d117ce6 providers/proxy: fix imports in migrations
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 22:25:02 +01:00
2bde43e5dc crypto: use older syntax for type union
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 22:22:45 +01:00
84cc0b5490 web: Update Web API Client version (#1984)
Signed-off-by: GitHub <noreply@github.com>

Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 22:16:44 +01:00
2f3026084e providers/oauth2: remove jwt_alg field and set algorithm based on selected keypair, select HS256 when no keypair is selected
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 22:09:49 +01:00
89696edbee website/integrations: cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 21:46:46 +01:00
c1f0833c09 crypto: improve support for non-rsa private keys (discovery)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 21:46:22 +01:00
c77f804b77 web/user: fix user details not rendering when loading to a different user settings tab and then switching
closes #1664

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 20:13:52 +01:00
8e83209631 stages/authenticator_validate: fix lint error
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 18:14:35 +01:00
2e48e0cc2f stages/authenticator_validate: fix prompt not triggering when using in non-authentication context
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 18:03:02 +01:00
e72f0ab160 stages/authenticator_validation: refuse passwordless flow if flow is not for authentication
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 18:02:43 +01:00
a3c681cc44 website/docs: cleanup old image names
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 17:38:09 +01:00
5b3a9e29fb stages/authenticator_validate: add passwordless login
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 17:34:46 +01:00
15803dc67d website/docs: revert traefik to not use header regex
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 15:30:01 +01:00
ff37e064c9 build(deps): bump goauthentik.io/api from 0.2021123.1 to 0.2021123.2 (#1983)
Bumps [goauthentik.io/api](https://github.com/goauthentik/client-go) from 0.2021123.1 to 0.2021123.2.
- [Release notes](https://github.com/goauthentik/client-go/releases)
- [Commits](https://github.com/goauthentik/client-go/compare/v0.2021123.1...v0.2021123.2)

---
updated-dependencies:
- dependency-name: goauthentik.io/api
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-12-22 11:58:06 +01:00
ef8e922e2a web: Update Web API Client version (#1982)
Signed-off-by: GitHub <noreply@github.com>

Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
2021-12-22 11:51:15 +01:00
34b11524f1 tenants: add web certificate field, make authentik's core certificate configurable based on keypair
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 11:43:45 +01:00
9e2492be5c web/elements: fix link from notification drawer not working in user interface
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 10:49:10 +01:00
b3ba083ff0 internal: cleanup logging, remove duplicate code
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 10:33:21 +01:00
22a8603892 internal: add custom proxy certificates support to embedded outpost
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 10:16:01 +01:00
d83d058a4b build(deps): bump @docusaurus/plugin-client-redirects in /website (#1980) 2021-12-22 09:47:58 +01:00
ec3fd4a3ab build(deps): bump @docusaurus/preset-classic in /website (#1979) 2021-12-22 09:41:01 +01:00
0764668b14 build(deps): bump goauthentik.io/api from 0.2021122.2 to 0.2021123.1 (#1981) 2021-12-22 09:40:00 +01:00
16b6c17305 Revert "policies: don't always clear application cache on post_save"
This reverts commit 5ef385f0bb.

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	authentik/policies/signals.py
2021-12-22 00:23:19 +01:00
e60509697a web/admin: fix explore integration not opening in new tab
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 00:03:28 +01:00
85364af9e9 web: Update Web API Client version (#1978)
Signed-off-by: GitHub <noreply@github.com>

Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
2021-12-21 21:28:01 +01:00
cf4b4030aa release: 2021.12.3 2021-12-21 20:52:08 +01:00
74dc025869 ci: sentry release even when tests fail
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-21 20:52:03 +01:00
cabdc53553 root: fix compose docker image
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-21 20:51:39 +01:00
29e9f399bd website/docs: prepare 2021.12.3 release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-21 19:50:24 +01:00
dad43017a0 web/admin: use SentryIgnoredError for user errors
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-21 19:44:44 +01:00
7fb939f97b core: fix error when getting launch URL for application with non-existent Provider
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-21 19:40:29 +01:00
Sem
88859b1c26 website/integrations: Updated Gitea Integration (#1972)
* Updated Gitea Integration

Described a fix to a situation where Gitea might require an additional OIDC mapping in order to make the authentication flow function properly.

* Update index.md

Updated as discussed in PR

* Update index.md

Implementing requested changes
2021-12-21 19:39:27 +01:00
c78236a2a2 root: don't set secure cross opener policy
closes #1977

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-21 19:16:22 +01:00
ba55538a34 outposts/proxy: cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-21 19:16:06 +01:00
f742c73e24 outposts/proxy: fix allowlist for forward_auth
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#1970
2021-12-21 15:49:25 +01:00
ca314c262c *: revert to using GHCR directly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-21 13:54:49 +01:00
b932b6c963 website/docs: update log levels
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-21 13:15:17 +01:00
3c048a1921 outposts/proxy: fix session not expiring correctly due to miscalculation
closes #1976

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-21 13:10:57 +01:00
8a60a7e26f providers/proxy: revert to static list of forwarded headers
wildcard is not usable for this since the regular expression doesn't support negative lookahead, meaning we would always forward all headers, including Connection and others

closes #1969

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-21 12:04:54 +01:00
f10b57ba0b outposts/proxy: handle redirect loop in start handler, show error message
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-21 10:07:08 +01:00
e53114a645 build(deps): bump @typescript-eslint/eslint-plugin in /web (#1974)
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.7.0 to 5.8.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.8.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-12-21 09:27:57 +01:00
2e50532518 build(deps): bump codemirror from 5.64.0 to 5.65.0 in /web (#1973) 2021-12-21 09:14:27 +01:00
1936ddfecb build(deps): bump @typescript-eslint/parser from 5.7.0 to 5.8.0 in /web (#1975) 2021-12-21 09:13:50 +01:00
4afef46cb8 ci: improve restore after switching to stable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 22:47:06 +01:00
92b4244e81 providers/proxy: update traefik regex
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#1969
2021-12-20 22:43:58 +01:00
dfbf7027bc providers/proxy: add traefik.ingress.kubernetes.io/router.tls annotation for ingress
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 22:24:42 +01:00
eca2ef20d0 outposts/proxy: add initial redirect-loop prevention
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 22:21:53 +01:00
cac5c7b3ea outposts/proxy: make templates more re-usable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 22:20:23 +01:00
37ee555c8e outposts/proxy: fix ping URI not being routed
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 22:12:02 +01:00
f910da0f8a outposts: fix initial refresh not calling Server.Refresh()
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 21:47:32 +01:00
fc9d270992 outposts/ldap: fix log formatter and level not being set correctly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 21:46:01 +01:00
dcbc3d788a web/admin: fix border for outpost health status
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 21:40:26 +01:00
4658018a90 Revert "outposts: rename outpost"
This reverts commit a5c30fd9c7.
2021-12-20 21:37:31 +01:00
577b7ee515 providers/proxy: include auth headers
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 21:37:22 +01:00
621773c1ea internal: rework global logging settings, embedded outpost no longer overwrites core, clean up double init
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 21:23:19 +01:00
3da526f20e root: allow trace log level to work for core/embedded
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 21:11:47 +01:00
052e465041 outpost: re-run globalSetup when updating config
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 21:08:03 +01:00
c843f18743 lib: add additional celery logger to sentry ignore
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 21:04:45 +01:00
80d0b14bb8 outposts: fix error when getting state for non-existent outpost
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 19:44:47 +01:00
68637cf7cf outposts: handle/ignore http Abort handler
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 19:42:45 +01:00
82acba26af internal: fix sentry sample rate not applying to proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 19:42:26 +01:00
ff8a812823 web/admin: don't auto-select certificate for LDAP source verification
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 19:31:57 +01:00
7f5fed2aea web/admin: add outpost type to list
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 19:30:52 +01:00
a5c30fd9c7 outposts: rename outpost
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 19:28:05 +01:00
ef23a0da52 outposts/proxy: fix traefik header regex to only match Remote- and X- headers to prevent websocket errors
closes #1969

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 13:30:19 +01:00
ba527e7141 root: drop redis cache sentry errors
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 13:12:14 +01:00
8edc254ab5 root: upgrade python dependencies
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 10:45:38 +01:00
42627d21b0 build(deps): bump eslint from 8.4.1 to 8.5.0 in /web (#1966) 2021-12-20 08:48:45 +01:00
2479b157d0 build(deps): bump goauthentik.io/api from 0.2021121.1 to 0.2021122.2 (#1967) 2021-12-20 08:48:22 +01:00
602573f83f ci: fix label
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-19 13:44:34 +01:00
20c33fa011 web: Update Web API Client version (#1962) 2021-12-19 13:31:25 +01:00
8599d9efe0 web/admin: auto set the embedded outpost's authentik_host on first view
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-19 13:27:04 +01:00
8e6fcfe350 root: fix inconsistent URL quoting of redis URLs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-18 22:24:41 +01:00
558aa45201 web: Update Web API Client version (#1959)
Signed-off-by: GitHub <noreply@github.com>

Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
2021-12-18 21:37:25 +01:00
806 changed files with 103947 additions and 18717 deletions

View File

@ -1,5 +1,5 @@
[bumpversion] [bumpversion]
current_version = 2021.12.2 current_version = 2022.5.3
tag = True tag = True
commit = True commit = True
parse = (?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)\-?(?P<release>.*) parse = (?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)\-?(?P<release>.*)
@ -17,7 +17,7 @@ values =
beta beta
stable stable
[bumpversion:file:website/docs/installation/docker-compose.md] [bumpversion:file:pyproject.toml]
[bumpversion:file:docker-compose.yml] [bumpversion:file:docker-compose.yml]
@ -30,7 +30,3 @@ values =
[bumpversion:file:internal/constants/constants.go] [bumpversion:file:internal/constants/constants.go]
[bumpversion:file:web/src/constants.ts] [bumpversion:file:web/src/constants.ts]
[bumpversion:file:website/docs/outposts/manual-deploy-docker-compose.md]
[bumpversion:file:website/docs/outposts/manual-deploy-kubernetes.md]

49
.github/actions/docker-setup/action.yml vendored Normal file
View File

@ -0,0 +1,49 @@
name: 'Prepare docker environment variables'
description: 'Prepare docker environment variables'
outputs:
shouldBuild:
description: "Whether to build image or not"
value: ${{ steps.ev.outputs.shouldBuild }}
branchName:
description: "Branch name"
value: ${{ steps.ev.outputs.branchName }}
branchNameContainer:
description: "Branch name (for containers)"
value: ${{ steps.ev.outputs.branchNameContainer }}
timestamp:
description: "Timestamp"
value: ${{ steps.ev.outputs.timestamp }}
sha:
description: "sha"
value: ${{ steps.ev.outputs.sha }}
runs:
using: "composite"
steps:
- name: Generate config
id: ev
shell: python
run: |
"""Helper script to get the actual branch name, docker safe"""
import os
from time import time
env_pr_branch = "GITHUB_HEAD_REF"
default_branch = "GITHUB_REF"
sha = "GITHUB_SHA"
branch_name = os.environ[default_branch]
if os.environ.get(env_pr_branch, "") != "":
branch_name = os.environ[env_pr_branch]
should_build = str(os.environ.get("DOCKER_USERNAME", "") != "").lower()
print("##[set-output name=branchName]%s" % branch_name)
print(
"##[set-output name=branchNameContainer]%s"
% branch_name.replace("refs/heads/", "").replace("/", "-")
)
print("##[set-output name=timestamp]%s" % int(time()))
print("##[set-output name=sha]%s" % os.environ[sha])
print("##[set-output name=shouldBuild]%s" % should_build)

45
.github/actions/setup/action.yml vendored Normal file
View File

@ -0,0 +1,45 @@
name: 'Setup authentik testing environemnt'
description: 'Setup authentik testing environemnt'
runs:
using: "composite"
steps:
- name: Install poetry
shell: bash
run: |
pipx install poetry || true
sudo apt update
sudo apt install -y libxmlsec1-dev pkg-config gettext
- name: Setup python and restore poetry
uses: actions/setup-python@v3
with:
python-version: '3.10'
cache: 'poetry'
- name: Setup node
uses: actions/setup-node@v3.1.0
with:
node-version: '16'
cache: 'npm'
cache-dependency-path: web/package-lock.json
- name: Setup dependencies
shell: bash
run: |
docker-compose -f .github/actions/setup/docker-compose.yml up -d
poetry env use python3.10
poetry install
npm install -g pyright@1.1.136
- name: Generate config
shell: poetry run python {0}
run: |
from authentik.lib.generators import generate_id
from yaml import safe_dump
with open("local.env.yml", "w") as _config:
safe_dump(
{
"log_level": "debug",
"secret_key": generate_id(),
},
_config,
default_flow_style=False,
)

3
.github/stale.yml vendored
View File

@ -7,7 +7,10 @@ exemptLabels:
- pinned - pinned
- security - security
- pr_wanted - pr_wanted
- enhancement
- bug/confirmed
- enhancement/confirmed - enhancement/confirmed
- question
# Comment to post when marking an issue as stale. Set to `false` to disable # Comment to post when marking an issue as stale. Set to `false` to disable
markComment: > markComment: >
This issue has been automatically marked as stale because it has not had This issue has been automatically marked as stale because it has not had

View File

@ -31,60 +31,27 @@ jobs:
- pending-migrations - pending-migrations
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v3
- uses: actions/setup-python@v2 - name: Setup authentik env
with: uses: ./.github/actions/setup
python-version: '3.9' - name: run job
- uses: actions/setup-node@v2 run: poetry run make ci-${{ matrix.job }}
with:
node-version: '16'
- id: cache-pipenv
uses: actions/cache@v2.1.7
with:
path: ~/.local/share/virtualenvs
key: ${{ runner.os }}-pipenv-v2-${{ hashFiles('**/Pipfile.lock') }}
- name: prepare
env:
INSTALL: ${{ steps.cache-pipenv.outputs.cache-hit }}
run: scripts/ci_prepare.sh
- name: run pylint
run: pipenv run make ci-${{ matrix.job }}
test-migrations: test-migrations:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v3
- uses: actions/setup-python@v2 - name: Setup authentik env
with: uses: ./.github/actions/setup
python-version: '3.9'
- id: cache-pipenv
uses: actions/cache@v2.1.7
with:
path: ~/.local/share/virtualenvs
key: ${{ runner.os }}-pipenv-v2-${{ hashFiles('**/Pipfile.lock') }}
- name: prepare
env:
INSTALL: ${{ steps.cache-pipenv.outputs.cache-hit }}
run: scripts/ci_prepare.sh
- name: run migrations - name: run migrations
run: pipenv run python -m lifecycle.migrate run: poetry run python -m lifecycle.migrate
test-migrations-from-stable: test-migrations-from-stable:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v3
with: with:
fetch-depth: 0 fetch-depth: 0
- uses: actions/setup-python@v2 - name: Setup authentik env
with: uses: ./.github/actions/setup
python-version: '3.9'
- name: prepare variables
id: ev
run: |
python ./scripts/gh_env.py
- id: cache-pipenv
uses: actions/cache@v2.1.7
with:
path: ~/.local/share/virtualenvs
key: ${{ runner.os }}-pipenv-v2-${{ hashFiles('**/Pipfile.lock') }}
- name: checkout stable - name: checkout stable
run: | run: |
# Copy current, latest config to local # Copy current, latest config to local
@ -94,73 +61,47 @@ jobs:
git checkout $(git describe --abbrev=0 --match 'version/*') git checkout $(git describe --abbrev=0 --match 'version/*')
rm -rf .github/ scripts/ rm -rf .github/ scripts/
mv ../.github ../scripts . mv ../.github ../scripts .
- name: prepare - name: Setup authentik env (ensure stable deps are installed)
env: uses: ./.github/actions/setup
INSTALL: ${{ steps.cache-pipenv.outputs.cache-hit }}
run: |
scripts/ci_prepare.sh
# Sync anyways since stable will have different dependencies
pipenv sync --dev
- name: run migrations to stable - name: run migrations to stable
run: pipenv run python -m lifecycle.migrate run: poetry run python -m lifecycle.migrate
- name: checkout current code - name: checkout current code
run: | run: |
set -x set -x
git fetch git fetch
git reset --hard HEAD git reset --hard HEAD
git checkout $GITHUB_HEAD_REF git clean -d -fx .
pipenv sync --dev git checkout $GITHUB_SHA
- name: prepare poetry install
env: - name: Setup authentik env (ensure latest deps are installed)
INSTALL: ${{ steps.cache-pipenv.outputs.cache-hit }} uses: ./.github/actions/setup
run: scripts/ci_prepare.sh
- name: migrate to latest - name: migrate to latest
run: pipenv run python -m lifecycle.migrate run: poetry run python -m lifecycle.migrate
test-unittest: test-unittest:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v3
- uses: actions/setup-python@v2 - name: Setup authentik env
with: uses: ./.github/actions/setup
python-version: '3.9'
- id: cache-pipenv
uses: actions/cache@v2.1.7
with:
path: ~/.local/share/virtualenvs
key: ${{ runner.os }}-pipenv-v2-${{ hashFiles('**/Pipfile.lock') }}
- name: prepare
env:
INSTALL: ${{ steps.cache-pipenv.outputs.cache-hit }}
run: scripts/ci_prepare.sh
- uses: testspace-com/setup-testspace@v1 - uses: testspace-com/setup-testspace@v1
with: with:
domain: ${{github.repository_owner}} domain: ${{github.repository_owner}}
- name: run unittest - name: run unittest
run: | run: |
pipenv run make test poetry run make test
pipenv run coverage xml poetry run coverage xml
- name: run testspace - name: run testspace
if: ${{ always() }} if: ${{ always() }}
run: | run: |
testspace [unittest]unittest.xml --link=codecov testspace [unittest]unittest.xml --link=codecov
- if: ${{ always() }} - if: ${{ always() }}
uses: codecov/codecov-action@v2 uses: codecov/codecov-action@v3
test-integration: test-integration:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v3
- uses: actions/setup-python@v2 - name: Setup authentik env
with: uses: ./.github/actions/setup
python-version: '3.9'
- id: cache-pipenv
uses: actions/cache@v2.1.7
with:
path: ~/.local/share/virtualenvs
key: ${{ runner.os }}-pipenv-v2-${{ hashFiles('**/Pipfile.lock') }}
- name: prepare
env:
INSTALL: ${{ steps.cache-pipenv.outputs.cache-hit }}
run: scripts/ci_prepare.sh
- uses: testspace-com/setup-testspace@v1 - uses: testspace-com/setup-testspace@v1
with: with:
domain: ${{github.repository_owner}} domain: ${{github.repository_owner}}
@ -168,108 +109,80 @@ jobs:
uses: helm/kind-action@v1.2.0 uses: helm/kind-action@v1.2.0
- name: run integration - name: run integration
run: | run: |
pipenv run make test-integration poetry run make test-integration
pipenv run coverage xml poetry run coverage xml
- name: run testspace - name: run testspace
if: ${{ always() }} if: ${{ always() }}
run: | run: |
testspace [integration]unittest.xml --link=codecov testspace [integration]unittest.xml --link=codecov
- if: ${{ always() }} - if: ${{ always() }}
uses: codecov/codecov-action@v2 uses: codecov/codecov-action@v3
test-e2e-provider: test-e2e-provider:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v3
- uses: actions/setup-python@v2 - name: Setup authentik env
with: uses: ./.github/actions/setup
python-version: '3.9'
- uses: actions/setup-node@v2
with:
node-version: '16'
cache: 'npm'
cache-dependency-path: web/package-lock.json
- uses: testspace-com/setup-testspace@v1 - uses: testspace-com/setup-testspace@v1
with: with:
domain: ${{github.repository_owner}} domain: ${{github.repository_owner}}
- id: cache-pipenv - name: Setup authentik env
uses: actions/cache@v2.1.7
with:
path: ~/.local/share/virtualenvs
key: ${{ runner.os }}-pipenv-v2-${{ hashFiles('**/Pipfile.lock') }}
- name: prepare
env:
INSTALL: ${{ steps.cache-pipenv.outputs.cache-hit }}
run: | run: |
scripts/ci_prepare.sh
docker-compose -f tests/e2e/docker-compose.yml up -d docker-compose -f tests/e2e/docker-compose.yml up -d
- id: cache-web - id: cache-web
uses: actions/cache@v2.1.7 uses: actions/cache@v3
with: with:
path: web/dist path: web/dist
key: ${{ runner.os }}-web-${{ hashFiles('web/package-lock.json', 'web/**') }} key: ${{ runner.os }}-web-${{ hashFiles('web/package-lock.json', 'web/**') }}
- name: prepare web ui - name: prepare web ui
if: steps.cache-web.outputs.cache-hit != 'true' if: steps.cache-web.outputs.cache-hit != 'true'
working-directory: web
run: | run: |
cd web npm ci
npm i
npm run build npm run build
- name: run e2e - name: run e2e
run: | run: |
pipenv run make test-e2e-provider poetry run make test-e2e-provider
pipenv run coverage xml poetry run coverage xml
- name: run testspace - name: run testspace
if: ${{ always() }} if: ${{ always() }}
run: | run: |
testspace [e2e-provider]unittest.xml --link=codecov testspace [e2e-provider]unittest.xml --link=codecov
- if: ${{ always() }} - if: ${{ always() }}
uses: codecov/codecov-action@v2 uses: codecov/codecov-action@v3
test-e2e-rest: test-e2e-rest:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v3
- uses: actions/setup-python@v2 - name: Setup authentik env
with: uses: ./.github/actions/setup
python-version: '3.9'
- uses: actions/setup-node@v2
with:
node-version: '16'
cache: 'npm'
cache-dependency-path: web/package-lock.json
- uses: testspace-com/setup-testspace@v1 - uses: testspace-com/setup-testspace@v1
with: with:
domain: ${{github.repository_owner}} domain: ${{github.repository_owner}}
- id: cache-pipenv - name: Setup authentik env
uses: actions/cache@v2.1.7
with:
path: ~/.local/share/virtualenvs
key: ${{ runner.os }}-pipenv-v2-${{ hashFiles('**/Pipfile.lock') }}
- name: prepare
env:
INSTALL: ${{ steps.cache-pipenv.outputs.cache-hit }}
run: | run: |
scripts/ci_prepare.sh
docker-compose -f tests/e2e/docker-compose.yml up -d docker-compose -f tests/e2e/docker-compose.yml up -d
- id: cache-web - id: cache-web
uses: actions/cache@v2.1.7 uses: actions/cache@v3
with: with:
path: web/dist path: web/dist
key: ${{ runner.os }}-web-${{ hashFiles('web/package-lock.json', 'web/**') }} key: ${{ runner.os }}-web-${{ hashFiles('web/package-lock.json', 'web/**') }}
- name: prepare web ui - name: prepare web ui
if: steps.cache-web.outputs.cache-hit != 'true' if: steps.cache-web.outputs.cache-hit != 'true'
working-directory: web/
run: | run: |
cd web npm ci
npm i
npm run build npm run build
- name: run e2e - name: run e2e
run: | run: |
pipenv run make test-e2e-rest poetry run make test-e2e-rest
pipenv run coverage xml poetry run coverage xml
- name: run testspace - name: run testspace
if: ${{ always() }} if: ${{ always() }}
run: | run: |
testspace [e2e-rest]unittest.xml --link=codecov testspace [e2e-rest]unittest.xml --link=codecov
- if: ${{ always() }} - if: ${{ always() }}
uses: codecov/codecov-action@v2 uses: codecov/codecov-action@v3
ci-core-mark: ci-core-mark:
needs: needs:
- lint - lint
@ -292,26 +205,25 @@ jobs:
arch: arch:
- 'linux/amd64' - 'linux/amd64'
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v3
- name: Set up QEMU - name: Set up QEMU
uses: docker/setup-qemu-action@v1.2.0 uses: docker/setup-qemu-action@v2.0.0
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1 uses: docker/setup-buildx-action@v2
- name: prepare variables - name: prepare variables
id: ev id: ev
env: env:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
run: | uses: ./.github/actions/docker-setup
python ./scripts/gh_env.py
- name: Login to Container Registry - name: Login to Container Registry
uses: docker/login-action@v1 uses: docker/login-action@v2
if: ${{ steps.ev.outputs.shouldBuild == 'true' }} if: ${{ steps.ev.outputs.shouldBuild == 'true' }}
with: with:
registry: ghcr.io registry: ghcr.io
username: ${{ github.repository_owner }} username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }} password: ${{ secrets.GITHUB_TOKEN }}
- name: Building Docker Image - name: Building Docker Image
uses: docker/build-push-action@v2 uses: docker/build-push-action@v3
with: with:
push: ${{ steps.ev.outputs.shouldBuild == 'true' }} push: ${{ steps.ev.outputs.shouldBuild == 'true' }}
tags: | tags: |

View File

@ -14,25 +14,36 @@ jobs:
lint-golint: lint-golint:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v3
- uses: actions/setup-go@v2 - uses: actions/setup-go@v3
with: with:
go-version: "^1.17" go-version: "^1.17"
- name: Run linter - name: Prepare and generate API
run: | run: |
# Create folder structure for go embeds # Create folder structure for go embeds
mkdir -p web/dist mkdir -p web/dist
mkdir -p website/help mkdir -p website/help
touch web/dist/test website/help/test touch web/dist/test website/help/test
docker run \ - name: Generate API
--rm \ run: make gen-client-go
-v $(pwd):/app \ - name: golangci-lint
-w /app \ uses: golangci/golangci-lint-action@v3
golangci/golangci-lint:v1.39.0 \ test-unittest:
golangci-lint run -v --timeout 200s runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: "^1.17"
- name: Generate API
run: make gen-client-go
- name: Go unittests
run: |
go test -timeout 0 -v -race -coverprofile=coverage.out -covermode=atomic -cover ./...
ci-outpost-mark: ci-outpost-mark:
needs: needs:
- lint-golint - lint-golint
- test-unittest
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- run: echo mark - run: echo mark
@ -50,26 +61,27 @@ jobs:
- 'linux/amd64' - 'linux/amd64'
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v3
- name: Set up QEMU - name: Set up QEMU
uses: docker/setup-qemu-action@v1.2.0 uses: docker/setup-qemu-action@v2.0.0
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1 uses: docker/setup-buildx-action@v2
- name: prepare variables - name: prepare variables
id: ev id: ev
uses: ./.github/actions/docker-setup
env: env:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
run: |
python ./scripts/gh_env.py
- name: Login to Container Registry - name: Login to Container Registry
uses: docker/login-action@v1 uses: docker/login-action@v2
if: ${{ steps.ev.outputs.shouldBuild == 'true' }} if: ${{ steps.ev.outputs.shouldBuild == 'true' }}
with: with:
registry: ghcr.io registry: ghcr.io
username: ${{ github.repository_owner }} username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }} password: ${{ secrets.GITHUB_TOKEN }}
- name: Generate API
run: make gen-client-go
- name: Building Docker Image - name: Building Docker Image
uses: docker/build-push-action@v2 uses: docker/build-push-action@v3
with: with:
push: ${{ steps.ev.outputs.shouldBuild == 'true' }} push: ${{ steps.ev.outputs.shouldBuild == 'true' }}
tags: | tags: |
@ -94,19 +106,21 @@ jobs:
goos: [linux] goos: [linux]
goarch: [amd64, arm64] goarch: [amd64, arm64]
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v3
- uses: actions/setup-go@v2 - uses: actions/setup-go@v3
with: with:
go-version: "^1.17" go-version: "^1.17"
- uses: actions/setup-node@v2 - uses: actions/setup-node@v3.2.0
with: with:
node-version: '16' node-version: '16'
cache: 'npm' cache: 'npm'
cache-dependency-path: web/package-lock.json cache-dependency-path: web/package-lock.json
- name: Generate API
run: make gen-client-go
- name: Build web - name: Build web
working-directory: web/
run: | run: |
cd web npm ci
npm install
npm run build-proxy npm run build-proxy
- name: Build outpost - name: Build outpost
run: | run: |
@ -114,7 +128,7 @@ jobs:
export GOOS=${{ matrix.goos }} export GOOS=${{ matrix.goos }}
export GOARCH=${{ matrix.goarch }} export GOARCH=${{ matrix.goarch }}
go build -tags=outpost_static_embed -v -o ./authentik-outpost-${{ matrix.type }}_${{ matrix.goos }}_${{ matrix.goarch }} ./cmd/${{ matrix.type }} go build -tags=outpost_static_embed -v -o ./authentik-outpost-${{ matrix.type }}_${{ matrix.goos }}_${{ matrix.goarch }} ./cmd/${{ matrix.type }}
- uses: actions/upload-artifact@v2 - uses: actions/upload-artifact@v3
with: with:
name: authentik-outpost-${{ matrix.type }}_${{ matrix.goos }}_${{ matrix.goarch }} name: authentik-outpost-${{ matrix.type }}_${{ matrix.goos }}_${{ matrix.goarch }}
path: ./authentik-outpost-${{ matrix.type }}_${{ matrix.goos }}_${{ matrix.goarch }} path: ./authentik-outpost-${{ matrix.type }}_${{ matrix.goos }}_${{ matrix.goarch }}

View File

@ -14,57 +14,51 @@ jobs:
lint-eslint: lint-eslint:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v3
- uses: actions/setup-node@v2 - uses: actions/setup-node@v3.2.0
with: with:
node-version: '16' node-version: '16'
cache: 'npm' cache: 'npm'
cache-dependency-path: web/package-lock.json cache-dependency-path: web/package-lock.json
- run: | - working-directory: web/
cd web run: npm ci
npm install
- name: Generate API - name: Generate API
run: make gen-web run: make gen-client-web
- name: Eslint - name: Eslint
run: | working-directory: web/
cd web run: npm run lint
npm run lint
lint-prettier: lint-prettier:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v3
- uses: actions/setup-node@v2 - uses: actions/setup-node@v3.2.0
with: with:
node-version: '16' node-version: '16'
cache: 'npm' cache: 'npm'
cache-dependency-path: web/package-lock.json cache-dependency-path: web/package-lock.json
- run: | - working-directory: web/
cd web run: npm ci
npm install
- name: Generate API - name: Generate API
run: make gen-web run: make gen-client-web
- name: prettier - name: prettier
run: | working-directory: web/
cd web run: npm run prettier-check
npm run prettier-check
lint-lit-analyse: lint-lit-analyse:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v3
- uses: actions/setup-node@v2 - uses: actions/setup-node@v3.2.0
with: with:
node-version: '16' node-version: '16'
cache: 'npm' cache: 'npm'
cache-dependency-path: web/package-lock.json cache-dependency-path: web/package-lock.json
- run: | - working-directory: web/
cd web run: npm ci
npm install
- name: Generate API - name: Generate API
run: make gen-web run: make gen-client-web
- name: lit-analyse - name: lit-analyse
run: | working-directory: web/
cd web run: npm run lit-analyse
npm run lit-analyse
ci-web-mark: ci-web-mark:
needs: needs:
- lint-eslint - lint-eslint
@ -78,18 +72,16 @@ jobs:
- ci-web-mark - ci-web-mark
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v3
- uses: actions/setup-node@v2 - uses: actions/setup-node@v3.2.0
with: with:
node-version: '16' node-version: '16'
cache: 'npm' cache: 'npm'
cache-dependency-path: web/package-lock.json cache-dependency-path: web/package-lock.json
- run: | - working-directory: web/
cd web run: npm ci
npm install
- name: Generate API - name: Generate API
run: make gen-web run: make gen-client-web
- name: build - name: build
run: | working-directory: web/
cd web run: npm run build
npm run build

33
.github/workflows/ci-website.yml vendored Normal file
View File

@ -0,0 +1,33 @@
name: authentik-ci-website
on:
push:
branches:
- master
- next
- version-*
pull_request:
branches:
- master
jobs:
lint-prettier:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3.2.0
with:
node-version: '16'
cache: 'npm'
cache-dependency-path: website/package-lock.json
- working-directory: website/
run: npm ci
- name: prettier
working-directory: website/
run: npm run prettier-check
ci-website-mark:
needs:
- lint-prettier
runs-on: ubuntu-latest
steps:
- run: echo mark

View File

@ -28,11 +28,11 @@ jobs:
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v2 uses: actions/checkout@v3
# Initializes the CodeQL tools for scanning. # Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL - name: Initialize CodeQL
uses: github/codeql-action/init@v1 uses: github/codeql-action/init@v2
with: with:
languages: ${{ matrix.language }} languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file. # If you wish to specify custom queries, you can do so here or in a config file.
@ -43,7 +43,7 @@ jobs:
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below) # If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild - name: Autobuild
uses: github/codeql-action/autobuild@v1 uses: github/codeql-action/autobuild@v2
# Command-line programs to run using the OS shell. # Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl # 📚 https://git.io/JvXDl
@ -57,4 +57,4 @@ jobs:
# make release # make release
- name: Perform CodeQL Analysis - name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1 uses: github/codeql-action/analyze@v2

View File

@ -9,42 +9,33 @@ jobs:
build-server: build-server:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v3
- name: Set up QEMU - name: Set up QEMU
uses: docker/setup-qemu-action@v1.2.0 uses: docker/setup-qemu-action@v2.0.0
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1 uses: docker/setup-buildx-action@v2
- name: Docker Login Registry - name: Docker Login Registry
uses: docker/login-action@v1 uses: docker/login-action@v2
with: with:
username: ${{ secrets.DOCKER_USERNAME }} username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }} password: ${{ secrets.DOCKER_PASSWORD }}
- name: Login to GitHub Container Registry - name: Login to GitHub Container Registry
uses: docker/login-action@v1 uses: docker/login-action@v2
with: with:
registry: ghcr.io registry: ghcr.io
username: ${{ github.repository_owner }} username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }} password: ${{ secrets.GITHUB_TOKEN }}
- name: Building Docker Image - name: Building Docker Image
uses: docker/build-push-action@v2 uses: docker/build-push-action@v3
with: with:
push: ${{ github.event_name == 'release' }} push: ${{ github.event_name == 'release' }}
tags: | tags: |
beryju/authentik:2021.12.2, beryju/authentik:2022.5.3,
beryju/authentik:latest, beryju/authentik:latest,
ghcr.io/goauthentik/server:2021.12.2, ghcr.io/goauthentik/server:2022.5.3,
ghcr.io/goauthentik/server:latest ghcr.io/goauthentik/server:latest
platforms: linux/amd64,linux/arm64 platforms: linux/amd64,linux/arm64
context: . context: .
- name: Building Docker Image (stable)
if: ${{ github.event_name == 'release' && !contains('2021.12.2', 'rc') }}
run: |
docker pull beryju/authentik:latest
docker tag beryju/authentik:latest beryju/authentik:stable
docker push beryju/authentik:stable
docker pull ghcr.io/goauthentik/server:latest
docker tag ghcr.io/goauthentik/server:latest ghcr.io/goauthentik/server:stable
docker push ghcr.io/goauthentik/server:stable
build-outpost: build-outpost:
runs-on: ubuntu-latest runs-on: ubuntu-latest
strategy: strategy:
@ -54,45 +45,36 @@ jobs:
- proxy - proxy
- ldap - ldap
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v3
- uses: actions/setup-go@v2 - uses: actions/setup-go@v3
with: with:
go-version: "^1.17" go-version: "^1.17"
- name: Set up QEMU - name: Set up QEMU
uses: docker/setup-qemu-action@v1.2.0 uses: docker/setup-qemu-action@v2.0.0
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1 uses: docker/setup-buildx-action@v2
- name: Docker Login Registry - name: Docker Login Registry
uses: docker/login-action@v1 uses: docker/login-action@v2
with: with:
username: ${{ secrets.DOCKER_USERNAME }} username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }} password: ${{ secrets.DOCKER_PASSWORD }}
- name: Login to GitHub Container Registry - name: Login to GitHub Container Registry
uses: docker/login-action@v1 uses: docker/login-action@v2
with: with:
registry: ghcr.io registry: ghcr.io
username: ${{ github.repository_owner }} username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }} password: ${{ secrets.GITHUB_TOKEN }}
- name: Building Docker Image - name: Building Docker Image
uses: docker/build-push-action@v2 uses: docker/build-push-action@v3
with: with:
push: ${{ github.event_name == 'release' }} push: ${{ github.event_name == 'release' }}
tags: | tags: |
beryju/authentik-${{ matrix.type }}:2021.12.2, beryju/authentik-${{ matrix.type }}:2022.5.3,
beryju/authentik-${{ matrix.type }}:latest, beryju/authentik-${{ matrix.type }}:latest,
ghcr.io/goauthentik/${{ matrix.type }}:2021.12.2, ghcr.io/goauthentik/${{ matrix.type }}:2022.5.3,
ghcr.io/goauthentik/${{ matrix.type }}:latest ghcr.io/goauthentik/${{ matrix.type }}:latest
file: ${{ matrix.type }}.Dockerfile file: ${{ matrix.type }}.Dockerfile
platforms: linux/amd64,linux/arm64 platforms: linux/amd64,linux/arm64
- name: Building Docker Image (stable)
if: ${{ github.event_name == 'release' && !contains('2021.12.2', 'rc') }}
run: |
docker pull beryju/authentik-${{ matrix.type }}:latest
docker tag beryju/authentik-${{ matrix.type }}:latest beryju/authentik-${{ matrix.type }}:stable
docker push beryju/authentik-${{ matrix.type }}:stable
docker pull ghcr.io/goauthentik/${{ matrix.type }}:latest
docker tag ghcr.io/goauthentik/${{ matrix.type }}:latest ghcr.io/goauthentik/${{ matrix.type }}:stable
docker push ghcr.io/goauthentik/${{ matrix.type }}:stable
build-outpost-binary: build-outpost-binary:
timeout-minutes: 120 timeout-minutes: 120
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -105,19 +87,19 @@ jobs:
goos: [linux, darwin] goos: [linux, darwin]
goarch: [amd64, arm64] goarch: [amd64, arm64]
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v3
- uses: actions/setup-go@v2 - uses: actions/setup-go@v3
with: with:
go-version: "^1.17" go-version: "^1.17"
- uses: actions/setup-node@v2 - uses: actions/setup-node@v3.2.0
with: with:
node-version: '16' node-version: '16'
cache: 'npm' cache: 'npm'
cache-dependency-path: web/package-lock.json cache-dependency-path: web/package-lock.json
- name: Build web - name: Build web
working-directory: web/
run: | run: |
cd web npm ci
npm install
npm run build-proxy npm run build-proxy
- name: Build outpost - name: Build outpost
run: | run: |
@ -139,7 +121,7 @@ jobs:
- build-outpost-binary - build-outpost-binary
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v3
- name: Run test suite in final docker images - name: Run test suite in final docker images
run: | run: |
echo "PG_PASS=$(openssl rand -base64 32)" >> .env echo "PG_PASS=$(openssl rand -base64 32)" >> .env
@ -150,10 +132,12 @@ jobs:
docker-compose run -u root server test docker-compose run -u root server test
sentry-release: sentry-release:
needs: needs:
- test-release - build-server
- build-outpost
- build-outpost-binary
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v3
- name: Get static files from docker image - name: Get static files from docker image
run: | run: |
docker pull ghcr.io/goauthentik/server:latest docker pull ghcr.io/goauthentik/server:latest
@ -168,7 +152,7 @@ jobs:
SENTRY_PROJECT: authentik SENTRY_PROJECT: authentik
SENTRY_URL: https://sentry.beryju.org SENTRY_URL: https://sentry.beryju.org
with: with:
version: authentik@2021.12.2 version: authentik@2022.5.3
environment: beryjuorg-prod environment: beryjuorg-prod
sourcemaps: './web/dist' sourcemaps: './web/dist'
url_prefix: '~/static/dist' url_prefix: '~/static/dist'

View File

@ -10,7 +10,7 @@ jobs:
name: Create Release from Tag name: Create Release from Tag
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v3
- name: Pre-release test - name: Pre-release test
run: | run: |
echo "PG_PASS=$(openssl rand -base64 32)" >> .env echo "PG_PASS=$(openssl rand -base64 32)" >> .env
@ -27,7 +27,7 @@ jobs:
docker-compose run -u root server test docker-compose run -u root server test
- name: Extract version number - name: Extract version number
id: get_version id: get_version
uses: actions/github-script@v5 uses: actions/github-script@v6
with: with:
github-token: ${{ secrets.GITHUB_TOKEN }} github-token: ${{ secrets.GITHUB_TOKEN }}
script: | script: |

View File

@ -7,8 +7,6 @@ on:
pull_request: pull_request:
paths: paths:
- '/locale/' - '/locale/'
schedule:
- cron: "0 */2 * * *"
workflow_dispatch: workflow_dispatch:
env: env:
@ -20,26 +18,13 @@ jobs:
compile: compile:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v3
- uses: actions/setup-python@v2 - name: Setup authentik env
with: uses: ./.github/actions/setup
python-version: '3.9'
- id: cache-pipenv
uses: actions/cache@v2.1.7
with:
path: ~/.local/share/virtualenvs
key: ${{ runner.os }}-pipenv-v2-${{ hashFiles('**/Pipfile.lock') }}
- name: prepare
env:
INSTALL: ${{ steps.cache-pipenv.outputs.cache-hit }}
run: |
sudo apt-get update
sudo apt-get install -y gettext
scripts/ci_prepare.sh
- name: run compile - name: run compile
run: pipenv run ./manage.py compilemessages run: poetry run ./manage.py compilemessages
- name: Create Pull Request - name: Create Pull Request
uses: peter-evans/create-pull-request@v3 uses: peter-evans/create-pull-request@v4
id: cpr id: cpr
with: with:
token: ${{ secrets.GITHUB_TOKEN }} token: ${{ secrets.GITHUB_TOKEN }}
@ -49,10 +34,3 @@ jobs:
body: "core: compile backend translations" body: "core: compile backend translations"
delete-branch: true delete-branch: true
signoff: true signoff: true
- name: Enable Pull Request Automerge
if: steps.cpr.outputs.pull-request-operation == 'created'
uses: peter-evans/enable-pull-request-automerge@v1
with:
token: ${{ secrets.GITHUB_TOKEN }}
pull-request-number: ${{ steps.cpr.outputs.pull-request-number }}
merge-method: squash

View File

@ -4,32 +4,33 @@ on:
branches: [ master ] branches: [ master ]
paths: paths:
- 'schema.yml' - 'schema.yml'
workflow_dispatch:
jobs: jobs:
build: build:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v3
# Setup .npmrc file to publish to npm # Setup .npmrc file to publish to npm
- uses: actions/setup-node@v2 - uses: actions/setup-node@v3.2.0
with: with:
node-version: '16' node-version: '16'
registry-url: 'https://registry.npmjs.org' registry-url: 'https://registry.npmjs.org'
- name: Generate API Client - name: Generate API Client
run: make gen-web run: make gen-client-web
- name: Publish package - name: Publish package
working-directory: gen-ts-api/
run: | run: |
cd web-api/ npm ci
npm i
npm publish npm publish
env: env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_PUBLISH_TOKEN }} NODE_AUTH_TOKEN: ${{ secrets.NPM_PUBLISH_TOKEN }}
- name: Upgrade /web - name: Upgrade /web
working-directory: web/
run: | run: |
cd web/ export VERSION=`node -e 'console.log(require("../gen-ts-api/package.json").version)'`
export VERSION=`node -e 'console.log(require("../web-api/package.json").version)'`
npm i @goauthentik/api@$VERSION npm i @goauthentik/api@$VERSION
- name: Create Pull Request - name: Create Pull Request
uses: peter-evans/create-pull-request@v3 uses: peter-evans/create-pull-request@v4
id: cpr id: cpr
with: with:
token: ${{ secrets.GITHUB_TOKEN }} token: ${{ secrets.GITHUB_TOKEN }}
@ -39,10 +40,3 @@ jobs:
body: "web: Update Web API Client version" body: "web: Update Web API Client version"
delete-branch: true delete-branch: true
signoff: true signoff: true
- name: Enable Pull Request Automerge
if: steps.cpr.outputs.pull-request-operation == 'created'
uses: peter-evans/enable-pull-request-automerge@v1
with:
token: ${{ secrets.GITHUB_TOKEN }}
pull-request-number: ${{ steps.cpr.outputs.pull-request-number }}
merge-method: squash

3
.gitignore vendored
View File

@ -202,5 +202,4 @@ media/
*mmdb *mmdb
.idea/ .idea/
/api/ /gen-*/
/web-api/

View File

@ -1 +0,0 @@
3.9.7

View File

@ -11,7 +11,9 @@
"saml", "saml",
"totp", "totp",
"webauthn", "webauthn",
"traefik" "traefik",
"passwordless",
"kubernetes"
], ],
"python.linting.pylintEnabled": true, "python.linting.pylintEnabled": true,
"todo-tree.tree.showCountsInTree": true, "todo-tree.tree.showCountsInTree": true,

View File

@ -1,34 +1,35 @@
# Stage 1: Lock python dependencies # Stage 1: Build website
FROM docker.io/python:3.10.1-slim-bullseye as locker FROM --platform=${BUILDPLATFORM} docker.io/node:18 as website-builder
COPY ./Pipfile /app/
COPY ./Pipfile.lock /app/
WORKDIR /app/
RUN pip install pipenv && \
pipenv lock -r > requirements.txt && \
pipenv lock -r --dev-only > requirements-dev.txt
# Stage 2: Build website
FROM --platform=${BUILDPLATFORM} docker.io/node:16 as website-builder
COPY ./website /work/website/ COPY ./website /work/website/
ENV NODE_ENV=production ENV NODE_ENV=production
RUN cd /work/website && npm i && npm run build-docs-only WORKDIR /work/website
RUN npm ci && npm run build-docs-only
# Stage 3: Build webui # Stage 2: Build webui
FROM --platform=${BUILDPLATFORM} docker.io/node:16 as web-builder FROM --platform=${BUILDPLATFORM} docker.io/node:18 as web-builder
COPY ./web /work/web/ COPY ./web /work/web/
COPY ./website /work/website/ COPY ./website /work/website/
ENV NODE_ENV=production ENV NODE_ENV=production
RUN cd /work/web && npm i && npm run build WORKDIR /work/web
RUN npm ci && npm run build
# Stage 3: Poetry to requirements.txt export
FROM docker.io/python:3.10.4-slim-bullseye AS poetry-locker
WORKDIR /work
COPY ./pyproject.toml /work
COPY ./poetry.lock /work
RUN pip install --no-cache-dir poetry && \
poetry export -f requirements.txt --output requirements.txt && \
poetry export -f requirements.txt --dev --output requirements-dev.txt
# Stage 4: Build go proxy # Stage 4: Build go proxy
FROM docker.io/golang:1.17.5-bullseye AS builder FROM docker.io/golang:1.18.2-bullseye AS builder
WORKDIR /work WORKDIR /work
@ -44,28 +45,36 @@ COPY ./go.sum /work/go.sum
RUN go build -o /work/authentik ./cmd/server/main.go RUN go build -o /work/authentik ./cmd/server/main.go
# Stage 5: Run # Stage 5: Run
FROM docker.io/python:3.10.1-slim-bullseye FROM docker.io/python:3.10.4-slim-bullseye
LABEL org.opencontainers.image.url https://goauthentik.io
LABEL org.opencontainers.image.description goauthentik.io Main server image, see https://goauthentik.io for more info.
LABEL org.opencontainers.image.source https://github.com/goauthentik/authentik
WORKDIR / WORKDIR /
COPY --from=locker /app/requirements.txt /
COPY --from=locker /app/requirements-dev.txt /
ARG GIT_BUILD_HASH ARG GIT_BUILD_HASH
ENV GIT_BUILD_HASH=$GIT_BUILD_HASH ENV GIT_BUILD_HASH=$GIT_BUILD_HASH
COPY --from=poetry-locker /work/requirements.txt /
COPY --from=poetry-locker /work/requirements-dev.txt /
RUN apt-get update && \ RUN apt-get update && \
apt-get install -y --no-install-recommends \ # Required for installing pip packages
curl ca-certificates gnupg git runit libpq-dev \ apt-get install -y --no-install-recommends build-essential pkg-config libxmlsec1-dev && \
postgresql-client build-essential libxmlsec1-dev \ # Required for runtime
pkg-config libmaxminddb0 && \ apt-get install -y --no-install-recommends libxmlsec1-openssl libmaxminddb0 && \
pip install -r /requirements.txt --no-cache-dir && \ # Required for bootstrap & healtcheck
apt-get remove --purge -y build-essential git && \ apt-get install -y --no-install-recommends curl runit && \
pip install --no-cache-dir -r /requirements.txt && \
apt-get remove --purge -y build-essential pkg-config libxmlsec1-dev && \
apt-get autoremove --purge -y && \ apt-get autoremove --purge -y && \
apt-get clean && \ apt-get clean && \
rm -rf /tmp/* /var/lib/apt/lists/* /var/tmp/ && \ rm -rf /tmp/* /var/lib/apt/lists/* /var/tmp/ && \
adduser --system --no-create-home --uid 1000 --group --home /authentik authentik && \ adduser --system --no-create-home --uid 1000 --group --home /authentik authentik && \
mkdir -p /backups /certs /media && \ mkdir -p /certs /media && \
chown authentik:authentik /backups /certs /media mkdir -p /authentik/.ssh && \
chown authentik:authentik /certs /media /authentik/.ssh
COPY ./authentik/ /authentik COPY ./authentik/ /authentik
COPY ./pyproject.toml / COPY ./pyproject.toml /

View File

@ -15,6 +15,18 @@ test-e2e-provider:
test-e2e-rest: test-e2e-rest:
coverage run manage.py test tests/e2e/test_flows* tests/e2e/test_source* coverage run manage.py test tests/e2e/test_flows* tests/e2e/test_source*
test-go:
go test -timeout 0 -v -race -cover ./...
test-docker:
echo "PG_PASS=$(openssl rand -base64 32)" >> .env
echo "AUTHENTIK_SECRET_KEY=$(openssl rand -base64 32)" >> .env
docker-compose pull -q
docker-compose up --no-start
docker-compose start postgresql redis
docker-compose run -u root server test
rm -f .env
test: test:
coverage run manage.py test authentik coverage run manage.py test authentik
coverage html coverage html
@ -35,6 +47,7 @@ lint-fix:
lint: lint:
bandit -r authentik tests lifecycle -x node_modules bandit -r authentik tests lifecycle -x node_modules
pylint authentik tests lifecycle pylint authentik tests lifecycle
golangci-lint run -v
i18n-extract: i18n-extract-core web-extract i18n-extract: i18n-extract-core web-extract
@ -48,22 +61,21 @@ gen-clean:
rm -rf web/api/src/ rm -rf web/api/src/
rm -rf api/ rm -rf api/
gen-web: gen-client-web:
docker run \ docker run \
--rm -v ${PWD}:/local \ --rm -v ${PWD}:/local \
--user ${UID}:${GID} \ --user ${UID}:${GID} \
openapitools/openapi-generator-cli generate \ openapitools/openapi-generator-cli:v6.0.0 generate \
-i /local/schema.yml \ -i /local/schema.yml \
-g typescript-fetch \ -g typescript-fetch \
-o /local/web-api \ -o /local/gen-ts-api \
--additional-properties=typescriptThreePlus=true,supportsES6=true,npmName=@goauthentik/api,npmVersion=${NPM_VERSION} --additional-properties=typescriptThreePlus=true,supportsES6=true,npmName=@goauthentik/api,npmVersion=${NPM_VERSION}
mkdir -p web/node_modules/@goauthentik/api mkdir -p web/node_modules/@goauthentik/api
python -m scripts.web_api_esm \cp -fv scripts/web_api_readme.md gen-ts-api/README.md
\cp -fv scripts/web_api_readme.md web-api/README.md cd gen-ts-api && npm i
cd web-api && npm i \cp -rfv gen-ts-api/* web/node_modules/@goauthentik/api
\cp -rfv web-api/* web/node_modules/@goauthentik/api
gen-outpost: gen-client-go:
wget https://raw.githubusercontent.com/goauthentik/client-go/main/config.yaml -O config.yaml wget https://raw.githubusercontent.com/goauthentik/client-go/main/config.yaml -O config.yaml
mkdir -p templates mkdir -p templates
wget https://raw.githubusercontent.com/goauthentik/client-go/main/templates/README.mustache -O templates/README.mustache wget https://raw.githubusercontent.com/goauthentik/client-go/main/templates/README.mustache -O templates/README.mustache
@ -71,15 +83,15 @@ gen-outpost:
docker run \ docker run \
--rm -v ${PWD}:/local \ --rm -v ${PWD}:/local \
--user ${UID}:${GID} \ --user ${UID}:${GID} \
openapitools/openapi-generator-cli:v5.2.1 generate \ openapitools/openapi-generator-cli:v6.0.0 generate \
-i /local/schema.yml \ -i /local/schema.yml \
-g go \ -g go \
-o /local/api \ -o /local/gen-go-api \
-c /local/config.yaml -c /local/config.yaml
go mod edit -replace goauthentik.io/api=./api go mod edit -replace goauthentik.io/api/v3=./gen-go-api
rm -rf config.yaml ./templates/ rm -rf config.yaml ./templates/
gen: gen-build gen-clean gen-web gen: gen-build gen-clean gen-client-web
migrate: migrate:
python -m lifecycle.migrate python -m lifecycle.migrate
@ -87,11 +99,18 @@ migrate:
run: run:
go run -v cmd/server/main.go go run -v cmd/server/main.go
web-watch: #########################
cd web && npm run watch ## Web
#########################
web: web-lint-fix web-lint web-extract web: web-lint-fix web-lint web-extract
web-install:
cd web && npm ci
web-watch:
cd web && npm run watch
web-lint-fix: web-lint-fix:
cd web && npm run prettier cd web && npm run prettier
@ -102,23 +121,50 @@ web-lint:
web-extract: web-extract:
cd web && npm run extract cd web && npm run extract
#########################
## Website
#########################
website: website-lint-fix
website-install:
cd website && npm ci
website-lint-fix:
cd website && npm run prettier
website-watch:
cd website && npm run watch
# These targets are use by GitHub actions to allow usage of matrix # These targets are use by GitHub actions to allow usage of matrix
# which makes the YAML File a lot smaller # which makes the YAML File a lot smaller
ci-pylint: ci--meta-debug:
python -V
node --version
ci-pylint: ci--meta-debug
pylint authentik tests lifecycle pylint authentik tests lifecycle
ci-black: ci-black: ci--meta-debug
black --check authentik tests lifecycle black --check authentik tests lifecycle
ci-isort: ci-isort: ci--meta-debug
isort --check authentik tests lifecycle isort --check authentik tests lifecycle
ci-bandit: ci-bandit: ci--meta-debug
bandit -r authentik tests lifecycle bandit -r authentik tests lifecycle
ci-pyright: ci-pyright: ci--meta-debug
pyright e2e lifecycle pyright e2e lifecycle
ci-pending-migrations: ci-pending-migrations: ci--meta-debug
./manage.py makemigrations --check ./manage.py makemigrations --check
install: web-install website-install
poetry install
a: install
tmux \
new-session 'make run' \; \
split-window 'make web-watch'

68
Pipfile
View File

@ -1,68 +0,0 @@
[[source]]
name = "pypi"
url = "https://pypi.org/simple"
verify_ssl = true
[packages]
boto3 = "*"
celery = "*"
channels = "*"
channels-redis = "*"
codespell = "*"
colorama = "*"
dacite = "*"
deepmerge = "*"
defusedxml = "*"
django = "*"
django-dbbackup = { git = 'https://github.com/django-dbbackup/django-dbbackup.git', ref = '9d1909c30a3271c8c9c8450add30d6e0b996e145' }
django-filter = "*"
django-guardian = "*"
django-model-utils = "*"
django-otp = "*"
django-prometheus = "*"
django-redis = "*"
django-storages = "*"
djangorestframework = "*"
djangorestframework-guardian = "*"
docker = "*"
drf-spectacular = "*"
duo-client = "*"
facebook-sdk = "*"
geoip2 = "*"
gunicorn = "*"
kubernetes = "==v19.15.0"
ldap3 = "*"
lxml = "*"
packaging = "*"
psycopg2-binary = "*"
pycryptodome = "*"
pyjwt = "*"
pyyaml = "*"
requests-oauthlib = "*"
sentry-sdk = { git = 'https://github.com/beryju/sentry-python.git', ref = '379aee28b15d3b87b381317746c4efd24b3d7bc3' }
service_identity = "*"
structlog = "*"
swagger-spec-validator = "*"
twisted = "==21.7.0"
ua-parser = "*"
urllib3 = {extras = ["secure"],version = "*"}
uvicorn = {extras = ["standard"],version = "*"}
webauthn = "*"
xmlsec = "*"
flower = "*"
wsproto = "*"
[dev-packages]
bandit = "*"
black = "==21.11b1"
bump2version = "*"
colorama = "*"
coverage = {extras = ["toml"],version = "*"}
pylint = "*"
pylint-django = "*"
pytest = "*"
pytest-django = "*"
pytest-randomly = "*"
requests-mock = "*"
selenium = "*"
importlib-metadata = "*"

2505
Pipfile.lock generated

File diff suppressed because it is too large Load Diff

View File

@ -57,4 +57,4 @@ DigitalOcean provides development and testing resources for authentik.
</a> </a>
</p> </p>
Netlify hosts the [goauthentik.io](goauthentik.io) site. Netlify hosts the [goauthentik.io](https://goauthentik.io) site.

View File

@ -6,8 +6,8 @@
| Version | Supported | | Version | Supported |
| ---------- | ------------------ | | ---------- | ------------------ |
| 2021.10.x | :white_check_mark: | | 2022.3.x | :white_check_mark: |
| 2021.12.x | :white_check_mark: | | 2022.4.x | :white_check_mark: |
## Reporting a Vulnerability ## Reporting a Vulnerability

View File

@ -1,3 +1,22 @@
"""authentik""" """authentik"""
__version__ = "2021.12.2" from os import environ
from typing import Optional
__version__ = "2022.5.3"
ENV_GIT_HASH_KEY = "GIT_BUILD_HASH" ENV_GIT_HASH_KEY = "GIT_BUILD_HASH"
def get_build_hash(fallback: Optional[str] = None) -> str:
"""Get build hash"""
build_hash = environ.get(ENV_GIT_HASH_KEY, fallback if fallback else "")
if build_hash == "" and fallback:
return fallback
return build_hash
def get_full_version() -> str:
"""Get full version, with build hash appended"""
version = __version__
if (build_hash := get_build_hash()) != "":
version += "." + build_hash
return version

View File

@ -12,10 +12,13 @@ from rest_framework.permissions import IsAdminUser
from rest_framework.request import Request from rest_framework.request import Request
from rest_framework.response import Response from rest_framework.response import Response
from rest_framework.viewsets import ViewSet from rest_framework.viewsets import ViewSet
from structlog.stdlib import get_logger
from authentik.core.api.utils import PassiveSerializer from authentik.core.api.utils import PassiveSerializer
from authentik.events.monitored_tasks import TaskInfo, TaskResultStatus from authentik.events.monitored_tasks import TaskInfo, TaskResultStatus
LOGGER = get_logger()
class TaskSerializer(PassiveSerializer): class TaskSerializer(PassiveSerializer):
"""Serialize TaskInfo and TaskResult""" """Serialize TaskInfo and TaskResult"""
@ -89,13 +92,15 @@ class TaskViewSet(ViewSet):
try: try:
task_module = import_module(task.task_call_module) task_module = import_module(task.task_call_module)
task_func = getattr(task_module, task.task_call_func) task_func = getattr(task_module, task.task_call_func)
LOGGER.debug("Running task", task=task_func)
task_func.delay(*task.task_call_args, **task.task_call_kwargs) task_func.delay(*task.task_call_args, **task.task_call_kwargs)
messages.success( messages.success(
self.request, self.request,
_("Successfully re-scheduled Task %(name)s!" % {"name": task.task_name}), _("Successfully re-scheduled Task %(name)s!" % {"name": task.task_name}),
) )
return Response(status=204) return Response(status=204)
except ImportError: # pragma: no cover except (ImportError, AttributeError): # pragma: no cover
LOGGER.warning("Failed to run task, remove state", task=task)
# if we get an import error, the module path has probably changed # if we get an import error, the module path has probably changed
task.delete() task.delete()
return Response(status=500) return Response(status=500)

View File

@ -1,6 +1,4 @@
"""authentik administration overview""" """authentik administration overview"""
from os import environ
from django.core.cache import cache from django.core.cache import cache
from drf_spectacular.utils import extend_schema from drf_spectacular.utils import extend_schema
from packaging.version import parse from packaging.version import parse
@ -10,7 +8,7 @@ from rest_framework.request import Request
from rest_framework.response import Response from rest_framework.response import Response
from rest_framework.views import APIView from rest_framework.views import APIView
from authentik import ENV_GIT_HASH_KEY, __version__ from authentik import __version__, get_build_hash
from authentik.admin.tasks import VERSION_CACHE_KEY, update_latest_version from authentik.admin.tasks import VERSION_CACHE_KEY, update_latest_version
from authentik.core.api.utils import PassiveSerializer from authentik.core.api.utils import PassiveSerializer
@ -25,7 +23,7 @@ class VersionSerializer(PassiveSerializer):
def get_build_hash(self, _) -> str: def get_build_hash(self, _) -> str:
"""Get build hash, if version is not latest or released""" """Get build hash, if version is not latest or released"""
return environ.get(ENV_GIT_HASH_KEY, "") return get_build_hash()
def get_version_current(self, _) -> str: def get_version_current(self, _) -> str:
"""Get current version""" """Get current version"""

View File

@ -1,4 +1,6 @@
"""authentik admin app config""" """authentik admin app config"""
from importlib import import_module
from django.apps import AppConfig from django.apps import AppConfig
@ -13,3 +15,4 @@ class AuthentikAdminConfig(AppConfig):
from authentik.admin.tasks import clear_update_notifications from authentik.admin.tasks import clear_update_notifications
clear_update_notifications.delay() clear_update_notifications.delay()
import_module("authentik.admin.signals")

View File

@ -1,10 +1,12 @@
"""authentik admin settings""" """authentik admin settings"""
from celery.schedules import crontab from celery.schedules import crontab
from authentik.lib.utils.time import fqdn_rand
CELERY_BEAT_SCHEDULE = { CELERY_BEAT_SCHEDULE = {
"admin_latest_version": { "admin_latest_version": {
"task": "authentik.admin.tasks.update_latest_version", "task": "authentik.admin.tasks.update_latest_version",
"schedule": crontab(minute="*/60"), # Run every hour "schedule": crontab(minute=fqdn_rand("admin_latest_version"), hour="*"),
"options": {"queue": "authentik_scheduled"}, "options": {"queue": "authentik_scheduled"},
} }
} }

View File

@ -0,0 +1,23 @@
"""admin signals"""
from django.dispatch import receiver
from authentik.admin.api.tasks import TaskInfo
from authentik.admin.api.workers import GAUGE_WORKERS
from authentik.root.celery import CELERY_APP
from authentik.root.monitoring import monitoring_set
@receiver(monitoring_set)
# pylint: disable=unused-argument
def monitoring_set_workers(sender, **kwargs):
"""Set worker gauge"""
count = len(CELERY_APP.control.ping(timeout=0.5))
GAUGE_WORKERS.set(count)
@receiver(monitoring_set)
# pylint: disable=unused-argument
def monitoring_set_tasks(sender, **kwargs):
"""Set task gauges"""
for task in TaskInfo.all().values():
task.set_prom_metrics()

View File

@ -1,6 +1,5 @@
"""authentik admin tasks""" """authentik admin tasks"""
import re import re
from os import environ
from django.core.cache import cache from django.core.cache import cache
from django.core.validators import URLValidator from django.core.validators import URLValidator
@ -9,7 +8,7 @@ from prometheus_client import Info
from requests import RequestException from requests import RequestException
from structlog.stdlib import get_logger from structlog.stdlib import get_logger
from authentik import ENV_GIT_HASH_KEY, __version__ from authentik import __version__, get_build_hash
from authentik.events.models import Event, EventAction, Notification from authentik.events.models import Event, EventAction, Notification
from authentik.events.monitored_tasks import ( from authentik.events.monitored_tasks import (
MonitoredTask, MonitoredTask,
@ -36,7 +35,7 @@ def _set_prom_info():
{ {
"version": __version__, "version": __version__,
"latest": cache.get(VERSION_CACHE_KEY, ""), "latest": cache.get(VERSION_CACHE_KEY, ""),
"build_hash": environ.get(ENV_GIT_HASH_KEY, ""), "build_hash": get_build_hash(),
} }
) )

View File

@ -26,7 +26,7 @@ class TestAdminTasks(TestCase):
def test_version_valid_response(self): def test_version_valid_response(self):
"""Test Update checker with valid response""" """Test Update checker with valid response"""
with Mocker() as mocker: with Mocker() as mocker, CONFIG.patch("disable_update_check", False):
mocker.get("https://version.goauthentik.io/version.json", json=RESPONSE_VALID) mocker.get("https://version.goauthentik.io/version.json", json=RESPONSE_VALID)
update_latest_version.delay().get() update_latest_version.delay().get()
self.assertEqual(cache.get(VERSION_CACHE_KEY), "99999999.9999999") self.assertEqual(cache.get(VERSION_CACHE_KEY), "99999999.9999999")

View File

@ -1,7 +1,5 @@
"""API Authentication""" """API Authentication"""
from base64 import b64decode from typing import Any, Optional
from binascii import Error
from typing import Any, Optional, Union
from django.conf import settings from django.conf import settings
from rest_framework.authentication import BaseAuthentication, get_authorization_header from rest_framework.authentication import BaseAuthentication, get_authorization_header
@ -16,38 +14,36 @@ from authentik.outposts.models import Outpost
LOGGER = get_logger() LOGGER = get_logger()
# pylint: disable=too-many-return-statements def validate_auth(header: bytes) -> str:
def bearer_auth(raw_header: bytes) -> Optional[User]: """Validate that the header is in a correct format,
"""raw_header in the Format of `Bearer dGVzdDp0ZXN0`""" returns type and credentials"""
auth_credentials = raw_header.decode() auth_credentials = header.decode().strip()
if auth_credentials == "" or " " not in auth_credentials: if auth_credentials == "" or " " not in auth_credentials:
return None return None
auth_type, _, auth_credentials = auth_credentials.partition(" ") auth_type, _, auth_credentials = auth_credentials.partition(" ")
if auth_type.lower() not in ["basic", "bearer"]: if auth_type.lower() != "bearer":
LOGGER.debug("Unsupported authentication type, denying", type=auth_type.lower()) LOGGER.debug("Unsupported authentication type, denying", type=auth_type.lower())
raise AuthenticationFailed("Unsupported authentication type") raise AuthenticationFailed("Unsupported authentication type")
password = auth_credentials if auth_credentials == "": # nosec
if auth_type.lower() == "basic":
try:
auth_credentials = b64decode(auth_credentials.encode()).decode()
except (UnicodeDecodeError, Error):
raise AuthenticationFailed("Malformed header")
# Accept credentials with username and without
if ":" in auth_credentials:
_, _, password = auth_credentials.partition(":")
else:
password = auth_credentials
if password == "": # nosec
raise AuthenticationFailed("Malformed header") raise AuthenticationFailed("Malformed header")
tokens = Token.filter_not_expired(key=password, intent=TokenIntents.INTENT_API) return auth_credentials
if not tokens.exists():
user = token_secret_key(password)
if not user: def bearer_auth(raw_header: bytes) -> Optional[User]:
raise AuthenticationFailed("Token invalid/expired") """raw_header in the Format of `Bearer ....`"""
return user auth_credentials = validate_auth(raw_header)
if not auth_credentials:
return None
# first, check traditional tokens
token = Token.filter_not_expired(key=auth_credentials, intent=TokenIntents.INTENT_API).first()
if hasattr(LOCAL, "authentik"): if hasattr(LOCAL, "authentik"):
LOCAL.authentik[KEY_AUTH_VIA] = "api_token" LOCAL.authentik[KEY_AUTH_VIA] = "api_token"
return tokens.first().user if token:
return token.user
user = token_secret_key(auth_credentials)
if user:
return user
raise AuthenticationFailed("Token invalid/expired")
def token_secret_key(value: str) -> Optional[User]: def token_secret_key(value: str) -> Optional[User]:
@ -69,7 +65,7 @@ def token_secret_key(value: str) -> Optional[User]:
class TokenAuthentication(BaseAuthentication): class TokenAuthentication(BaseAuthentication):
"""Token-based authentication using HTTP Bearer authentication""" """Token-based authentication using HTTP Bearer authentication"""
def authenticate(self, request: Request) -> Union[tuple[User, Any], None]: def authenticate(self, request: Request) -> tuple[User, Any] | None:
"""Token-based authentication using HTTP Bearer authentication""" """Token-based authentication using HTTP Bearer authentication"""
auth = get_authorization_header(request) auth = get_authorization_header(request)

View File

@ -12,6 +12,8 @@ class OwnerFilter(BaseFilterBackend):
owner_key = "user" owner_key = "user"
def filter_queryset(self, request: Request, queryset: QuerySet, view) -> QuerySet: def filter_queryset(self, request: Request, queryset: QuerySet, view) -> QuerySet:
if request.user.is_superuser:
return queryset
return queryset.filter(**{self.owner_key: request.user}) return queryset.filter(**{self.owner_key: request.user})

View File

@ -8,9 +8,6 @@ API Browser - {{ tenant.branding_title }}
{% block head %} {% block head %}
<script type="module" src="{% static 'dist/rapidoc-min.js' %}"></script> <script type="module" src="{% static 'dist/rapidoc-min.js' %}"></script>
{% endblock %}
{% block body %}
<script> <script>
function getCookie(name) { function getCookie(name) {
let cookieValue = ""; let cookieValue = "";
@ -30,20 +27,62 @@ function getCookie(name) {
window.addEventListener('DOMContentLoaded', (event) => { window.addEventListener('DOMContentLoaded', (event) => {
const rapidocEl = document.querySelector('rapi-doc'); const rapidocEl = document.querySelector('rapi-doc');
rapidocEl.addEventListener('before-try', (e) => { rapidocEl.addEventListener('before-try', (e) => {
e.detail.request.headers.append('X-CSRFToken', getCookie("authentik_csrf")); e.detail.request.headers.append('X-authentik-CSRF', getCookie("authentik_csrf"));
}); });
}); });
</script> </script>
<style>
img.logo {
width: 100%;
padding: 1rem 0.5rem 1.5rem 0.5rem;
min-height: 48px;
}
</style>
{% endblock %}
{% block body %}
<rapi-doc <rapi-doc
spec-url="{{ path }}" spec-url="{{ path }}"
heading-text="authentik" heading-text=""
theme="dark" theme="light"
render-style="view" render-style="read"
default-schema-tab="schema"
primary-color="#fd4b2d" primary-color="#fd4b2d"
nav-bg-color="#212427"
bg-color="#000000"
text-color="#000000"
nav-text-color="#ffffff"
nav-hover-bg-color="#3c3f42"
nav-accent-color="#4f5255"
nav-hover-text-color="#ffffff"
use-path-in-nav-bar="true"
nav-item-spacing="relaxed"
allow-server-selection="false"
show-header="false"
allow-spec-url-load="false" allow-spec-url-load="false"
allow-spec-file-load="false"> allow-spec-file-load="false">
<div slot="logo"> <div slot="nav-logo">
<img src="{% static 'dist/assets/icons/icon.png' %}" style="width:50px; height:50px" /> <img class="logo" src="{% static 'dist/assets/icons/icon_left_brand.png' %}" />
</div> </div>
</rapi-doc> </rapi-doc>
<script>
const rapidoc = document.querySelector("rapi-doc");
const matcher = window.matchMedia("(prefers-color-scheme: light)");
const changer = (ev) => {
const style = getComputedStyle(document.documentElement);
let bg, text = "";
if (matcher.matches) {
bg = style.getPropertyValue('--pf-global--BackgroundColor--light-300');
text = style.getPropertyValue('--pf-global--Color--300');
} else {
bg = style.getPropertyValue('--ak-dark-background');
text = style.getPropertyValue('--ak-dark-foreground');
}
rapidoc.attributes.getNamedItem("bg-color").value = bg.trim();
rapidoc.attributes.getNamedItem("text-color").value = text.trim();
rapidoc.requestUpdate();
};
matcher.addEventListener("change", changer);
window.addEventListener("load", changer);
</script>
{% endblock %} {% endblock %}

View File

@ -14,12 +14,6 @@ from authentik.outposts.managed import OutpostManager
class TestAPIAuth(TestCase): class TestAPIAuth(TestCase):
"""Test API Authentication""" """Test API Authentication"""
def test_valid_basic(self):
"""Test valid token"""
token = Token.objects.create(intent=TokenIntents.INTENT_API, user=get_anonymous_user())
auth = b64encode(f":{token.key}".encode()).decode()
self.assertEqual(bearer_auth(f"Basic {auth}".encode()), token.user)
def test_valid_bearer(self): def test_valid_bearer(self):
"""Test valid token""" """Test valid token"""
token = Token.objects.create(intent=TokenIntents.INTENT_API, user=get_anonymous_user()) token = Token.objects.create(intent=TokenIntents.INTENT_API, user=get_anonymous_user())
@ -30,16 +24,6 @@ class TestAPIAuth(TestCase):
with self.assertRaises(AuthenticationFailed): with self.assertRaises(AuthenticationFailed):
bearer_auth("foo bar".encode()) bearer_auth("foo bar".encode())
def test_invalid_decode(self):
"""Test invalid bas64"""
with self.assertRaises(AuthenticationFailed):
bearer_auth("Basic bar".encode())
def test_invalid_empty_password(self):
"""Test invalid with empty password"""
with self.assertRaises(AuthenticationFailed):
bearer_auth("Basic :".encode())
def test_invalid_no_token(self): def test_invalid_no_token(self):
"""Test invalid with no token""" """Test invalid with no token"""
with self.assertRaises(AuthenticationFailed): with self.assertRaises(AuthenticationFailed):

View File

@ -0,0 +1,29 @@
"""authentik API Modelviewset tests"""
from typing import Callable
from django.test import TestCase
from rest_framework.viewsets import ModelViewSet, ReadOnlyModelViewSet
from authentik.api.v3.urls import router
class TestModelViewSets(TestCase):
"""Test Viewset"""
def viewset_tester_factory(test_viewset: type[ModelViewSet]) -> Callable:
"""Test Viewset"""
def tester(self: TestModelViewSets):
self.assertIsNotNone(getattr(test_viewset, "search_fields", None))
filterset_class = getattr(test_viewset, "filterset_class", None)
if not filterset_class:
self.assertIsNotNone(getattr(test_viewset, "filterset_fields", None))
return tester
for _, viewset, _ in router.registry:
if not issubclass(viewset, (ModelViewSet, ReadOnlyModelViewSet)):
continue
setattr(TestModelViewSets, f"test_viewset_{viewset.__name__}", viewset_tester_factory(viewset))

View File

@ -4,7 +4,5 @@ from django.urls import include, path
from authentik.api.v3.urls import urlpatterns as v3_urls from authentik.api.v3.urls import urlpatterns as v3_urls
urlpatterns = [ urlpatterns = [
# TODO: Remove in 2022.1
path("v2beta/", include(v3_urls)),
path("v3/", include(v3_urls)), path("v3/", include(v3_urls)),
] ]

View File

@ -1,10 +1,9 @@
"""core Configs API""" """core Configs API"""
from os import environ, path from os import path
from django.conf import settings from django.conf import settings
from django.db import models from django.db import models
from drf_spectacular.utils import extend_schema from drf_spectacular.utils import extend_schema
from kubernetes.config.incluster_config import SERVICE_HOST_ENV_NAME
from rest_framework.fields import ( from rest_framework.fields import (
BooleanField, BooleanField,
CharField, CharField,
@ -28,7 +27,7 @@ class Capabilities(models.TextChoices):
CAN_SAVE_MEDIA = "can_save_media" CAN_SAVE_MEDIA = "can_save_media"
CAN_GEO_IP = "can_geo_ip" CAN_GEO_IP = "can_geo_ip"
CAN_BACKUP = "can_backup" CAN_IMPERSONATE = "can_impersonate"
class ErrorReportingConfigSerializer(PassiveSerializer): class ErrorReportingConfigSerializer(PassiveSerializer):
@ -65,13 +64,8 @@ class ConfigView(APIView):
caps.append(Capabilities.CAN_SAVE_MEDIA) caps.append(Capabilities.CAN_SAVE_MEDIA)
if GEOIP_READER.enabled: if GEOIP_READER.enabled:
caps.append(Capabilities.CAN_GEO_IP) caps.append(Capabilities.CAN_GEO_IP)
if SERVICE_HOST_ENV_NAME in environ: if CONFIG.y_bool("impersonation"):
# Running in k8s, only s3 backup is supported caps.append(Capabilities.CAN_IMPERSONATE)
if CONFIG.y("postgresql.s3_backup"):
caps.append(Capabilities.CAN_BACKUP)
else:
# Running in compose, backup is always supported
caps.append(Capabilities.CAN_BACKUP)
return caps return caps
@extend_schema(responses={200: ConfigSerializer(many=False)}) @extend_schema(responses={200: ConfigSerializer(many=False)})
@ -80,7 +74,7 @@ class ConfigView(APIView):
config = ConfigSerializer( config = ConfigSerializer(
{ {
"error_reporting": { "error_reporting": {
"enabled": CONFIG.y("error_reporting.enabled"), "enabled": CONFIG.y("error_reporting.enabled") and not settings.DEBUG,
"environment": CONFIG.y("error_reporting.environment"), "environment": CONFIG.y("error_reporting.environment"),
"send_pii": CONFIG.y("error_reporting.send_pii"), "send_pii": CONFIG.y("error_reporting.send_pii"),
"traces_sample_rate": float(CONFIG.y("error_reporting.sample_rate", 0.4)), "traces_sample_rate": float(CONFIG.y("error_reporting.sample_rate", 0.4)),

View File

@ -22,11 +22,11 @@ from authentik.core.api.sources import SourceViewSet, UserSourceConnectionViewSe
from authentik.core.api.tokens import TokenViewSet from authentik.core.api.tokens import TokenViewSet
from authentik.core.api.users import UserViewSet from authentik.core.api.users import UserViewSet
from authentik.crypto.api import CertificateKeyPairViewSet from authentik.crypto.api import CertificateKeyPairViewSet
from authentik.events.api.event import EventViewSet from authentik.events.api.events import EventViewSet
from authentik.events.api.notification import NotificationViewSet from authentik.events.api.notification_mappings import NotificationWebhookMappingViewSet
from authentik.events.api.notification_mapping import NotificationWebhookMappingViewSet from authentik.events.api.notification_rules import NotificationRuleViewSet
from authentik.events.api.notification_rule import NotificationRuleViewSet from authentik.events.api.notification_transports import NotificationTransportViewSet
from authentik.events.api.notification_transport import NotificationTransportViewSet from authentik.events.api.notifications import NotificationViewSet
from authentik.flows.api.bindings import FlowStageBindingViewSet from authentik.flows.api.bindings import FlowStageBindingViewSet
from authentik.flows.api.flows import FlowViewSet from authentik.flows.api.flows import FlowViewSet
from authentik.flows.api.stages import StageViewSet from authentik.flows.api.stages import StageViewSet
@ -46,11 +46,7 @@ from authentik.policies.expiry.api import PasswordExpiryPolicyViewSet
from authentik.policies.expression.api import ExpressionPolicyViewSet from authentik.policies.expression.api import ExpressionPolicyViewSet
from authentik.policies.hibp.api import HaveIBeenPwendPolicyViewSet from authentik.policies.hibp.api import HaveIBeenPwendPolicyViewSet
from authentik.policies.password.api import PasswordPolicyViewSet from authentik.policies.password.api import PasswordPolicyViewSet
from authentik.policies.reputation.api import ( from authentik.policies.reputation.api import ReputationPolicyViewSet, ReputationViewSet
IPReputationViewSet,
ReputationPolicyViewSet,
UserReputationViewSet,
)
from authentik.providers.ldap.api import LDAPOutpostConfigViewSet, LDAPProviderViewSet from authentik.providers.ldap.api import LDAPOutpostConfigViewSet, LDAPProviderViewSet
from authentik.providers.oauth2.api.provider import OAuth2ProviderViewSet from authentik.providers.oauth2.api.provider import OAuth2ProviderViewSet
from authentik.providers.oauth2.api.scope import ScopeMappingViewSet from authentik.providers.oauth2.api.scope import ScopeMappingViewSet
@ -151,8 +147,7 @@ router.register("policies/event_matcher", EventMatcherPolicyViewSet)
router.register("policies/haveibeenpwned", HaveIBeenPwendPolicyViewSet) router.register("policies/haveibeenpwned", HaveIBeenPwendPolicyViewSet)
router.register("policies/password_expiry", PasswordExpiryPolicyViewSet) router.register("policies/password_expiry", PasswordExpiryPolicyViewSet)
router.register("policies/password", PasswordPolicyViewSet) router.register("policies/password", PasswordPolicyViewSet)
router.register("policies/reputation/users", UserReputationViewSet) router.register("policies/reputation/scores", ReputationViewSet)
router.register("policies/reputation/ips", IPReputationViewSet)
router.register("policies/reputation", ReputationPolicyViewSet) router.register("policies/reputation", ReputationPolicyViewSet)
router.register("providers/all", ProviderViewSet) router.register("providers/all", ProviderViewSet)

View File

@ -1,4 +1,6 @@
"""Application API Views""" """Application API Views"""
from typing import Optional
from django.core.cache import cache from django.core.cache import cache
from django.db.models import QuerySet from django.db.models import QuerySet
from django.http.response import HttpResponseBadRequest from django.http.response import HttpResponseBadRequest
@ -7,7 +9,7 @@ from drf_spectacular.types import OpenApiTypes
from drf_spectacular.utils import OpenApiParameter, OpenApiResponse, extend_schema from drf_spectacular.utils import OpenApiParameter, OpenApiResponse, extend_schema
from guardian.shortcuts import get_objects_for_user from guardian.shortcuts import get_objects_for_user
from rest_framework.decorators import action from rest_framework.decorators import action
from rest_framework.fields import ReadOnlyField from rest_framework.fields import ReadOnlyField, SerializerMethodField
from rest_framework.parsers import MultiPartParser from rest_framework.parsers import MultiPartParser
from rest_framework.request import Request from rest_framework.request import Request
from rest_framework.response import Response from rest_framework.response import Response
@ -15,6 +17,7 @@ from rest_framework.serializers import ModelSerializer
from rest_framework.viewsets import ModelViewSet from rest_framework.viewsets import ModelViewSet
from rest_framework_guardian.filters import ObjectPermissionsFilter from rest_framework_guardian.filters import ObjectPermissionsFilter
from structlog.stdlib import get_logger from structlog.stdlib import get_logger
from structlog.testing import capture_logs
from authentik.admin.api.metrics import CoordinateSerializer from authentik.admin.api.metrics import CoordinateSerializer
from authentik.api.decorators import permission_required from authentik.api.decorators import permission_required
@ -23,6 +26,7 @@ from authentik.core.api.used_by import UsedByMixin
from authentik.core.api.utils import FilePathSerializer, FileUploadSerializer from authentik.core.api.utils import FilePathSerializer, FileUploadSerializer
from authentik.core.models import Application, User from authentik.core.models import Application, User
from authentik.events.models import EventAction from authentik.events.models import EventAction
from authentik.events.utils import sanitize_dict
from authentik.policies.api.exec import PolicyTestResultSerializer from authentik.policies.api.exec import PolicyTestResultSerializer
from authentik.policies.engine import PolicyEngine from authentik.policies.engine import PolicyEngine
from authentik.policies.types import PolicyResult from authentik.policies.types import PolicyResult
@ -39,11 +43,16 @@ def user_app_cache_key(user_pk: str) -> str:
class ApplicationSerializer(ModelSerializer): class ApplicationSerializer(ModelSerializer):
"""Application Serializer""" """Application Serializer"""
launch_url = ReadOnlyField(source="get_launch_url") launch_url = SerializerMethodField()
provider_obj = ProviderSerializer(source="get_provider", required=False) provider_obj = ProviderSerializer(source="get_provider", required=False, read_only=True)
meta_icon = ReadOnlyField(source="get_meta_icon") meta_icon = ReadOnlyField(source="get_meta_icon")
def get_launch_url(self, app: Application) -> Optional[str]:
"""Allow formatting of launch URL"""
user = self.context["request"].user
return app.get_launch_url(user)
class Meta: class Meta:
model = Application model = Application
@ -59,6 +68,7 @@ class ApplicationSerializer(ModelSerializer):
"meta_description", "meta_description",
"meta_publisher", "meta_publisher",
"policy_engine_mode", "policy_engine_mode",
"group",
] ]
extra_kwargs = { extra_kwargs = {
"meta_icon": {"read_only": True}, "meta_icon": {"read_only": True},
@ -76,8 +86,10 @@ class ApplicationViewSet(UsedByMixin, ModelViewSet):
"meta_launch_url", "meta_launch_url",
"meta_description", "meta_description",
"meta_publisher", "meta_publisher",
"group",
] ]
lookup_field = "slug" lookup_field = "slug"
filterset_fields = ["name", "slug"]
ordering = ["name"] ordering = ["name"]
def _filter_queryset_for_list(self, queryset: QuerySet) -> QuerySet: def _filter_queryset_for_list(self, queryset: QuerySet) -> QuerySet:
@ -125,12 +137,19 @@ class ApplicationViewSet(UsedByMixin, ModelViewSet):
return HttpResponseBadRequest("for_user must be numerical") return HttpResponseBadRequest("for_user must be numerical")
engine = PolicyEngine(application, for_user, request) engine = PolicyEngine(application, for_user, request)
engine.use_cache = False engine.use_cache = False
engine.build() with capture_logs() as logs:
result = engine.result engine.build()
result = engine.result
response = PolicyTestResultSerializer(PolicyResult(False)) response = PolicyTestResultSerializer(PolicyResult(False))
if result.passing: if result.passing:
response = PolicyTestResultSerializer(PolicyResult(True)) response = PolicyTestResultSerializer(PolicyResult(True))
if request.user.is_superuser: if request.user.is_superuser:
log_messages = []
for log in logs:
if log.get("process", "") == "PolicyProcess":
continue
log_messages.append(sanitize_dict(log))
result.log_messages = log_messages
response = PolicyTestResultSerializer(result) response = PolicyTestResultSerializer(result)
return Response(response.data) return Response(response.data)

View File

@ -4,7 +4,7 @@ from json import loads
from django.db.models.query import QuerySet from django.db.models.query import QuerySet
from django_filters.filters import CharFilter, ModelMultipleChoiceFilter from django_filters.filters import CharFilter, ModelMultipleChoiceFilter
from django_filters.filterset import FilterSet from django_filters.filterset import FilterSet
from rest_framework.fields import CharField, JSONField from rest_framework.fields import CharField, IntegerField, JSONField
from rest_framework.serializers import ListSerializer, ModelSerializer, ValidationError from rest_framework.serializers import ListSerializer, ModelSerializer, ValidationError
from rest_framework.viewsets import ModelViewSet from rest_framework.viewsets import ModelViewSet
from rest_framework_guardian.filters import ObjectPermissionsFilter from rest_framework_guardian.filters import ObjectPermissionsFilter
@ -46,11 +46,14 @@ class GroupSerializer(ModelSerializer):
) )
parent_name = CharField(source="parent.name", read_only=True) parent_name = CharField(source="parent.name", read_only=True)
num_pk = IntegerField(read_only=True)
class Meta: class Meta:
model = Group model = Group
fields = [ fields = [
"pk", "pk",
"num_pk",
"name", "name",
"is_superuser", "is_superuser",
"parent", "parent",

View File

@ -12,7 +12,7 @@ from rest_framework.serializers import ModelSerializer, SerializerMethodField
from rest_framework.viewsets import GenericViewSet from rest_framework.viewsets import GenericViewSet
from structlog.stdlib import get_logger from structlog.stdlib import get_logger
from authentik.api.authorization import OwnerFilter, OwnerPermissions from authentik.api.authorization import OwnerFilter, OwnerSuperuserPermissions
from authentik.core.api.used_by import UsedByMixin from authentik.core.api.used_by import UsedByMixin
from authentik.core.api.utils import MetaNameSerializer, TypeCreateSerializer from authentik.core.api.utils import MetaNameSerializer, TypeCreateSerializer
from authentik.core.models import Source, UserSourceConnection from authentik.core.models import Source, UserSourceConnection
@ -66,6 +66,7 @@ class SourceViewSet(
queryset = Source.objects.none() queryset = Source.objects.none()
serializer_class = SourceSerializer serializer_class = SourceSerializer
lookup_field = "slug" lookup_field = "slug"
search_fields = ["slug", "name"]
def get_queryset(self): # pragma: no cover def get_queryset(self): # pragma: no cover
return Source.objects.select_subclasses() return Source.objects.select_subclasses()
@ -150,6 +151,6 @@ class UserSourceConnectionViewSet(
queryset = UserSourceConnection.objects.all() queryset = UserSourceConnection.objects.all()
serializer_class = UserSourceConnectionSerializer serializer_class = UserSourceConnectionSerializer
permission_classes = [OwnerPermissions] permission_classes = [OwnerSuperuserPermissions]
filter_backends = [OwnerFilter, DjangoFilterBackend, OrderingFilter, SearchFilter] filter_backends = [OwnerFilter, DjangoFilterBackend, OrderingFilter, SearchFilter]
ordering = ["pk"] ordering = ["pk"]

View File

@ -1,10 +1,9 @@
"""Tokens API Viewset""" """Tokens API Viewset"""
from typing import Any from typing import Any
from django.http.response import Http404
from django_filters.rest_framework import DjangoFilterBackend from django_filters.rest_framework import DjangoFilterBackend
from drf_spectacular.utils import OpenApiResponse, extend_schema from drf_spectacular.utils import OpenApiResponse, extend_schema, inline_serializer
from guardian.shortcuts import get_anonymous_user from guardian.shortcuts import assign_perm, get_anonymous_user
from rest_framework.decorators import action from rest_framework.decorators import action
from rest_framework.exceptions import ValidationError from rest_framework.exceptions import ValidationError
from rest_framework.fields import CharField from rest_framework.fields import CharField
@ -21,13 +20,14 @@ from authentik.core.api.users import UserSerializer
from authentik.core.api.utils import PassiveSerializer from authentik.core.api.utils import PassiveSerializer
from authentik.core.models import USER_ATTRIBUTE_TOKEN_EXPIRING, Token, TokenIntents from authentik.core.models import USER_ATTRIBUTE_TOKEN_EXPIRING, Token, TokenIntents
from authentik.events.models import Event, EventAction from authentik.events.models import Event, EventAction
from authentik.events.utils import model_to_dict
from authentik.managed.api import ManagedSerializer from authentik.managed.api import ManagedSerializer
class TokenSerializer(ManagedSerializer, ModelSerializer): class TokenSerializer(ManagedSerializer, ModelSerializer):
"""Token Serializer""" """Token Serializer"""
user_obj = UserSerializer(required=False, source="user") user_obj = UserSerializer(required=False, source="user", read_only=True)
def validate(self, attrs: dict[Any, str]) -> dict[Any, str]: def validate(self, attrs: dict[Any, str]) -> dict[Any, str]:
"""Ensure only API or App password tokens are created.""" """Ensure only API or App password tokens are created."""
@ -96,10 +96,12 @@ class TokenViewSet(UsedByMixin, ModelViewSet):
def perform_create(self, serializer: TokenSerializer): def perform_create(self, serializer: TokenSerializer):
if not self.request.user.is_superuser: if not self.request.user.is_superuser:
return serializer.save( instance = serializer.save(
user=self.request.user, user=self.request.user,
expiring=self.request.user.attributes.get(USER_ATTRIBUTE_TOKEN_EXPIRING, True), expiring=self.request.user.attributes.get(USER_ATTRIBUTE_TOKEN_EXPIRING, True),
) )
assign_perm("authentik_core.view_token_key", self.request.user, instance)
return instance
return super().perform_create(serializer) return super().perform_create(serializer)
@permission_required("authentik_core.view_token_key") @permission_required("authentik_core.view_token_key")
@ -109,12 +111,39 @@ class TokenViewSet(UsedByMixin, ModelViewSet):
404: OpenApiResponse(description="Token not found or expired"), 404: OpenApiResponse(description="Token not found or expired"),
} }
) )
@action(detail=True, pagination_class=None, filter_backends=[]) @action(detail=True, pagination_class=None, filter_backends=[], methods=["GET"])
# pylint: disable=unused-argument # pylint: disable=unused-argument
def view_key(self, request: Request, identifier: str) -> Response: def view_key(self, request: Request, identifier: str) -> Response:
"""Return token key and log access""" """Return token key and log access"""
token: Token = self.get_object() token: Token = self.get_object()
if token.is_expired:
raise Http404
Event.new(EventAction.SECRET_VIEW, secret=token).from_http(request) # noqa # nosec Event.new(EventAction.SECRET_VIEW, secret=token).from_http(request) # noqa # nosec
return Response(TokenViewSerializer({"key": token.key}).data) return Response(TokenViewSerializer({"key": token.key}).data)
@permission_required("authentik_core.set_token_key")
@extend_schema(
request=inline_serializer(
"TokenSetKey",
{
"key": CharField(),
},
),
responses={
204: OpenApiResponse(description="Successfully changed key"),
400: OpenApiResponse(description="Missing key"),
404: OpenApiResponse(description="Token not found or expired"),
},
)
@action(detail=True, pagination_class=None, filter_backends=[], methods=["POST"])
# pylint: disable=unused-argument
def set_key(self, request: Request, identifier: str) -> Response:
"""Return token key and log access"""
token: Token = self.get_object()
key = request.POST.get("key")
if not key:
return Response(status=400)
token.key = key
token.save()
Event.new(EventAction.MODEL_UPDATED, model=model_to_dict(token)).from_http(
request
) # noqa # nosec
return Response(status=204)

View File

@ -1,8 +1,9 @@
"""User API Views""" """User API Views"""
from datetime import timedelta from datetime import timedelta
from json import loads from json import loads
from typing import Optional from typing import Any, Optional
from django.contrib.auth import update_session_auth_hash
from django.db.models.query import QuerySet from django.db.models.query import QuerySet
from django.db.transaction import atomic from django.db.transaction import atomic
from django.db.utils import IntegrityError from django.db.utils import IntegrityError
@ -16,14 +17,14 @@ from django_filters.filterset import FilterSet
from drf_spectacular.types import OpenApiTypes from drf_spectacular.types import OpenApiTypes
from drf_spectacular.utils import ( from drf_spectacular.utils import (
OpenApiParameter, OpenApiParameter,
OpenApiResponse,
extend_schema, extend_schema,
extend_schema_field, extend_schema_field,
inline_serializer, inline_serializer,
) )
from guardian.shortcuts import get_anonymous_user, get_objects_for_user from guardian.shortcuts import get_anonymous_user, get_objects_for_user
from rest_framework.decorators import action from rest_framework.decorators import action
from rest_framework.fields import CharField, DictField, JSONField, SerializerMethodField from rest_framework.fields import CharField, JSONField, SerializerMethodField
from rest_framework.permissions import IsAuthenticated
from rest_framework.request import Request from rest_framework.request import Request
from rest_framework.response import Response from rest_framework.response import Response
from rest_framework.serializers import ( from rest_framework.serializers import (
@ -31,7 +32,6 @@ from rest_framework.serializers import (
ListSerializer, ListSerializer,
ModelSerializer, ModelSerializer,
PrimaryKeyRelatedField, PrimaryKeyRelatedField,
Serializer,
ValidationError, ValidationError,
) )
from rest_framework.viewsets import ModelViewSet from rest_framework.viewsets import ModelViewSet
@ -45,8 +45,6 @@ from authentik.core.api.used_by import UsedByMixin
from authentik.core.api.utils import LinkSerializer, PassiveSerializer, is_dict from authentik.core.api.utils import LinkSerializer, PassiveSerializer, is_dict
from authentik.core.middleware import SESSION_IMPERSONATE_ORIGINAL_USER, SESSION_IMPERSONATE_USER from authentik.core.middleware import SESSION_IMPERSONATE_ORIGINAL_USER, SESSION_IMPERSONATE_USER
from authentik.core.models import ( from authentik.core.models import (
USER_ATTRIBUTE_CHANGE_EMAIL,
USER_ATTRIBUTE_CHANGE_USERNAME,
USER_ATTRIBUTE_SA, USER_ATTRIBUTE_SA,
USER_ATTRIBUTE_TOKEN_EXPIRING, USER_ATTRIBUTE_TOKEN_EXPIRING,
Group, Group,
@ -55,7 +53,6 @@ from authentik.core.models import (
User, User,
) )
from authentik.events.models import EventAction from authentik.events.models import EventAction
from authentik.lib.config import CONFIG
from authentik.stages.email.models import EmailStage from authentik.stages.email.models import EmailStage
from authentik.stages.email.tasks import send_mails from authentik.stages.email.tasks import send_mails
from authentik.stages.email.utils import TemplateEmailMessage from authentik.stages.email.utils import TemplateEmailMessage
@ -75,6 +72,7 @@ class UserSerializer(ModelSerializer):
) )
groups_obj = ListSerializer(child=GroupSerializer(), read_only=True, source="ak_groups") groups_obj = ListSerializer(child=GroupSerializer(), read_only=True, source="ak_groups")
uid = CharField(read_only=True) uid = CharField(read_only=True)
username = CharField(max_length=150)
class Meta: class Meta:
@ -99,14 +97,13 @@ class UserSerializer(ModelSerializer):
class UserSelfSerializer(ModelSerializer): class UserSelfSerializer(ModelSerializer):
"""User Serializer for information a user can retrieve about themselves and """User Serializer for information a user can retrieve about themselves"""
update about themselves"""
is_superuser = BooleanField(read_only=True) is_superuser = BooleanField(read_only=True)
avatar = CharField(read_only=True) avatar = CharField(read_only=True)
groups = SerializerMethodField() groups = SerializerMethodField()
uid = CharField(read_only=True) uid = CharField(read_only=True)
settings = DictField(source="attributes.settings", default=dict) settings = SerializerMethodField()
@extend_schema_field( @extend_schema_field(
ListSerializer( ListSerializer(
@ -124,25 +121,9 @@ class UserSelfSerializer(ModelSerializer):
"pk": group.pk, "pk": group.pk,
} }
def validate_email(self, email: str): def get_settings(self, user: User) -> dict[str, Any]:
"""Check if the user is allowed to change their email""" """Get user settings with tenant and group settings applied"""
if self.instance.group_attributes().get( return user.group_attributes(self._context["request"]).get("settings", {})
USER_ATTRIBUTE_CHANGE_EMAIL, CONFIG.y_bool("default_user_change_email", True)
):
return email
if email != self.instance.email:
raise ValidationError("Not allowed to change email.")
return email
def validate_username(self, username: str):
"""Check if the user is allowed to change their username"""
if self.instance.group_attributes().get(
USER_ATTRIBUTE_CHANGE_USERNAME, CONFIG.y_bool("default_user_change_username", True)
):
return username
if username != self.instance.username:
raise ValidationError("Not allowed to change username.")
return username
class Meta: class Meta:
@ -222,6 +203,7 @@ class UsersFilter(FilterSet):
) )
is_superuser = BooleanFilter(field_name="ak_groups", lookup_expr="is_superuser") is_superuser = BooleanFilter(field_name="ak_groups", lookup_expr="is_superuser")
uuid = CharFilter(field_name="uuid")
groups_by_name = ModelMultipleChoiceFilter( groups_by_name = ModelMultipleChoiceFilter(
field_name="ak_groups__name", field_name="ak_groups__name",
@ -271,7 +253,7 @@ class UserViewSet(UsedByMixin, ModelViewSet):
queryset = User.objects.none() queryset = User.objects.none()
ordering = ["username"] ordering = ["username"]
serializer_class = UserSerializer serializer_class = UserSerializer
search_fields = ["username", "name", "is_active", "email"] search_fields = ["username", "name", "is_active", "email", "uuid"]
filterset_class = UsersFilter filterset_class = UsersFilter
def get_queryset(self): # pragma: no cover def get_queryset(self): # pragma: no cover
@ -350,34 +332,45 @@ class UserViewSet(UsedByMixin, ModelViewSet):
# pylint: disable=invalid-name # pylint: disable=invalid-name
def me(self, request: Request) -> Response: def me(self, request: Request) -> Response:
"""Get information about current user""" """Get information about current user"""
context = {"request": request}
serializer = SessionUserSerializer( serializer = SessionUserSerializer(
data={"user": UserSelfSerializer(instance=request.user).data} data={"user": UserSelfSerializer(instance=request.user, context=context).data}
) )
if SESSION_IMPERSONATE_USER in request._request.session: if SESSION_IMPERSONATE_USER in request._request.session:
serializer.initial_data["original"] = UserSelfSerializer( serializer.initial_data["original"] = UserSelfSerializer(
instance=request._request.session[SESSION_IMPERSONATE_ORIGINAL_USER] instance=request._request.session[SESSION_IMPERSONATE_ORIGINAL_USER],
context=context,
).data ).data
return Response(serializer.initial_data) return Response(serializer.initial_data)
@extend_schema(request=UserSelfSerializer, responses={200: SessionUserSerializer(many=False)}) @permission_required("authentik_core.reset_user_password")
@action( @extend_schema(
methods=["PUT"], request=inline_serializer(
detail=False, "UserPasswordSetSerializer",
pagination_class=None, {
filter_backends=[], "password": CharField(required=True),
permission_classes=[IsAuthenticated], },
),
responses={
204: OpenApiResponse(description="Successfully changed password"),
400: OpenApiResponse(description="Bad request"),
},
) )
def update_self(self, request: Request) -> Response: @action(detail=True, methods=["POST"])
"""Allow users to change information on their own profile""" # pylint: disable=invalid-name, unused-argument
data = UserSelfSerializer(instance=User.objects.get(pk=request.user.pk), data=request.data) def set_password(self, request: Request, pk: int) -> Response:
if not data.is_valid(): """Set password for user"""
return Response(data.errors, status=400) user: User = self.get_object()
new_user = data.save() try:
# If we're impersonating, we need to update that user object user.set_password(request.data.get("password"))
# since it caches the full object user.save()
if SESSION_IMPERSONATE_USER in request.session: except (ValidationError, IntegrityError) as exc:
request.session[SESSION_IMPERSONATE_USER] = new_user LOGGER.debug("Failed to set password", exc=exc)
return Response({"user": data.data}) return Response(status=400)
if user.pk == request.user.pk and SESSION_IMPERSONATE_USER not in self.request.session:
LOGGER.debug("Updating session hash after password change")
update_session_auth_hash(self.request, user)
return Response(status=204)
@permission_required("authentik_core.view_user", ["authentik_events.view_event"]) @permission_required("authentik_core.view_user", ["authentik_events.view_event"])
@extend_schema(responses={200: UserMetricsSerializer(many=False)}) @extend_schema(responses={200: UserMetricsSerializer(many=False)})
@ -418,8 +411,8 @@ class UserViewSet(UsedByMixin, ModelViewSet):
) )
], ],
responses={ responses={
"204": Serializer(), "204": OpenApiResponse(description="Successfully sent recover email"),
"404": Serializer(), "404": OpenApiResponse(description="Bad request"),
}, },
) )
@action(detail=True, pagination_class=None, filter_backends=[]) @action(detail=True, pagination_class=None, filter_backends=[])

View File

@ -30,7 +30,7 @@ class InbuiltBackend(ModelBackend):
return return
# Since we can't directly pass other variables to signals, and we want to log the method # Since we can't directly pass other variables to signals, and we want to log the method
# and the token used, we assume we're running in a flow and set a variable in the context # and the token used, we assume we're running in a flow and set a variable in the context
flow_plan: FlowPlan = request.session[SESSION_KEY_PLAN] flow_plan: FlowPlan = request.session.get(SESSION_KEY_PLAN, FlowPlan(""))
flow_plan.context[PLAN_CONTEXT_METHOD] = method flow_plan.context[PLAN_CONTEXT_METHOD] = method
flow_plan.context[PLAN_CONTEXT_METHOD_ARGS] = cleanse_dict(sanitize_dict(kwargs)) flow_plan.context[PLAN_CONTEXT_METHOD_ARGS] = cleanse_dict(sanitize_dict(kwargs))
request.session[SESSION_KEY_PLAN] = flow_plan request.session[SESSION_KEY_PLAN] = flow_plan
@ -49,6 +49,7 @@ class TokenBackend(InbuiltBackend):
# difference between an existing and a nonexistent user (#20760). # difference between an existing and a nonexistent user (#20760).
User().set_password(password) User().set_password(password)
return None return None
# pylint: disable=no-member
tokens = Token.filter_not_expired( tokens = Token.filter_not_expired(
user=user, key=password, intent=TokenIntents.INTENT_APP_PASSWORD user=user, key=password, intent=TokenIntents.INTENT_APP_PASSWORD
) )

View File

View File

@ -0,0 +1,106 @@
"""authentik shell command"""
import code
import platform
from django.apps import apps
from django.core.management.base import BaseCommand
from django.db.models import Model
from django.db.models.signals import post_save, pre_delete
from authentik import __version__
from authentik.core.models import User
from authentik.events.middleware import IGNORED_MODELS
from authentik.events.models import Event, EventAction
from authentik.events.utils import model_to_dict
BANNER_TEXT = """### authentik shell ({authentik})
### Node {node} | Arch {arch} | Python {python} """.format(
node=platform.node(),
python=platform.python_version(),
arch=platform.machine(),
authentik=__version__,
)
class Command(BaseCommand): # pragma: no cover
"""Start the Django shell with all authentik models already imported"""
django_models = {}
def add_arguments(self, parser):
parser.add_argument(
"-c",
"--command",
help="Python code to execute (instead of starting an interactive shell)",
)
def get_namespace(self):
"""Prepare namespace with all models"""
namespace = {}
# Gather Django models and constants from each app
for app in apps.get_app_configs():
if not app.name.startswith("authentik"):
continue
# Load models from each app
for model in app.get_models():
namespace[model.__name__] = model
return namespace
@staticmethod
# pylint: disable=unused-argument
def post_save_handler(sender, instance: Model, created: bool, **_):
"""Signal handler for all object's post_save"""
if isinstance(instance, IGNORED_MODELS):
return
action = EventAction.MODEL_CREATED if created else EventAction.MODEL_UPDATED
Event.new(action, model=model_to_dict(instance)).set_user(
User(
username="authentik-shell",
pk=0,
email="",
)
).save()
@staticmethod
# pylint: disable=unused-argument
def pre_delete_handler(sender, instance: Model, **_):
"""Signal handler for all object's pre_delete"""
if isinstance(instance, IGNORED_MODELS): # pragma: no cover
return
Event.new(EventAction.MODEL_DELETED, model=model_to_dict(instance)).set_user(
User(
username="authentik-shell",
pk=0,
email="",
)
).save()
def handle(self, **options):
namespace = self.get_namespace()
post_save.connect(Command.post_save_handler)
pre_delete.connect(Command.pre_delete_handler)
# If Python code has been passed, execute it and exit.
if options["command"]:
# pylint: disable=exec-used
exec(options["command"], namespace) # nosec # noqa
return
# Try to enable tab-complete
try:
import readline
import rlcompleter
except ModuleNotFoundError:
pass
else:
readline.set_completer(rlcompleter.Completer(namespace).complete)
readline.parse_and_bind("tab: complete")
# Run interactive shell
code.interact(banner=BANNER_TEXT, local=namespace)

View File

@ -15,7 +15,6 @@ import authentik.lib.models
def migrate_sessions(apps: Apps, schema_editor: BaseDatabaseSchemaEditor): def migrate_sessions(apps: Apps, schema_editor: BaseDatabaseSchemaEditor):
db_alias = schema_editor.connection.alias
from django.contrib.sessions.backends.cache import KEY_PREFIX from django.contrib.sessions.backends.cache import KEY_PREFIX
from django.core.cache import cache from django.core.cache import cache

View File

@ -0,0 +1,18 @@
# Generated by Django 4.0.3 on 2022-04-02 19:48
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
("authentik_core", "0018_auto_20210330_1345_squashed_0028_alter_token_intent"),
]
operations = [
migrations.AddField(
model_name="application",
name="group",
field=models.TextField(blank=True, default=""),
),
]

View File

@ -12,7 +12,6 @@ import authentik.core.models
def migrate_sessions(apps: Apps, schema_editor: BaseDatabaseSchemaEditor): def migrate_sessions(apps: Apps, schema_editor: BaseDatabaseSchemaEditor):
db_alias = schema_editor.connection.alias
from django.contrib.sessions.backends.cache import KEY_PREFIX from django.contrib.sessions.backends.cache import KEY_PREFIX
from django.core.cache import cache from django.core.cache import cache

View File

@ -1,19 +1,20 @@
"""authentik core models""" """authentik core models"""
from datetime import timedelta from datetime import timedelta
from hashlib import md5, sha256 from hashlib import md5, sha256
from typing import Any, Optional, Type from typing import Any, Optional
from urllib.parse import urlencode from urllib.parse import urlencode
from uuid import uuid4 from uuid import uuid4
from deepmerge import always_merger from deepmerge import always_merger
from django.conf import settings from django.conf import settings
from django.contrib.auth.hashers import check_password
from django.contrib.auth.models import AbstractUser from django.contrib.auth.models import AbstractUser
from django.contrib.auth.models import UserManager as DjangoUserManager from django.contrib.auth.models import UserManager as DjangoUserManager
from django.db import models from django.db import models
from django.db.models import Q, QuerySet, options from django.db.models import Q, QuerySet, options
from django.http import HttpRequest from django.http import HttpRequest
from django.templatetags.static import static from django.templatetags.static import static
from django.utils.functional import cached_property from django.utils.functional import SimpleLazyObject, cached_property
from django.utils.html import escape from django.utils.html import escape
from django.utils.timezone import now from django.utils.timezone import now
from django.utils.translation import gettext_lazy as _ from django.utils.translation import gettext_lazy as _
@ -35,9 +36,13 @@ from authentik.policies.models import PolicyBindingModel
LOGGER = get_logger() LOGGER = get_logger()
USER_ATTRIBUTE_DEBUG = "goauthentik.io/user/debug" USER_ATTRIBUTE_DEBUG = "goauthentik.io/user/debug"
USER_ATTRIBUTE_SA = "goauthentik.io/user/service-account" USER_ATTRIBUTE_SA = "goauthentik.io/user/service-account"
USER_ATTRIBUTE_GENERATED = "goauthentik.io/user/generated"
USER_ATTRIBUTE_EXPIRES = "goauthentik.io/user/expires"
USER_ATTRIBUTE_DELETE_ON_LOGOUT = "goauthentik.io/user/delete-on-logout"
USER_ATTRIBUTE_SOURCES = "goauthentik.io/user/sources" USER_ATTRIBUTE_SOURCES = "goauthentik.io/user/sources"
USER_ATTRIBUTE_TOKEN_EXPIRING = "goauthentik.io/user/token-expires" # nosec USER_ATTRIBUTE_TOKEN_EXPIRING = "goauthentik.io/user/token-expires" # nosec
USER_ATTRIBUTE_CHANGE_USERNAME = "goauthentik.io/user/can-change-username" USER_ATTRIBUTE_CHANGE_USERNAME = "goauthentik.io/user/can-change-username"
USER_ATTRIBUTE_CHANGE_NAME = "goauthentik.io/user/can-change-name"
USER_ATTRIBUTE_CHANGE_EMAIL = "goauthentik.io/user/can-change-email" USER_ATTRIBUTE_CHANGE_EMAIL = "goauthentik.io/user/can-change-email"
USER_ATTRIBUTE_CAN_OVERRIDE_IP = "goauthentik.io/user/override-ips" USER_ATTRIBUTE_CAN_OVERRIDE_IP = "goauthentik.io/user/override-ips"
@ -57,7 +62,7 @@ def default_token_key():
"""Default token key""" """Default token key"""
# We use generate_id since the chars in the key should be easy # We use generate_id since the chars in the key should be easy
# to use in Emails (for verification) and URLs (for recovery) # to use in Emails (for verification) and URLs (for recovery)
return generate_id(128) return generate_id(int(CONFIG.y("default_token_length")))
class Group(models.Model): class Group(models.Model):
@ -79,6 +84,13 @@ class Group(models.Model):
) )
attributes = models.JSONField(default=dict, blank=True) attributes = models.JSONField(default=dict, blank=True)
@property
def num_pk(self) -> int:
"""Get a numerical, int32 ID for the group"""
# int max is 2147483647 (10 digits) so 9 is the max usable
# in the LDAP Outpost we use the last 5 chars so match here
return int(str(self.pk.int)[:5])
def is_member(self, user: "User") -> bool: def is_member(self, user: "User") -> bool:
"""Recursively check if `user` is member of us, or any parent.""" """Recursively check if `user` is member of us, or any parent."""
query = """ query = """
@ -135,10 +147,12 @@ class User(GuardianUserMixin, AbstractUser):
objects = UserManager() objects = UserManager()
def group_attributes(self) -> dict[str, Any]: def group_attributes(self, request: Optional[HttpRequest] = None) -> dict[str, Any]:
"""Get a dictionary containing the attributes from all groups the user belongs to, """Get a dictionary containing the attributes from all groups the user belongs to,
including the users attributes""" including the users attributes"""
final_attributes = {} final_attributes = {}
if request and hasattr(request, "tenant"):
always_merger.merge(final_attributes, request.tenant.attributes)
for group in self.ak_groups.all().order_by("name"): for group in self.ak_groups.all().order_by("name"):
always_merger.merge(final_attributes, group.attributes) always_merger.merge(final_attributes, group.attributes)
always_merger.merge(final_attributes, self.attributes) always_merger.merge(final_attributes, self.attributes)
@ -154,11 +168,27 @@ class User(GuardianUserMixin, AbstractUser):
"""superuser == staff user""" """superuser == staff user"""
return self.is_superuser # type: ignore return self.is_superuser # type: ignore
def set_password(self, password, signal=True): def set_password(self, raw_password, signal=True):
if self.pk and signal: if self.pk and signal:
password_changed.send(sender=self, user=self, password=password) password_changed.send(sender=self, user=self, password=raw_password)
self.password_change_date = now() self.password_change_date = now()
return super().set_password(password) return super().set_password(raw_password)
def check_password(self, raw_password: str) -> bool:
"""
Return a boolean of whether the raw_password was correct. Handles
hashing formats behind the scenes.
Slightly changed version which doesn't send a signal for such internal hash upgrades
"""
def setter(raw_password):
self.set_password(raw_password, signal=False)
# Password hash upgrades shouldn't be considered password changes.
self._password = None
self.save(update_fields=["password"])
return check_password(raw_password, self.password, setter)
@property @property
def uid(self) -> str: def uid(self) -> str:
@ -224,7 +254,7 @@ class Provider(SerializerModel):
raise NotImplementedError raise NotImplementedError
@property @property
def serializer(self) -> Type[Serializer]: def serializer(self) -> type[Serializer]:
"""Get serializer for this model""" """Get serializer for this model"""
raise NotImplementedError raise NotImplementedError
@ -239,6 +269,8 @@ class Application(PolicyBindingModel):
name = models.TextField(help_text=_("Application's display Name.")) name = models.TextField(help_text=_("Application's display Name."))
slug = models.SlugField(help_text=_("Internal application name, used in URLs."), unique=True) slug = models.SlugField(help_text=_("Internal application name, used in URLs."), unique=True)
group = models.TextField(blank=True, default="")
provider = models.OneToOneField( provider = models.OneToOneField(
"Provider", null=True, blank=True, default=None, on_delete=models.SET_DEFAULT "Provider", null=True, blank=True, default=None, on_delete=models.SET_DEFAULT
) )
@ -266,13 +298,24 @@ class Application(PolicyBindingModel):
return self.meta_icon.name return self.meta_icon.name
return self.meta_icon.url return self.meta_icon.url
def get_launch_url(self) -> Optional[str]: def get_launch_url(self, user: Optional["User"] = None) -> Optional[str]:
"""Get launch URL if set, otherwise attempt to get launch URL based on provider.""" """Get launch URL if set, otherwise attempt to get launch URL based on provider."""
url = None
if provider := self.get_provider():
url = provider.launch_url
if self.meta_launch_url: if self.meta_launch_url:
return self.meta_launch_url url = self.meta_launch_url
if self.provider: if user and url:
return self.get_provider().launch_url if isinstance(user, SimpleLazyObject):
return None user._setup()
user = user._wrapped
try:
return url % user.__dict__
# pylint: disable=broad-except
except Exception as exc:
LOGGER.warning("Failed to format launch url", exc=exc)
return url
return url
def get_provider(self) -> Optional[Provider]: def get_provider(self) -> Optional[Provider]:
"""Get casted provider instance""" """Get casted provider instance"""
@ -505,7 +548,7 @@ class PropertyMapping(SerializerModel, ManagedModel):
raise NotImplementedError raise NotImplementedError
@property @property
def serializer(self) -> Type[Serializer]: def serializer(self) -> type[Serializer]:
"""Get serializer for this model""" """Get serializer for this model"""
raise NotImplementedError raise NotImplementedError

View File

@ -1,6 +1,7 @@
"""authentik core signals""" """authentik core signals"""
from typing import TYPE_CHECKING, Type from typing import TYPE_CHECKING
from django.apps import apps
from django.contrib.auth.signals import user_logged_in, user_logged_out from django.contrib.auth.signals import user_logged_in, user_logged_out
from django.contrib.sessions.backends.cache import KEY_PREFIX from django.contrib.sessions.backends.cache import KEY_PREFIX
from django.core.cache import cache from django.core.cache import cache
@ -11,6 +12,8 @@ from django.dispatch import receiver
from django.http.request import HttpRequest from django.http.request import HttpRequest
from prometheus_client import Gauge from prometheus_client import Gauge
from authentik.root.monitoring import monitoring_set
# Arguments: user: User, password: str # Arguments: user: User, password: str
password_changed = Signal() password_changed = Signal()
@ -20,6 +23,17 @@ if TYPE_CHECKING:
from authentik.core.models import AuthenticatedSession, User from authentik.core.models import AuthenticatedSession, User
@receiver(monitoring_set)
# pylint: disable=unused-argument
def monitoring_set_models(sender, **kwargs):
"""set models gauges"""
for model in apps.get_models():
GAUGE_MODELS.labels(
model_name=model._meta.model_name,
app=model._meta.app_label,
).set(model.objects.count())
@receiver(post_save) @receiver(post_save)
# pylint: disable=unused-argument # pylint: disable=unused-argument
def post_save_application(sender: type[Model], instance, created: bool, **_): def post_save_application(sender: type[Model], instance, created: bool, **_):
@ -27,11 +41,6 @@ def post_save_application(sender: type[Model], instance, created: bool, **_):
from authentik.core.api.applications import user_app_cache_key from authentik.core.api.applications import user_app_cache_key
from authentik.core.models import Application from authentik.core.models import Application
GAUGE_MODELS.labels(
model_name=sender._meta.model_name,
app=sender._meta.app_label,
).set(sender.objects.count())
if sender != Application: if sender != Application:
return return
if not created: # pragma: no cover if not created: # pragma: no cover
@ -62,7 +71,7 @@ def user_logged_out_session(sender, request: HttpRequest, user: "User", **_):
@receiver(pre_delete) @receiver(pre_delete)
def authenticated_session_delete(sender: Type[Model], instance: "AuthenticatedSession", **_): def authenticated_session_delete(sender: type[Model], instance: "AuthenticatedSession", **_):
"""Delete session when authenticated session is deleted""" """Delete session when authenticated session is deleted"""
from authentik.core.models import AuthenticatedSession from authentik.core.models import AuthenticatedSession

View File

@ -1,6 +1,6 @@
"""Source decision helper""" """Source decision helper"""
from enum import Enum from enum import Enum
from typing import Any, Optional, Type from typing import Any, Optional
from django.contrib import messages from django.contrib import messages
from django.db import IntegrityError from django.db import IntegrityError
@ -14,6 +14,7 @@ from structlog.stdlib import get_logger
from authentik.core.models import Source, SourceUserMatchingModes, User, UserSourceConnection from authentik.core.models import Source, SourceUserMatchingModes, User, UserSourceConnection
from authentik.core.sources.stage import PLAN_CONTEXT_SOURCES_CONNECTION, PostUserEnrollmentStage from authentik.core.sources.stage import PLAN_CONTEXT_SOURCES_CONNECTION, PostUserEnrollmentStage
from authentik.events.models import Event, EventAction from authentik.events.models import Event, EventAction
from authentik.flows.exceptions import FlowNonApplicableException
from authentik.flows.models import Flow, Stage, in_memory_stage from authentik.flows.models import Flow, Stage, in_memory_stage
from authentik.flows.planner import ( from authentik.flows.planner import (
PLAN_CONTEXT_PENDING_USER, PLAN_CONTEXT_PENDING_USER,
@ -24,6 +25,8 @@ from authentik.flows.planner import (
) )
from authentik.flows.views.executor import NEXT_ARG_NAME, SESSION_KEY_GET, SESSION_KEY_PLAN from authentik.flows.views.executor import NEXT_ARG_NAME, SESSION_KEY_GET, SESSION_KEY_PLAN
from authentik.lib.utils.urls import redirect_with_qs from authentik.lib.utils.urls import redirect_with_qs
from authentik.policies.denied import AccessDeniedResponse
from authentik.policies.types import PolicyResult
from authentik.policies.utils import delete_none_keys from authentik.policies.utils import delete_none_keys
from authentik.stages.password import BACKEND_INBUILT from authentik.stages.password import BACKEND_INBUILT
from authentik.stages.password.stage import PLAN_CONTEXT_AUTHENTICATION_BACKEND from authentik.stages.password.stage import PLAN_CONTEXT_AUTHENTICATION_BACKEND
@ -50,7 +53,10 @@ class SourceFlowManager:
identifier: str identifier: str
connection_type: Type[UserSourceConnection] = UserSourceConnection connection_type: type[UserSourceConnection] = UserSourceConnection
enroll_info: dict[str, Any]
policy_context: dict[str, Any]
def __init__( def __init__(
self, self,
@ -64,6 +70,7 @@ class SourceFlowManager:
self.identifier = identifier self.identifier = identifier
self.enroll_info = enroll_info self.enroll_info = enroll_info
self._logger = get_logger().bind(source=source, identifier=identifier) self._logger = get_logger().bind(source=source, identifier=identifier)
self.policy_context = {}
# pylint: disable=too-many-return-statements # pylint: disable=too-many-return-statements
def get_action(self, **kwargs) -> tuple[Action, Optional[UserSourceConnection]]: def get_action(self, **kwargs) -> tuple[Action, Optional[UserSourceConnection]]:
@ -144,20 +151,23 @@ class SourceFlowManager:
except IntegrityError as exc: except IntegrityError as exc:
self._logger.warning("failed to get action", exc=exc) self._logger.warning("failed to get action", exc=exc)
return redirect("/") return redirect("/")
self._logger.debug("get_action() says", action=action, connection=connection) self._logger.debug("get_action", action=action, connection=connection)
if connection: try:
if action == Action.LINK: if connection:
self._logger.debug("Linking existing user") if action == Action.LINK:
return self.handle_existing_user_link(connection) self._logger.debug("Linking existing user")
if action == Action.AUTH: return self.handle_existing_user_link(connection)
self._logger.debug("Handling auth user") if action == Action.AUTH:
return self.handle_auth_user(connection) self._logger.debug("Handling auth user")
if action == Action.ENROLL: return self.handle_auth_user(connection)
self._logger.debug("Handling enrollment of new user") if action == Action.ENROLL:
return self.handle_enroll(connection) self._logger.debug("Handling enrollment of new user")
return self.handle_enroll(connection)
except FlowNonApplicableException as exc:
self._logger.warning("Flow non applicable", exc=exc)
return self.error_handler(exc, exc.policy_result)
# Default case, assume deny # Default case, assume deny
messages.error( error = (
self.request,
_( _(
( (
"Request to authenticate with %(source)s has been denied. Please authenticate " "Request to authenticate with %(source)s has been denied. Please authenticate "
@ -166,7 +176,17 @@ class SourceFlowManager:
% {"source": self.source.name} % {"source": self.source.name}
), ),
) )
return redirect(reverse("authentik_core:root-redirect")) return self.error_handler(error)
def error_handler(
self, error: Exception, policy_result: Optional[PolicyResult] = None
) -> HttpResponse:
"""Handle any errors by returning an access denied stage"""
response = AccessDeniedResponse(self.request)
response.error_message = str(error)
if policy_result:
response.policy_result = policy_result
return response
# pylint: disable=unused-argument # pylint: disable=unused-argument
def get_stages_to_append(self, flow: Flow) -> list[Stage]: def get_stages_to_append(self, flow: Flow) -> list[Stage]:
@ -179,7 +199,9 @@ class SourceFlowManager:
] ]
return [] return []
def _handle_login_flow(self, flow: Flow, **kwargs) -> HttpResponse: def _handle_login_flow(
self, flow: Flow, connection: UserSourceConnection, **kwargs
) -> HttpResponse:
"""Prepare Authentication Plan, redirect user FlowExecutor""" """Prepare Authentication Plan, redirect user FlowExecutor"""
# Ensure redirect is carried through when user was trying to # Ensure redirect is carried through when user was trying to
# authorize application # authorize application
@ -193,8 +215,10 @@ class SourceFlowManager:
PLAN_CONTEXT_SSO: True, PLAN_CONTEXT_SSO: True,
PLAN_CONTEXT_SOURCE: self.source, PLAN_CONTEXT_SOURCE: self.source,
PLAN_CONTEXT_REDIRECT: final_redirect, PLAN_CONTEXT_REDIRECT: final_redirect,
PLAN_CONTEXT_SOURCES_CONNECTION: connection,
} }
) )
kwargs.update(self.policy_context)
if not flow: if not flow:
return HttpResponseBadRequest() return HttpResponseBadRequest()
# We run the Flow planner here so we can pass the Pending user in the context # We run the Flow planner here so we can pass the Pending user in the context
@ -220,7 +244,7 @@ class SourceFlowManager:
_("Successfully authenticated with %(source)s!" % {"source": self.source.name}), _("Successfully authenticated with %(source)s!" % {"source": self.source.name}),
) )
flow_kwargs = {PLAN_CONTEXT_PENDING_USER: connection.user} flow_kwargs = {PLAN_CONTEXT_PENDING_USER: connection.user}
return self._handle_login_flow(self.source.authentication_flow, **flow_kwargs) return self._handle_login_flow(self.source.authentication_flow, connection, **flow_kwargs)
def handle_existing_user_link( def handle_existing_user_link(
self, self,
@ -264,8 +288,8 @@ class SourceFlowManager:
return HttpResponseBadRequest() return HttpResponseBadRequest()
return self._handle_login_flow( return self._handle_login_flow(
self.source.enrollment_flow, self.source.enrollment_flow,
connection,
**{ **{
PLAN_CONTEXT_PROMPT: delete_none_keys(self.enroll_info), PLAN_CONTEXT_PROMPT: delete_none_keys(self.enroll_info),
PLAN_CONTEXT_SOURCES_CONNECTION: connection,
}, },
) )

View File

@ -1,28 +1,24 @@
"""authentik core tasks""" """authentik core tasks"""
from datetime import datetime from datetime import datetime, timedelta
from io import StringIO
from os import environ
from boto3.exceptions import Boto3Error
from botocore.exceptions import BotoCoreError, ClientError
from dbbackup.db.exceptions import CommandConnectorError
from django.conf import settings
from django.contrib.humanize.templatetags.humanize import naturaltime
from django.contrib.sessions.backends.cache import KEY_PREFIX from django.contrib.sessions.backends.cache import KEY_PREFIX
from django.core import management
from django.core.cache import cache from django.core.cache import cache
from django.utils.timezone import now from django.utils.timezone import now
from kubernetes.config.incluster_config import SERVICE_HOST_ENV_NAME
from structlog.stdlib import get_logger from structlog.stdlib import get_logger
from authentik.core.models import AuthenticatedSession, ExpiringModel from authentik.core.models import (
USER_ATTRIBUTE_EXPIRES,
USER_ATTRIBUTE_GENERATED,
AuthenticatedSession,
ExpiringModel,
User,
)
from authentik.events.monitored_tasks import ( from authentik.events.monitored_tasks import (
MonitoredTask, MonitoredTask,
TaskResult, TaskResult,
TaskResultStatus, TaskResultStatus,
prefill_task, prefill_task,
) )
from authentik.lib.config import CONFIG
from authentik.root.celery import CELERY_APP from authentik.root.celery import CELERY_APP
LOGGER = get_logger() LOGGER = get_logger()
@ -38,9 +34,9 @@ def clean_expired_models(self: MonitoredTask):
objects = ( objects = (
cls.objects.all().exclude(expiring=False).exclude(expiring=True, expires__gt=now()) cls.objects.all().exclude(expiring=False).exclude(expiring=True, expires__gt=now())
) )
amount = objects.count()
for obj in objects: for obj in objects:
obj.expire_action() obj.expire_action()
amount = objects.count()
LOGGER.debug("Expired models", model=cls, amount=amount) LOGGER.debug("Expired models", model=cls, amount=amount)
messages.append(f"Expired {amount} {cls._meta.verbose_name_plural}") messages.append(f"Expired {amount} {cls._meta.verbose_name_plural}")
# Special case # Special case
@ -56,46 +52,22 @@ def clean_expired_models(self: MonitoredTask):
self.set_status(TaskResult(TaskResultStatus.SUCCESSFUL, messages)) self.set_status(TaskResult(TaskResultStatus.SUCCESSFUL, messages))
def should_backup() -> bool:
"""Check if we should be doing backups"""
if SERVICE_HOST_ENV_NAME in environ and not CONFIG.y("postgresql.s3_backup.bucket"):
LOGGER.info("Running in k8s and s3 backups are not configured, skipping")
return False
if not CONFIG.y_bool("postgresql.backup.enabled"):
return False
if settings.DEBUG:
return False
return True
@CELERY_APP.task(bind=True, base=MonitoredTask) @CELERY_APP.task(bind=True, base=MonitoredTask)
@prefill_task @prefill_task
def backup_database(self: MonitoredTask): # pragma: no cover def clean_temporary_users(self: MonitoredTask):
"""Database backup""" """Remove temporary users created by SAML Sources"""
self.result_timeout_hours = 25 _now = datetime.now()
if not should_backup(): messages = []
self.set_status(TaskResult(TaskResultStatus.UNKNOWN, ["Backups are not configured."])) deleted_users = 0
return for user in User.objects.filter(**{f"attributes__{USER_ATTRIBUTE_GENERATED}": True}):
try: if not user.attributes.get(USER_ATTRIBUTE_EXPIRES):
start = datetime.now() continue
out = StringIO() delta: timedelta = _now - datetime.fromtimestamp(
management.call_command("dbbackup", quiet=True, stdout=out) user.attributes.get(USER_ATTRIBUTE_EXPIRES)
self.set_status(
TaskResult(
TaskResultStatus.SUCCESSFUL,
[
f"Successfully finished database backup {naturaltime(start)} {out.getvalue()}",
],
)
) )
LOGGER.info("Successfully backed up database.") if delta.total_seconds() > 0:
except ( LOGGER.debug("User is expired and will be deleted.", user=user, delta=delta)
IOError, user.delete()
BotoCoreError, deleted_users += 1
ClientError, messages.append(f"Successfully deleted {deleted_users} users.")
Boto3Error, self.set_status(TaskResult(TaskResultStatus.SUCCESSFUL, messages))
PermissionError,
CommandConnectorError,
ValueError,
) as exc:
self.set_status(TaskResult(TaskResultStatus.ERROR).with_error(exc))

View File

@ -16,6 +16,7 @@
{% block head_before %} {% block head_before %}
{% endblock %} {% endblock %}
<link rel="stylesheet" type="text/css" href="{% static 'dist/authentik.css' %}"> <link rel="stylesheet" type="text/css" href="{% static 'dist/authentik.css' %}">
<link rel="stylesheet" type="text/css" href="{% static 'dist/custom.css' %}">
<script src="{% static 'dist/poly.js' %}" type="module"></script> <script src="{% static 'dist/poly.js' %}" type="module"></script>
{% block head %} {% block head %}
{% endblock %} {% endblock %}

View File

@ -5,11 +5,13 @@
{% block head %} {% block head %}
<script src="{% static 'dist/admin/AdminInterface.js' %}" type="module"></script> <script src="{% static 'dist/admin/AdminInterface.js' %}" type="module"></script>
<meta name="theme-color" content="#18191a" media="(prefers-color-scheme: dark)">
<meta name="theme-color" content="#ffffff" media="(prefers-color-scheme: light)">
{% endblock %} {% endblock %}
{% block body %} {% block body %}
<ak-message-container></ak-message-container> <ak-message-container data-refresh-on-locale="true"></ak-message-container>
<ak-interface-admin> <ak-interface-admin data-refresh-on-locale="true">
<section class="ak-static-page pf-c-page__main-section pf-m-no-padding-mobile pf-m-xl"> <section class="ak-static-page pf-c-page__main-section pf-m-no-padding-mobile pf-m-xl">
<div class="pf-c-empty-state" style="height: 100vh;"> <div class="pf-c-empty-state" style="height: 100vh;">
<div class="pf-c-empty-state__content"> <div class="pf-c-empty-state__content">

View File

@ -8,6 +8,12 @@
{% if flow.compatibility_mode and not inspector %} {% if flow.compatibility_mode and not inspector %}
<script>ShadyDOM = { force: !navigator.webdriver };</script> <script>ShadyDOM = { force: !navigator.webdriver };</script>
{% endif %} {% endif %}
<script>
window.authentik = {};
window.authentik.flow = {
"layout": "{{ flow.layout }}",
};
</script>
{% endblock %} {% endblock %}
{% block head %} {% block head %}
@ -20,8 +26,8 @@
{% endblock %} {% endblock %}
{% block body %} {% block body %}
<ak-message-container></ak-message-container> <ak-message-container data-refresh-on-locale="true"></ak-message-container>
<ak-flow-executor> <ak-flow-executor data-refresh-on-locale="true">
<section class="ak-static-page pf-c-page__main-section pf-m-no-padding-mobile pf-m-xl"> <section class="ak-static-page pf-c-page__main-section pf-m-no-padding-mobile pf-m-xl">
<div class="pf-c-empty-state" style="height: 100vh;"> <div class="pf-c-empty-state" style="height: 100vh;">
<div class="pf-c-empty-state__content"> <div class="pf-c-empty-state__content">

View File

@ -5,11 +5,13 @@
{% block head %} {% block head %}
<script src="{% static 'dist/user/UserInterface.js' %}" type="module"></script> <script src="{% static 'dist/user/UserInterface.js' %}" type="module"></script>
<meta name="theme-color" content="#151515" media="(prefers-color-scheme: light)">
<meta name="theme-color" content="#151515" media="(prefers-color-scheme: dark)">
{% endblock %} {% endblock %}
{% block body %} {% block body %}
<ak-message-container></ak-message-container> <ak-message-container data-refresh-on-locale="true"></ak-message-container>
<ak-interface-user> <ak-interface-user data-refresh-on-locale="true">
<section class="ak-static-page pf-c-page__main-section pf-m-no-padding-mobile pf-m-xl"> <section class="ak-static-page pf-c-page__main-section pf-m-no-padding-mobile pf-m-xl">
<div class="pf-c-empty-state" style="height: 100vh;"> <div class="pf-c-empty-state" style="height: 100vh;">
<div class="pf-c-empty-state__content"> <div class="pf-c-empty-state__content">

View File

@ -12,6 +12,25 @@
.pf-c-background-image::before { .pf-c-background-image::before {
--ak-flow-background: url("/static/dist/assets/images/flow_background.jpg"); --ak-flow-background: url("/static/dist/assets/images/flow_background.jpg");
} }
/* Form with user */
.form-control-static {
margin-top: var(--pf-global--spacer--sm);
display: flex;
align-items: center;
justify-content: space-between;
}
.form-control-static .avatar {
display: flex;
align-items: center;
}
.form-control-static img {
margin-right: var(--pf-global--spacer--xs);
}
.form-control-static a {
padding-top: var(--pf-global--spacer--xs);
padding-bottom: var(--pf-global--spacer--xs);
line-height: var(--pf-global--spacer--xl);
}
</style> </style>
{% endblock %} {% endblock %}
@ -59,13 +78,11 @@
<a href="{{ link.href }}">{{ link.name }}</a> <a href="{{ link.href }}">{{ link.name }}</a>
</li> </li>
{% endfor %} {% endfor %}
{% if tenant.branding_title != "authentik" %}
<li> <li>
<a href="https://goauthentik.io?utm_source=authentik"> <a href="https://goauthentik.io?utm_source=authentik">
{% trans 'Powered by authentik' %} {% trans 'Powered by authentik' %}
</a> </a>
</li> </li>
{% endif %}
</ul> </ul>
</footer> </footer>
</div> </div>

View File

@ -1,12 +1,15 @@
"""Test Applications API""" """Test Applications API"""
from json import loads
from django.urls import reverse from django.urls import reverse
from django.utils.encoding import force_str
from rest_framework.test import APITestCase from rest_framework.test import APITestCase
from authentik.core.models import Application from authentik.core.models import Application
from authentik.core.tests.utils import create_test_admin_user from authentik.core.tests.utils import create_test_admin_user
from authentik.flows.models import Flow
from authentik.policies.dummy.models import DummyPolicy from authentik.policies.dummy.models import DummyPolicy
from authentik.policies.models import PolicyBinding from authentik.policies.models import PolicyBinding
from authentik.providers.oauth2.models import OAuth2Provider
class TestApplicationsAPI(APITestCase): class TestApplicationsAPI(APITestCase):
@ -14,7 +17,20 @@ class TestApplicationsAPI(APITestCase):
def setUp(self) -> None: def setUp(self) -> None:
self.user = create_test_admin_user() self.user = create_test_admin_user()
self.allowed = Application.objects.create(name="allowed", slug="allowed") self.provider = OAuth2Provider.objects.create(
name="test",
redirect_uris="http://some-other-domain",
authorization_flow=Flow.objects.create(
name="test",
slug="test",
),
)
self.allowed = Application.objects.create(
name="allowed",
slug="allowed",
meta_launch_url="https://goauthentik.io/%(username)s",
provider=self.provider,
)
self.denied = Application.objects.create(name="denied", slug="denied") self.denied = Application.objects.create(name="denied", slug="denied")
PolicyBinding.objects.create( PolicyBinding.objects.create(
target=self.denied, target=self.denied,
@ -32,7 +48,10 @@ class TestApplicationsAPI(APITestCase):
) )
) )
self.assertEqual(response.status_code, 200) self.assertEqual(response.status_code, 200)
self.assertJSONEqual(force_str(response.content), {"messages": [], "passing": True}) body = loads(response.content.decode())
self.assertEqual(body["passing"], True)
self.assertEqual(body["messages"], [])
self.assertEqual(len(body["log_messages"]), 0)
response = self.client.get( response = self.client.get(
reverse( reverse(
"authentik_api:application-check-access", "authentik_api:application-check-access",
@ -40,14 +59,16 @@ class TestApplicationsAPI(APITestCase):
) )
) )
self.assertEqual(response.status_code, 200) self.assertEqual(response.status_code, 200)
self.assertJSONEqual(force_str(response.content), {"messages": ["dummy"], "passing": False}) body = loads(response.content.decode())
self.assertEqual(body["passing"], False)
self.assertEqual(body["messages"], ["dummy"])
def test_list(self): def test_list(self):
"""Test list operation without superuser_full_list""" """Test list operation without superuser_full_list"""
self.client.force_login(self.user) self.client.force_login(self.user)
response = self.client.get(reverse("authentik_api:application-list")) response = self.client.get(reverse("authentik_api:application-list"))
self.assertJSONEqual( self.assertJSONEqual(
force_str(response.content), response.content.decode(),
{ {
"pagination": { "pagination": {
"next": 0, "next": 0,
@ -63,10 +84,22 @@ class TestApplicationsAPI(APITestCase):
"pk": str(self.allowed.pk), "pk": str(self.allowed.pk),
"name": "allowed", "name": "allowed",
"slug": "allowed", "slug": "allowed",
"provider": None, "group": "",
"provider_obj": None, "provider": self.provider.pk,
"launch_url": None, "provider_obj": {
"meta_launch_url": "", "assigned_application_name": "allowed",
"assigned_application_slug": "allowed",
"authorization_flow": str(self.provider.authorization_flow.pk),
"component": "ak-provider-oauth2-form",
"meta_model_name": "authentik_providers_oauth2.oauth2provider",
"name": self.provider.name,
"pk": self.provider.pk,
"property_mappings": [],
"verbose_name": "OAuth2/OpenID Provider",
"verbose_name_plural": "OAuth2/OpenID Providers",
},
"launch_url": f"https://goauthentik.io/{self.user.username}",
"meta_launch_url": "https://goauthentik.io/%(username)s",
"meta_icon": None, "meta_icon": None,
"meta_description": "", "meta_description": "",
"meta_publisher": "", "meta_publisher": "",
@ -83,7 +116,7 @@ class TestApplicationsAPI(APITestCase):
reverse("authentik_api:application-list") + "?superuser_full_list=true" reverse("authentik_api:application-list") + "?superuser_full_list=true"
) )
self.assertJSONEqual( self.assertJSONEqual(
force_str(response.content), response.content.decode(),
{ {
"pagination": { "pagination": {
"next": 0, "next": 0,
@ -99,10 +132,22 @@ class TestApplicationsAPI(APITestCase):
"pk": str(self.allowed.pk), "pk": str(self.allowed.pk),
"name": "allowed", "name": "allowed",
"slug": "allowed", "slug": "allowed",
"provider": None, "group": "",
"provider_obj": None, "provider": self.provider.pk,
"launch_url": None, "provider_obj": {
"meta_launch_url": "", "assigned_application_name": "allowed",
"assigned_application_slug": "allowed",
"authorization_flow": str(self.provider.authorization_flow.pk),
"component": "ak-provider-oauth2-form",
"meta_model_name": "authentik_providers_oauth2.oauth2provider",
"name": self.provider.name,
"pk": self.provider.pk,
"property_mappings": [],
"verbose_name": "OAuth2/OpenID Provider",
"verbose_name_plural": "OAuth2/OpenID Providers",
},
"launch_url": f"https://goauthentik.io/{self.user.username}",
"meta_launch_url": "https://goauthentik.io/%(username)s",
"meta_icon": None, "meta_icon": None,
"meta_description": "", "meta_description": "",
"meta_publisher": "", "meta_publisher": "",
@ -114,6 +159,7 @@ class TestApplicationsAPI(APITestCase):
"meta_icon": None, "meta_icon": None,
"meta_launch_url": "", "meta_launch_url": "",
"meta_publisher": "", "meta_publisher": "",
"group": "",
"name": "denied", "name": "denied",
"pk": str(self.denied.pk), "pk": str(self.denied.pk),
"policy_engine_mode": "any", "policy_engine_mode": "any",

View File

@ -0,0 +1,67 @@
"""Test Applications API"""
from unittest.mock import MagicMock, patch
from django.urls import reverse
from authentik.core.models import Application
from authentik.core.tests.utils import create_test_admin_user, create_test_tenant
from authentik.flows.models import Flow, FlowDesignation
from authentik.flows.tests import FlowTestCase
from authentik.tenants.models import Tenant
class TestApplicationsViews(FlowTestCase):
"""Test applications Views"""
def setUp(self) -> None:
self.user = create_test_admin_user()
self.allowed = Application.objects.create(
name="allowed", slug="allowed", meta_launch_url="https://goauthentik.io/%(username)s"
)
def test_check_redirect(self):
"""Test redirect"""
empty_flow = Flow.objects.create(
name="foo",
slug="foo",
designation=FlowDesignation.AUTHENTICATION,
)
tenant: Tenant = create_test_tenant()
tenant.flow_authentication = empty_flow
tenant.save()
response = self.client.get(
reverse(
"authentik_core:application-launch",
kwargs={"application_slug": self.allowed.slug},
),
follow=True,
)
self.assertEqual(response.status_code, 200)
with patch(
"authentik.flows.stage.StageView.get_pending_user", MagicMock(return_value=self.user)
):
response = self.client.post(
reverse("authentik_api:flow-executor", kwargs={"flow_slug": empty_flow.slug})
)
self.assertEqual(response.status_code, 200)
self.assertStageRedirects(response, f"https://goauthentik.io/{self.user.username}")
def test_check_redirect_auth(self):
"""Test redirect"""
self.client.force_login(self.user)
empty_flow = Flow.objects.create(
name="foo",
slug="foo",
designation=FlowDesignation.AUTHENTICATION,
)
tenant: Tenant = create_test_tenant()
tenant.flow_authentication = empty_flow
tenant.save()
response = self.client.get(
reverse(
"authentik_core:application-launch",
kwargs={"application_slug": self.allowed.slug},
),
)
self.assertEqual(response.status_code, 302)
self.assertEqual(response.url, f"https://goauthentik.io/{self.user.username}")

View File

@ -2,7 +2,6 @@
from json import loads from json import loads
from django.urls.base import reverse from django.urls.base import reverse
from django.utils.encoding import force_str
from rest_framework.test import APITestCase from rest_framework.test import APITestCase
from authentik.core.models import User from authentik.core.models import User
@ -28,5 +27,5 @@ class TestAuthenticatedSessionsAPI(APITestCase):
self.client.force_login(self.other_user) self.client.force_login(self.other_user)
response = self.client.get(reverse("authentik_api:authenticatedsession-list")) response = self.client.get(reverse("authentik_api:authenticatedsession-list"))
self.assertEqual(response.status_code, 200) self.assertEqual(response.status_code, 200)
body = loads(force_str(response.content)) body = loads(response.content.decode())
self.assertEqual(body["pagination"]["count"], 1) self.assertEqual(body["pagination"]["count"], 1)

View File

@ -1,6 +1,6 @@
"""authentik core models tests""" """authentik core models tests"""
from time import sleep from time import sleep
from typing import Callable, Type from typing import Callable
from django.test import RequestFactory, TestCase from django.test import RequestFactory, TestCase
from django.utils.timezone import now from django.utils.timezone import now
@ -27,7 +27,7 @@ class TestModels(TestCase):
self.assertFalse(token.is_expired) self.assertFalse(token.is_expired)
def source_tester_factory(test_model: Type[Stage]) -> Callable: def source_tester_factory(test_model: type[Stage]) -> Callable:
"""Test source""" """Test source"""
factory = RequestFactory() factory = RequestFactory()
@ -47,7 +47,7 @@ def source_tester_factory(test_model: Type[Stage]) -> Callable:
return tester return tester
def provider_tester_factory(test_model: Type[Stage]) -> Callable: def provider_tester_factory(test_model: type[Stage]) -> Callable:
"""Test provider""" """Test provider"""
def tester(self: TestModels): def tester(self: TestModels):

View File

@ -6,8 +6,12 @@ from guardian.utils import get_anonymous_user
from authentik.core.models import SourceUserMatchingModes, User from authentik.core.models import SourceUserMatchingModes, User
from authentik.core.sources.flow_manager import Action from authentik.core.sources.flow_manager import Action
from authentik.flows.models import Flow, FlowDesignation
from authentik.lib.generators import generate_id from authentik.lib.generators import generate_id
from authentik.lib.tests.utils import get_request from authentik.lib.tests.utils import get_request
from authentik.policies.denied import AccessDeniedResponse
from authentik.policies.expression.models import ExpressionPolicy
from authentik.policies.models import PolicyBinding
from authentik.sources.oauth.models import OAuthSource, UserOAuthSourceConnection from authentik.sources.oauth.models import OAuthSource, UserOAuthSourceConnection
from authentik.sources.oauth.views.callback import OAuthSourceFlowManager from authentik.sources.oauth.views.callback import OAuthSourceFlowManager
@ -17,7 +21,7 @@ class TestSourceFlowManager(TestCase):
def setUp(self) -> None: def setUp(self) -> None:
super().setUp() super().setUp()
self.source = OAuthSource.objects.create(name="test") self.source: OAuthSource = OAuthSource.objects.create(name="test")
self.factory = RequestFactory() self.factory = RequestFactory()
self.identifier = generate_id() self.identifier = generate_id()
@ -143,3 +147,34 @@ class TestSourceFlowManager(TestCase):
action, _ = flow_manager.get_action() action, _ = flow_manager.get_action()
self.assertEqual(action, Action.ENROLL) self.assertEqual(action, Action.ENROLL)
flow_manager.get_flow() flow_manager.get_flow()
def test_error_non_applicable_flow(self):
"""Test error handling when a source selected flow is non-applicable due to a policy"""
self.source.user_matching_mode = SourceUserMatchingModes.USERNAME_LINK
flow = Flow.objects.create(
name="test", slug="test", title="test", designation=FlowDesignation.ENROLLMENT
)
policy = ExpressionPolicy.objects.create(
name="false", expression="""ak_message("foo");return False"""
)
PolicyBinding.objects.create(
policy=policy,
target=flow,
order=0,
)
self.source.enrollment_flow = flow
self.source.save()
flow_manager = OAuthSourceFlowManager(
self.source,
get_request("/", user=AnonymousUser()),
self.identifier,
{"username": "foo"},
)
action, _ = flow_manager.get_action()
self.assertEqual(action, Action.ENROLL)
response = flow_manager.get_flow()
self.assertIsInstance(response, AccessDeniedResponse)
# pylint: disable=no-member
self.assertEqual(response.error_message, "foo")

View File

@ -0,0 +1,50 @@
"""Test tasks"""
from time import mktime
from django.utils.timezone import now
from guardian.shortcuts import get_anonymous_user
from rest_framework.test import APITestCase
from authentik.core.models import (
USER_ATTRIBUTE_EXPIRES,
USER_ATTRIBUTE_GENERATED,
Token,
TokenIntents,
User,
)
from authentik.core.tasks import clean_expired_models, clean_temporary_users
from authentik.core.tests.utils import create_test_admin_user
from authentik.lib.generators import generate_id
class TestTasks(APITestCase):
"""Test token API"""
def setUp(self) -> None:
super().setUp()
self.user = User.objects.create(username="testuser")
self.admin = create_test_admin_user()
self.client.force_login(self.user)
def test_token_expire(self):
"""Test Token expire task"""
token: Token = Token.objects.create(
expires=now(), user=get_anonymous_user(), intent=TokenIntents.INTENT_API
)
key = token.key
clean_expired_models.delay().get()
token.refresh_from_db()
self.assertNotEqual(key, token.key)
def test_clean_temporary_users(self):
"""Test clean_temporary_users task"""
username = generate_id
User.objects.create(
username=username,
attributes={
USER_ATTRIBUTE_GENERATED: True,
USER_ATTRIBUTE_EXPIRES: mktime(now().timetuple()),
},
)
clean_temporary_users.delay().get()
self.assertFalse(User.objects.filter(username=username))

View File

@ -2,12 +2,10 @@
from json import loads from json import loads
from django.urls.base import reverse from django.urls.base import reverse
from django.utils.timezone import now
from guardian.shortcuts import get_anonymous_user from guardian.shortcuts import get_anonymous_user
from rest_framework.test import APITestCase from rest_framework.test import APITestCase
from authentik.core.models import USER_ATTRIBUTE_TOKEN_EXPIRING, Token, TokenIntents, User from authentik.core.models import USER_ATTRIBUTE_TOKEN_EXPIRING, Token, TokenIntents, User
from authentik.core.tasks import clean_expired_models
from authentik.core.tests.utils import create_test_admin_user from authentik.core.tests.utils import create_test_admin_user
@ -30,6 +28,7 @@ class TestTokenAPI(APITestCase):
self.assertEqual(token.user, self.user) self.assertEqual(token.user, self.user)
self.assertEqual(token.intent, TokenIntents.INTENT_API) self.assertEqual(token.intent, TokenIntents.INTENT_API)
self.assertEqual(token.expiring, True) self.assertEqual(token.expiring, True)
self.assertTrue(self.user.has_perm("authentik_core.view_token_key", token))
def test_token_create_invalid(self): def test_token_create_invalid(self):
"""Test token creation endpoint (invalid data)""" """Test token creation endpoint (invalid data)"""
@ -52,16 +51,6 @@ class TestTokenAPI(APITestCase):
self.assertEqual(token.intent, TokenIntents.INTENT_API) self.assertEqual(token.intent, TokenIntents.INTENT_API)
self.assertEqual(token.expiring, False) self.assertEqual(token.expiring, False)
def test_token_expire(self):
"""Test Token expire task"""
token: Token = Token.objects.create(
expires=now(), user=get_anonymous_user(), intent=TokenIntents.INTENT_API
)
key = token.key
clean_expired_models.delay().get()
token.refresh_from_db()
self.assertNotEqual(key, token.key)
def test_list(self): def test_list(self):
"""Test Token List (Test normal authentication)""" """Test Token List (Test normal authentication)"""
token_should: Token = Token.objects.create( token_should: Token = Token.objects.create(

View File

@ -2,9 +2,10 @@
from django.urls.base import reverse from django.urls.base import reverse
from rest_framework.test import APITestCase from rest_framework.test import APITestCase
from authentik.core.models import USER_ATTRIBUTE_CHANGE_EMAIL, USER_ATTRIBUTE_CHANGE_USERNAME, User from authentik.core.models import User
from authentik.core.tests.utils import create_test_admin_user, create_test_flow, create_test_tenant from authentik.core.tests.utils import create_test_admin_user, create_test_flow, create_test_tenant
from authentik.flows.models import FlowDesignation from authentik.flows.models import FlowDesignation
from authentik.lib.generators import generate_key
from authentik.stages.email.models import EmailStage from authentik.stages.email.models import EmailStage
from authentik.tenants.models import Tenant from authentik.tenants.models import Tenant
@ -16,34 +17,6 @@ class TestUsersAPI(APITestCase):
self.admin = create_test_admin_user() self.admin = create_test_admin_user()
self.user = User.objects.create(username="test-user") self.user = User.objects.create(username="test-user")
def test_update_self(self):
"""Test update_self"""
self.client.force_login(self.admin)
response = self.client.put(
reverse("authentik_api:user-update-self"), data={"username": "foo", "name": "foo"}
)
self.assertEqual(response.status_code, 200)
def test_update_self_username_denied(self):
"""Test update_self"""
self.admin.attributes[USER_ATTRIBUTE_CHANGE_USERNAME] = False
self.admin.save()
self.client.force_login(self.admin)
response = self.client.put(
reverse("authentik_api:user-update-self"), data={"username": "foo", "name": "foo"}
)
self.assertEqual(response.status_code, 400)
def test_update_self_email_denied(self):
"""Test update_self"""
self.admin.attributes[USER_ATTRIBUTE_CHANGE_EMAIL] = False
self.admin.save()
self.client.force_login(self.admin)
response = self.client.put(
reverse("authentik_api:user-update-self"), data={"email": "foo", "name": "foo"}
)
self.assertEqual(response.status_code, 400)
def test_metrics(self): def test_metrics(self):
"""Test user's metrics""" """Test user's metrics"""
self.client.force_login(self.admin) self.client.force_login(self.admin)
@ -68,6 +41,18 @@ class TestUsersAPI(APITestCase):
) )
self.assertEqual(response.status_code, 404) self.assertEqual(response.status_code, 404)
def test_set_password(self):
"""Test Direct password set"""
self.client.force_login(self.admin)
new_pw = generate_key()
response = self.client.post(
reverse("authentik_api:user-set-password", kwargs={"pk": self.admin.pk}),
data={"password": new_pw},
)
self.assertEqual(response.status_code, 204)
self.admin.refresh_from_db()
self.assertTrue(self.admin.check_password(new_pw))
def test_recovery(self): def test_recovery(self):
"""Test user recovery link (no recovery flow set)""" """Test user recovery link (no recovery flow set)"""
flow = create_test_flow(FlowDesignation.RECOVERY) flow = create_test_flow(FlowDesignation.RECOVERY)

View File

@ -29,3 +29,4 @@ class UserSettingSerializer(PassiveSerializer):
component = CharField() component = CharField()
title = CharField() title = CharField()
configure_url = CharField(required=False) configure_url = CharField(required=False)
icon_url = CharField(required=False)

View File

@ -1,11 +1,13 @@
"""authentik URL Configuration""" """authentik URL Configuration"""
from django.conf import settings
from django.contrib.auth.decorators import login_required from django.contrib.auth.decorators import login_required
from django.urls import path from django.urls import path
from django.views.decorators.csrf import ensure_csrf_cookie from django.views.decorators.csrf import ensure_csrf_cookie
from django.views.generic import RedirectView from django.views.generic import RedirectView
from django.views.generic.base import TemplateView from django.views.generic.base import TemplateView
from authentik.core.views import impersonate from authentik.core.views import apps, impersonate
from authentik.core.views.debug import AccessDeniedView
from authentik.core.views.interface import FlowInterfaceView from authentik.core.views.interface import FlowInterfaceView
from authentik.core.views.session import EndSessionView from authentik.core.views.session import EndSessionView
@ -15,6 +17,12 @@ urlpatterns = [
login_required(RedirectView.as_view(pattern_name="authentik_core:if-user")), login_required(RedirectView.as_view(pattern_name="authentik_core:if-user")),
name="root-redirect", name="root-redirect",
), ),
path(
# We have to use this format since everything else uses applications/o or applications/saml
"application/launch/<slug:application_slug>/",
apps.RedirectToAppLaunch.as_view(),
name="application-launch",
),
# Impersonation # Impersonation
path( path(
"-/impersonation/<int:user_id>/", "-/impersonation/<int:user_id>/",
@ -54,3 +62,8 @@ urlpatterns = [
TemplateView.as_view(template_name="if/admin.html"), TemplateView.as_view(template_name="if/admin.html"),
), ),
] ]
if settings.DEBUG:
urlpatterns += [
path("debug/policy/deny/", AccessDeniedView.as_view(), name="debug-policy-deny"),
]

View File

@ -0,0 +1,75 @@
"""app views"""
from django.http import Http404, HttpRequest, HttpResponse, HttpResponseRedirect
from django.shortcuts import get_object_or_404
from django.utils.translation import gettext_lazy as _
from django.views import View
from authentik.core.models import Application
from authentik.flows.challenge import (
ChallengeResponse,
ChallengeTypes,
HttpChallengeResponse,
RedirectChallenge,
)
from authentik.flows.models import in_memory_stage
from authentik.flows.planner import PLAN_CONTEXT_APPLICATION, FlowPlanner
from authentik.flows.stage import ChallengeStageView
from authentik.flows.views.executor import SESSION_KEY_PLAN
from authentik.lib.utils.urls import redirect_with_qs
from authentik.stages.consent.stage import (
PLAN_CONTEXT_CONSENT_HEADER,
PLAN_CONTEXT_CONSENT_PERMISSIONS,
)
from authentik.tenants.models import Tenant
class RedirectToAppLaunch(View):
"""Application launch view, redirect to the launch URL"""
def dispatch(self, request: HttpRequest, application_slug: str) -> HttpResponse:
app = get_object_or_404(Application, slug=application_slug)
# Check here if the application has any launch URL set, if not 404
launch = app.get_launch_url()
if not launch:
raise Http404
# Check if we're authenticated already, saves us the flow run
if request.user.is_authenticated:
return HttpResponseRedirect(app.get_launch_url(request.user))
# otherwise, do a custom flow plan that includes the application that's
# being accessed, to improve usability
tenant: Tenant = request.tenant
flow = tenant.flow_authentication
planner = FlowPlanner(flow)
planner.allow_empty_flows = True
plan = planner.plan(
request,
{
PLAN_CONTEXT_APPLICATION: app,
PLAN_CONTEXT_CONSENT_HEADER: _("You're about to sign into %(application)s.")
% {"application": app.name},
PLAN_CONTEXT_CONSENT_PERMISSIONS: [],
},
)
plan.insert_stage(in_memory_stage(RedirectToAppStage))
request.session[SESSION_KEY_PLAN] = plan
return redirect_with_qs("authentik_core:if-flow", request.GET, flow_slug=flow.slug)
class RedirectToAppStage(ChallengeStageView):
"""Final stage to be inserted after the user logs in"""
def get_challenge(self, *args, **kwargs) -> RedirectChallenge:
app = self.executor.plan.context[PLAN_CONTEXT_APPLICATION]
launch = app.get_launch_url(self.get_pending_user())
# sanity check to ensure launch is still set
if not launch:
raise Http404
return RedirectChallenge(
instance={
"type": ChallengeTypes.REDIRECT.value,
"to": launch,
}
)
def challenge_valid(self, response: ChallengeResponse) -> HttpResponse:
return HttpChallengeResponse(self.get_challenge())

View File

@ -0,0 +1,12 @@
"""debug view"""
from django.http import HttpRequest, HttpResponse
from django.views.generic import View
from authentik.policies.denied import AccessDeniedResponse
class AccessDeniedView(View):
"""Easily access AccessDeniedResponse"""
def dispatch(self, request: HttpRequest) -> HttpResponse:
return AccessDeniedResponse(request)

View File

@ -8,6 +8,7 @@ from structlog.stdlib import get_logger
from authentik.core.middleware import SESSION_IMPERSONATE_ORIGINAL_USER, SESSION_IMPERSONATE_USER from authentik.core.middleware import SESSION_IMPERSONATE_ORIGINAL_USER, SESSION_IMPERSONATE_USER
from authentik.core.models import User from authentik.core.models import User
from authentik.events.models import Event, EventAction from authentik.events.models import Event, EventAction
from authentik.lib.config import CONFIG
LOGGER = get_logger() LOGGER = get_logger()
@ -17,6 +18,9 @@ class ImpersonateInitView(View):
def get(self, request: HttpRequest, user_id: int) -> HttpResponse: def get(self, request: HttpRequest, user_id: int) -> HttpResponse:
"""Impersonation handler, checks permissions""" """Impersonation handler, checks permissions"""
if not CONFIG.y_bool("impersonation"):
LOGGER.debug("User attempted to impersonate", user=request.user)
return HttpResponse("Unauthorized", status=401)
if not request.user.has_perm("impersonate"): if not request.user.has_perm("impersonate"):
LOGGER.debug("User attempted to impersonate without permissions", user=request.user) LOGGER.debug("User attempted to impersonate without permissions", user=request.user)
return HttpResponse("Unauthorized", status=401) return HttpResponse("Unauthorized", status=401)

View File

@ -1,4 +1,6 @@
"""Crypto API Views""" """Crypto API Views"""
from typing import Optional
from cryptography.hazmat.backends import default_backend from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.serialization import load_pem_private_key from cryptography.hazmat.primitives.serialization import load_pem_private_key
from cryptography.x509 import load_pem_x509_certificate from cryptography.x509 import load_pem_x509_certificate
@ -15,6 +17,7 @@ from rest_framework.request import Request
from rest_framework.response import Response from rest_framework.response import Response
from rest_framework.serializers import ModelSerializer, ValidationError from rest_framework.serializers import ModelSerializer, ValidationError
from rest_framework.viewsets import ModelViewSet from rest_framework.viewsets import ModelViewSet
from structlog.stdlib import get_logger
from authentik.api.decorators import permission_required from authentik.api.decorators import permission_required
from authentik.core.api.used_by import UsedByMixin from authentik.core.api.used_by import UsedByMixin
@ -24,6 +27,8 @@ from authentik.crypto.managed import MANAGED_KEY
from authentik.crypto.models import CertificateKeyPair from authentik.crypto.models import CertificateKeyPair
from authentik.events.models import Event, EventAction from authentik.events.models import Event, EventAction
LOGGER = get_logger()
class CertificateKeyPairSerializer(ModelSerializer): class CertificateKeyPairSerializer(ModelSerializer):
"""CertificateKeyPair Serializer""" """CertificateKeyPair Serializer"""
@ -31,6 +36,7 @@ class CertificateKeyPairSerializer(ModelSerializer):
cert_expiry = DateTimeField(source="certificate.not_valid_after", read_only=True) cert_expiry = DateTimeField(source="certificate.not_valid_after", read_only=True)
cert_subject = SerializerMethodField() cert_subject = SerializerMethodField()
private_key_available = SerializerMethodField() private_key_available = SerializerMethodField()
private_key_type = SerializerMethodField()
certificate_download_url = SerializerMethodField() certificate_download_url = SerializerMethodField()
private_key_download_url = SerializerMethodField() private_key_download_url = SerializerMethodField()
@ -43,6 +49,13 @@ class CertificateKeyPairSerializer(ModelSerializer):
"""Show if this keypair has a private key configured or not""" """Show if this keypair has a private key configured or not"""
return instance.key_data != "" and instance.key_data is not None return instance.key_data != "" and instance.key_data is not None
def get_private_key_type(self, instance: CertificateKeyPair) -> Optional[str]:
"""Get the private key's type, if set"""
key = instance.private_key
if key:
return key.__class__.__name__.replace("_", "").lower().replace("privatekey", "")
return None
def get_certificate_download_url(self, instance: CertificateKeyPair) -> str: def get_certificate_download_url(self, instance: CertificateKeyPair) -> str:
"""Get URL to download certificate""" """Get URL to download certificate"""
return ( return (
@ -66,22 +79,30 @@ class CertificateKeyPairSerializer(ModelSerializer):
def validate_certificate_data(self, value: str) -> str: def validate_certificate_data(self, value: str) -> str:
"""Verify that input is a valid PEM x509 Certificate""" """Verify that input is a valid PEM x509 Certificate"""
try: try:
load_pem_x509_certificate(value.encode("utf-8"), default_backend()) # Cast to string to fully load and parse certificate
except ValueError: # Prevents issues like https://github.com/goauthentik/authentik/issues/2082
str(load_pem_x509_certificate(value.encode("utf-8"), default_backend()))
except ValueError as exc:
LOGGER.warning("Failed to load certificate", exc=exc)
raise ValidationError("Unable to load certificate.") raise ValidationError("Unable to load certificate.")
return value return value
def validate_key_data(self, value: str) -> str: def validate_key_data(self, value: str) -> str:
"""Verify that input is a valid PEM RSA Key""" """Verify that input is a valid PEM Key"""
# Since this field is optional, data can be empty. # Since this field is optional, data can be empty.
if value != "": if value != "":
try: try:
load_pem_private_key( # Cast to string to fully load and parse certificate
str.encode("\n".join([x.strip() for x in value.split("\n")])), # Prevents issues like https://github.com/goauthentik/authentik/issues/2082
password=None, str(
backend=default_backend(), load_pem_private_key(
str.encode("\n".join([x.strip() for x in value.split("\n")])),
password=None,
backend=default_backend(),
)
) )
except (ValueError, TypeError): except (ValueError, TypeError) as exc:
LOGGER.warning("Failed to load private key", exc=exc)
raise ValidationError("Unable to load private key (possibly encrypted?).") raise ValidationError("Unable to load private key (possibly encrypted?).")
return value return value
@ -98,6 +119,7 @@ class CertificateKeyPairSerializer(ModelSerializer):
"cert_expiry", "cert_expiry",
"cert_subject", "cert_subject",
"private_key_available", "private_key_available",
"private_key_type",
"certificate_download_url", "certificate_download_url",
"private_key_download_url", "private_key_download_url",
"managed", "managed",

View File

@ -44,7 +44,7 @@ class CertificateBuilder:
"""Build self-signed certificate""" """Build self-signed certificate"""
one_day = datetime.timedelta(1, 0, 0) one_day = datetime.timedelta(1, 0, 0)
self.__private_key = rsa.generate_private_key( self.__private_key = rsa.generate_private_key(
public_exponent=65537, key_size=2048, backend=default_backend() public_exponent=65537, key_size=4096, backend=default_backend()
) )
self.__public_key = self.__private_key.public_key() self.__public_key = self.__private_key.public_key()
alt_names: list[x509.GeneralName] = [x509.DNSName(x) for x in subject_alt_names or []] alt_names: list[x509.GeneralName] = [x509.DNSName(x) for x in subject_alt_names or []]

View File

@ -2,6 +2,8 @@
from django.db import migrations from django.db import migrations
from authentik.lib.generators import generate_id
def create_self_signed(apps, schema_editor): def create_self_signed(apps, schema_editor):
CertificateKeyPair = apps.get_model("authentik_crypto", "CertificateKeyPair") CertificateKeyPair = apps.get_model("authentik_crypto", "CertificateKeyPair")
@ -9,7 +11,7 @@ def create_self_signed(apps, schema_editor):
from authentik.crypto.builder import CertificateBuilder from authentik.crypto.builder import CertificateBuilder
builder = CertificateBuilder() builder = CertificateBuilder()
builder.build() builder.build(subject_alt_names=[f"{generate_id()}.self-signed.goauthentik.io"])
CertificateKeyPair.objects.using(db_alias).create( CertificateKeyPair.objects.using(db_alias).create(
name="authentik Self-signed Certificate", name="authentik Self-signed Certificate",
certificate_data=builder.certificate, certificate_data=builder.certificate,

View File

@ -6,6 +6,11 @@ from uuid import uuid4
from cryptography.hazmat.backends import default_backend from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric.ec import (
EllipticCurvePrivateKey,
EllipticCurvePublicKey,
)
from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey, Ed25519PublicKey
from cryptography.hazmat.primitives.asymmetric.rsa import RSAPrivateKey, RSAPublicKey from cryptography.hazmat.primitives.asymmetric.rsa import RSAPrivateKey, RSAPublicKey
from cryptography.hazmat.primitives.serialization import load_pem_private_key from cryptography.hazmat.primitives.serialization import load_pem_private_key
from cryptography.x509 import Certificate, load_pem_x509_certificate from cryptography.x509 import Certificate, load_pem_x509_certificate
@ -36,8 +41,8 @@ class CertificateKeyPair(ManagedModel, CreatedUpdatedModel):
) )
_cert: Optional[Certificate] = None _cert: Optional[Certificate] = None
_private_key: Optional[RSAPrivateKey] = None _private_key: Optional[RSAPrivateKey | EllipticCurvePrivateKey | Ed25519PrivateKey] = None
_public_key: Optional[RSAPublicKey] = None _public_key: Optional[RSAPublicKey | EllipticCurvePublicKey | Ed25519PublicKey] = None
@property @property
def certificate(self) -> Certificate: def certificate(self) -> Certificate:
@ -49,14 +54,16 @@ class CertificateKeyPair(ManagedModel, CreatedUpdatedModel):
return self._cert return self._cert
@property @property
def public_key(self) -> Optional[RSAPublicKey]: def public_key(self) -> Optional[RSAPublicKey | EllipticCurvePublicKey | Ed25519PublicKey]:
"""Get public key of the private key""" """Get public key of the private key"""
if not self._public_key: if not self._public_key:
self._public_key = self.private_key.public_key() self._public_key = self.private_key.public_key()
return self._public_key return self._public_key
@property @property
def private_key(self) -> Optional[RSAPrivateKey]: def private_key(
self,
) -> Optional[RSAPrivateKey | EllipticCurvePrivateKey | Ed25519PrivateKey]:
"""Get python cryptography PrivateKey instance""" """Get python cryptography PrivateKey instance"""
if not self._private_key and self.key_data != "": if not self._private_key and self.key_data != "":
try: try:

View File

@ -1,10 +1,12 @@
"""Crypto task Settings""" """Crypto task Settings"""
from celery.schedules import crontab from celery.schedules import crontab
from authentik.lib.utils.time import fqdn_rand
CELERY_BEAT_SCHEDULE = { CELERY_BEAT_SCHEDULE = {
"crypto_certificate_discovery": { "crypto_certificate_discovery": {
"task": "authentik.crypto.tasks.certificate_discovery", "task": "authentik.crypto.tasks.certificate_discovery",
"schedule": crontab(minute="*/5"), "schedule": crontab(minute=fqdn_rand("crypto_certificate_discovery"), hour="*"),
"options": {"queue": "authentik_scheduled"}, "options": {"queue": "authentik_scheduled"},
}, },
} }

View File

@ -24,7 +24,7 @@ MANAGED_DISCOVERED = "goauthentik.io/crypto/discovered/%s"
def ensure_private_key_valid(body: str): def ensure_private_key_valid(body: str):
"""Attempt loading of an RSA Private key without password""" """Attempt loading of a PEM Private key without password"""
load_pem_private_key( load_pem_private_key(
str.encode("\n".join([x.strip() for x in body.split("\n")])), str.encode("\n".join([x.strip() for x in body.split("\n")])),
password=None, password=None,
@ -42,7 +42,7 @@ def ensure_certificate_valid(body: str):
@CELERY_APP.task(bind=True, base=MonitoredTask) @CELERY_APP.task(bind=True, base=MonitoredTask)
@prefill_task @prefill_task
def certificate_discovery(self: MonitoredTask): def certificate_discovery(self: MonitoredTask):
"""Discover and update certificates form the filesystem""" """Discover, import and update certificates from the filesystem"""
certs = {} certs = {}
private_keys = {} private_keys = {}
discovered = 0 discovered = 0
@ -52,21 +52,24 @@ def certificate_discovery(self: MonitoredTask):
continue continue
if path.is_dir(): if path.is_dir():
continue continue
# For certbot setups, we want to ignore archive.
if "archive" in file:
continue
# Support certbot's directory structure # Support certbot's directory structure
if path.name in ["fullchain.pem", "privkey.pem"]: if path.name in ["fullchain.pem", "privkey.pem"]:
cert_name = path.parent.name cert_name = path.parent.name
else: else:
cert_name = path.name.replace(path.suffix, "") cert_name = path.name.replace(path.suffix, "")
try: try:
with open(path, "r+", encoding="utf-8") as _file: with open(path, "r", encoding="utf-8") as _file:
body = _file.read() body = _file.read()
if "BEGIN RSA PRIVATE KEY" in body: if "PRIVATE KEY" in body:
private_keys[cert_name] = ensure_private_key_valid(body) private_keys[cert_name] = ensure_private_key_valid(body)
else: else:
certs[cert_name] = ensure_certificate_valid(body) certs[cert_name] = ensure_certificate_valid(body)
discovered += 1
except (OSError, ValueError) as exc: except (OSError, ValueError) as exc:
LOGGER.warning("Failed to open file or invalid format", exc=exc, file=path) LOGGER.warning("Failed to open file or invalid format", exc=exc, file=path)
discovered += 1
for name, cert_data in certs.items(): for name, cert_data in certs.items():
cert = CertificateKeyPair.objects.filter(managed=MANAGED_DISCOVERED % name).first() cert = CertificateKeyPair.objects.filter(managed=MANAGED_DISCOVERED % name).first()
if not cert: if not cert:

View File

@ -146,7 +146,7 @@ class TestCrypto(APITestCase):
client_secret=generate_key(), client_secret=generate_key(),
authorization_flow=create_test_flow(), authorization_flow=create_test_flow(),
redirect_uris="http://localhost", redirect_uris="http://localhost",
rsa_key=keypair, signing_key=keypair,
) )
response = self.client.get( response = self.client.get(
reverse( reverse(

View File

@ -26,3 +26,4 @@ class NotificationWebhookMappingViewSet(UsedByMixin, ModelViewSet):
serializer_class = NotificationWebhookMappingSerializer serializer_class = NotificationWebhookMappingSerializer
filterset_fields = ["name"] filterset_fields = ["name"]
ordering = ["name"] ordering = ["name"]
search_fields = ["name"]

View File

@ -32,3 +32,4 @@ class NotificationRuleViewSet(UsedByMixin, ModelViewSet):
serializer_class = NotificationRuleSerializer serializer_class = NotificationRuleSerializer
filterset_fields = ["name", "severity", "group__name"] filterset_fields = ["name", "severity", "group__name"]
ordering = ["name"] ordering = ["name"]
search_fields = ["name", "group__name"]

View File

@ -15,12 +15,14 @@ from authentik.api.decorators import permission_required
from authentik.core.api.used_by import UsedByMixin from authentik.core.api.used_by import UsedByMixin
from authentik.core.api.utils import PassiveSerializer from authentik.core.api.utils import PassiveSerializer
from authentik.events.models import ( from authentik.events.models import (
Event,
Notification, Notification,
NotificationSeverity, NotificationSeverity,
NotificationTransport, NotificationTransport,
NotificationTransportError, NotificationTransportError,
TransportMode, TransportMode,
) )
from authentik.events.utils import get_user
class NotificationTransportSerializer(ModelSerializer): class NotificationTransportSerializer(ModelSerializer):
@ -66,6 +68,7 @@ class NotificationTransportViewSet(UsedByMixin, ModelViewSet):
queryset = NotificationTransport.objects.all() queryset = NotificationTransport.objects.all()
serializer_class = NotificationTransportSerializer serializer_class = NotificationTransportSerializer
filterset_fields = ["name", "mode", "webhook_url", "send_once"] filterset_fields = ["name", "mode", "webhook_url", "send_once"]
search_fields = ["name", "mode", "webhook_url"]
ordering = ["name"] ordering = ["name"]
@permission_required("authentik_events.change_notificationtransport") @permission_required("authentik_events.change_notificationtransport")
@ -86,6 +89,12 @@ class NotificationTransportViewSet(UsedByMixin, ModelViewSet):
severity=NotificationSeverity.NOTICE, severity=NotificationSeverity.NOTICE,
body=f"Test Notification from transport {transport.name}", body=f"Test Notification from transport {transport.name}",
user=request.user, user=request.user,
event=Event(
action="Test",
user=get_user(request.user),
app=self.__class__.__module__,
context={"foo": "bar"},
),
) )
try: try:
response = NotificationTransportTestSerializer( response = NotificationTransportTestSerializer(

View File

@ -13,7 +13,7 @@ from rest_framework.viewsets import GenericViewSet
from authentik.api.authorization import OwnerFilter, OwnerPermissions from authentik.api.authorization import OwnerFilter, OwnerPermissions
from authentik.core.api.used_by import UsedByMixin from authentik.core.api.used_by import UsedByMixin
from authentik.events.api.event import EventSerializer from authentik.events.api.events import EventSerializer
from authentik.events.models import Notification from authentik.events.models import Notification
@ -55,6 +55,7 @@ class NotificationViewSet(
"created", "created",
"event", "event",
"seen", "seen",
"user",
] ]
permission_classes = [OwnerPermissions] permission_classes = [OwnerPermissions]
filter_backends = [OwnerFilter, DjangoFilterBackend, OrderingFilter, SearchFilter] filter_backends = [OwnerFilter, DjangoFilterBackend, OrderingFilter, SearchFilter]

View File

@ -1,7 +1,5 @@
"""events GeoIP Reader""" """events GeoIP Reader"""
from datetime import datetime
from os import stat from os import stat
from time import time
from typing import Optional, TypedDict from typing import Optional, TypedDict
from geoip2.database import Reader from geoip2.database import Reader
@ -35,26 +33,29 @@ class GeoIPReader:
def __open(self): def __open(self):
"""Get GeoIP Reader, if configured, otherwise none""" """Get GeoIP Reader, if configured, otherwise none"""
path = CONFIG.y("authentik.geoip") path = CONFIG.y("geoip")
if path == "" or not path: if path == "" or not path:
return return
try: try:
reader = Reader(path) self.__reader = Reader(path)
self.__reader = reader
self.__last_mtime = stat(path).st_mtime self.__last_mtime = stat(path).st_mtime
LOGGER.info("Loaded GeoIP database", last_write=self.__last_mtime) LOGGER.info("Loaded GeoIP database", last_write=self.__last_mtime)
except OSError as exc: except OSError as exc:
LOGGER.warning("Failed to load GeoIP database", exc=exc) LOGGER.warning("Failed to load GeoIP database", exc=exc)
def __check_expired(self): def __check_expired(self):
"""Check if the geoip database has been opened longer than 8 hours, """Check if the modification date of the GeoIP database has
and re-open it, as it will probably will have been re-downloaded""" changed, and reload it if so"""
now = time() path = CONFIG.y("geoip")
diff = datetime.fromtimestamp(now) - datetime.fromtimestamp(self.__last_mtime) try:
diff_hours = diff.total_seconds() // 3600 mtime = stat(path).st_mtime
if diff_hours >= 8: diff = self.__last_mtime < mtime
LOGGER.info("GeoIP databased loaded too long, re-opening", diff=diff) if diff > 0:
self.__open() LOGGER.info("Found new GeoIP Database, reopening", diff=diff)
self.__open()
except OSError as exc:
LOGGER.warning("Failed to check GeoIP age", exc=exc)
return
@property @property
def enabled(self) -> bool: def enabled(self) -> bool:

View File

@ -18,13 +18,18 @@ from authentik.events.utils import model_to_dict
from authentik.lib.sentry import before_send from authentik.lib.sentry import before_send
from authentik.lib.utils.errors import exception_to_string from authentik.lib.utils.errors import exception_to_string
IGNORED_MODELS = ( IGNORED_MODELS = [
Event, Event,
Notification, Notification,
UserObjectPermission, UserObjectPermission,
AuthenticatedSession, AuthenticatedSession,
StaticToken, StaticToken,
) ]
if settings.DEBUG:
from silk.models import Request, Response, SQLQuery
IGNORED_MODELS += [Request, Response, SQLQuery]
IGNORED_MODELS = tuple(IGNORED_MODELS)
class AuditMiddleware: class AuditMiddleware:

View File

@ -19,7 +19,7 @@ def convert_user_to_json(apps: Apps, schema_editor: BaseDatabaseSchemaEditor):
Event = apps.get_model("authentik_events", "Event") Event = apps.get_model("authentik_events", "Event")
db_alias = schema_editor.connection.alias db_alias = schema_editor.connection.alias
for event in Event.objects.all(): for event in Event.objects.using(db_alias).all():
event.delete() event.delete()
# Because event objects cannot be updated, we have to re-create them # Because event objects cannot be updated, we have to re-create them
event.pk = None event.pk = None
@ -383,6 +383,7 @@ class Migration(migrations.Migration):
models.ManyToManyField( models.ManyToManyField(
help_text="Select which transports should be used to notify the user. If none are selected, the notification will only be shown in the authentik UI.", help_text="Select which transports should be used to notify the user. If none are selected, the notification will only be shown in the authentik UI.",
to="authentik_events.NotificationTransport", to="authentik_events.NotificationTransport",
blank=True,
), ),
), ),
], ],

View File

@ -10,7 +10,7 @@ def convert_user_to_json(apps: Apps, schema_editor: BaseDatabaseSchemaEditor):
Event = apps.get_model("authentik_events", "Event") Event = apps.get_model("authentik_events", "Event")
db_alias = schema_editor.connection.alias db_alias = schema_editor.connection.alias
for event in Event.objects.all(): for event in Event.objects.using(db_alias).all():
event.delete() event.delete()
# Because event objects cannot be updated, we have to re-create them # Because event objects cannot be updated, we have to re-create them
event.pk = None event.pk = None

View File

@ -4,7 +4,7 @@ from collections import Counter
from datetime import timedelta from datetime import timedelta
from inspect import currentframe from inspect import currentframe
from smtplib import SMTPException from smtplib import SMTPException
from typing import TYPE_CHECKING, Optional, Type, Union from typing import TYPE_CHECKING, Optional
from uuid import uuid4 from uuid import uuid4
from django.conf import settings from django.conf import settings
@ -190,7 +190,7 @@ class Event(ExpiringModel):
@staticmethod @staticmethod
def new( def new(
action: Union[str, EventAction], action: str | EventAction,
app: Optional[str] = None, app: Optional[str] = None,
**kwargs, **kwargs,
) -> "Event": ) -> "Event":
@ -261,7 +261,7 @@ class Event(ExpiringModel):
def save(self, *args, **kwargs): def save(self, *args, **kwargs):
if self._state.adding: if self._state.adding:
LOGGER.debug( LOGGER.info(
"Created Event", "Created Event",
action=self.action, action=self.action,
context=self.context, context=self.context,
@ -481,6 +481,7 @@ class NotificationRule(PolicyBindingModel):
"selected, the notification will only be shown in the authentik UI." "selected, the notification will only be shown in the authentik UI."
) )
), ),
blank=True,
) )
severity = models.TextField( severity = models.TextField(
choices=NotificationSeverity.choices, choices=NotificationSeverity.choices,
@ -517,8 +518,8 @@ class NotificationWebhookMapping(PropertyMapping):
return "ak-property-mapping-notification-form" return "ak-property-mapping-notification-form"
@property @property
def serializer(self) -> Type["Serializer"]: def serializer(self) -> type["Serializer"]:
from authentik.events.api.notification_mapping import NotificationWebhookMappingSerializer from authentik.events.api.notification_mappings import NotificationWebhookMappingSerializer
return NotificationWebhookMappingSerializer return NotificationWebhookMappingSerializer

View File

@ -0,0 +1,12 @@
"""Event Settings"""
from celery.schedules import crontab
from authentik.lib.utils.time import fqdn_rand
CELERY_BEAT_SCHEDULE = {
"events_notification_cleanup": {
"task": "authentik.events.tasks.notification_cleanup",
"schedule": crontab(minute=fqdn_rand("notification_cleanup"), hour="*/8"),
"options": {"queue": "authentik_scheduled"},
},
}

View File

@ -1,4 +1,5 @@
"""Event notification tasks""" """Event notification tasks"""
from django.db.models.query_utils import Q
from guardian.shortcuts import get_anonymous_user from guardian.shortcuts import get_anonymous_user
from structlog.stdlib import get_logger from structlog.stdlib import get_logger
@ -10,7 +11,12 @@ from authentik.events.models import (
NotificationTransport, NotificationTransport,
NotificationTransportError, NotificationTransportError,
) )
from authentik.events.monitored_tasks import MonitoredTask, TaskResult, TaskResultStatus from authentik.events.monitored_tasks import (
MonitoredTask,
TaskResult,
TaskResultStatus,
prefill_task,
)
from authentik.policies.engine import PolicyEngine from authentik.policies.engine import PolicyEngine
from authentik.policies.models import PolicyBinding, PolicyEngineMode from authentik.policies.models import PolicyBinding, PolicyEngineMode
from authentik.root.celery import CELERY_APP from authentik.root.celery import CELERY_APP
@ -114,3 +120,15 @@ def gdpr_cleanup(user_pk: int):
events = Event.objects.filter(user__pk=user_pk) events = Event.objects.filter(user__pk=user_pk)
LOGGER.debug("GDPR cleanup, removing events from user", events=events.count()) LOGGER.debug("GDPR cleanup, removing events from user", events=events.count())
events.delete() events.delete()
@CELERY_APP.task(bind=True, base=MonitoredTask)
@prefill_task
def notification_cleanup(self: MonitoredTask):
"""Cleanup seen notifications and notifications whose event expired."""
notifications = Notification.objects.filter(Q(event=None) | Q(seen=True))
amount = notifications.count()
for notification in notifications:
notification.delete()
LOGGER.debug("Expired notifications", amount=amount)
self.set_status(TaskResult(TaskResultStatus.SUCCESSFUL, [f"Expired {amount} Notifications"]))

View File

@ -93,6 +93,11 @@ def sanitize_dict(source: dict[Any, Any]) -> dict[Any, Any]:
final_dict[key] = value.hex final_dict[key] = value.hex
elif isinstance(value, (HttpRequest, WSGIRequest)): elif isinstance(value, (HttpRequest, WSGIRequest)):
continue continue
elif isinstance(value, type):
final_dict[key] = {
"type": value.__name__,
"module": value.__module__,
}
else: else:
final_dict[key] = value final_dict[key] = value
return final_dict return final_dict

View File

@ -35,3 +35,4 @@ class FlowStageBindingViewSet(UsedByMixin, ModelViewSet):
queryset = FlowStageBinding.objects.all() queryset = FlowStageBinding.objects.all()
serializer_class = FlowStageBindingSerializer serializer_class = FlowStageBindingSerializer
filterset_fields = "__all__" filterset_fields = "__all__"
search_fields = ["stage__name"]

View File

@ -72,6 +72,7 @@ class FlowSerializer(ModelSerializer):
"policy_engine_mode", "policy_engine_mode",
"compatibility_mode", "compatibility_mode",
"export_url", "export_url",
"layout",
] ]
extra_kwargs = { extra_kwargs = {
"background": {"read_only": True}, "background": {"read_only": True},
@ -211,12 +212,30 @@ class FlowViewSet(UsedByMixin, ModelViewSet):
] ]
body: list[DiagramElement] = [] body: list[DiagramElement] = []
footer = [] footer = []
# First, collect all elements we need # Collect all elements we need
# First, policies bound to the flow itself
for p_index, policy_binding in enumerate(
get_objects_for_user(request.user, "authentik_policies.view_policybinding")
.filter(target=flow)
.exclude(policy__isnull=True)
.order_by("order")
):
body.append(
DiagramElement(
f"flow_policy_{p_index}",
"condition",
_("Policy (%(type)s)" % {"type": policy_binding.policy._meta.verbose_name})
+ "\n"
+ policy_binding.policy.name,
)
)
# Collect all stages
for s_index, stage_binding in enumerate( for s_index, stage_binding in enumerate(
get_objects_for_user(request.user, "authentik_flows.view_flowstagebinding") get_objects_for_user(request.user, "authentik_flows.view_flowstagebinding")
.filter(target=flow) .filter(target=flow)
.order_by("order") .order_by("order")
): ):
# First all policies bound to stages since they execute before stages
for p_index, policy_binding in enumerate( for p_index, policy_binding in enumerate(
get_objects_for_user(request.user, "authentik_policies.view_policybinding") get_objects_for_user(request.user, "authentik_policies.view_policybinding")
.filter(target=stage_binding) .filter(target=stage_binding)
@ -227,14 +246,18 @@ class FlowViewSet(UsedByMixin, ModelViewSet):
DiagramElement( DiagramElement(
f"stage_{s_index}_policy_{p_index}", f"stage_{s_index}_policy_{p_index}",
"condition", "condition",
f"Policy\n{policy_binding.policy.name}", _("Policy (%(type)s)" % {"type": policy_binding.policy._meta.verbose_name})
+ "\n"
+ policy_binding.policy.name,
) )
) )
body.append( body.append(
DiagramElement( DiagramElement(
f"stage_{s_index}", f"stage_{s_index}",
"operation", "operation",
f"Stage\n{stage_binding.stage.name}", _("Stage (%(type)s)" % {"type": stage_binding.stage._meta.verbose_name})
+ "\n"
+ stage_binding.stage.name,
) )
) )
# If the 2nd last element is a policy, we need to have an item to point to # If the 2nd last element is a policy, we need to have an item to point to

View File

@ -2,6 +2,7 @@
from enum import Enum from enum import Enum
from typing import TYPE_CHECKING, Optional from typing import TYPE_CHECKING, Optional
from django.db import models
from django.http import JsonResponse from django.http import JsonResponse
from rest_framework.fields import ChoiceField, DictField from rest_framework.fields import ChoiceField, DictField
from rest_framework.serializers import CharField from rest_framework.serializers import CharField
@ -12,6 +13,20 @@ from authentik.flows.transfer.common import DataclassEncoder
if TYPE_CHECKING: if TYPE_CHECKING:
from authentik.flows.stage import StageView from authentik.flows.stage import StageView
PLAN_CONTEXT_TITLE = "title"
PLAN_CONTEXT_URL = "url"
PLAN_CONTEXT_ATTRS = "attrs"
class FlowLayout(models.TextChoices):
"""Flow layouts"""
STACKED = "stacked"
CONTENT_LEFT = "content_left"
CONTENT_RIGHT = "content_right"
SIDEBAR_LEFT = "sidebar_left"
SIDEBAR_RIGHT = "sidebar_right"
class ChallengeTypes(Enum): class ChallengeTypes(Enum):
"""Currently defined challenge types""" """Currently defined challenge types"""
@ -34,6 +49,7 @@ class ContextualFlowInfo(PassiveSerializer):
title = CharField(required=False, allow_blank=True) title = CharField(required=False, allow_blank=True)
background = CharField(required=False) background = CharField(required=False)
cancel_url = CharField() cancel_url = CharField()
layout = ChoiceField(choices=[(x.value, x.name) for x in FlowLayout])
class Challenge(PassiveSerializer): class Challenge(PassiveSerializer):
@ -72,7 +88,7 @@ class WithUserInfoChallenge(Challenge):
pending_user_avatar = CharField() pending_user_avatar = CharField()
class AccessDeniedChallenge(Challenge): class AccessDeniedChallenge(WithUserInfoChallenge):
"""Challenge when a flow's active stage calls `stage_invalid()`.""" """Challenge when a flow's active stage calls `stage_invalid()`."""
error_message = CharField(required=False) error_message = CharField(required=False)
@ -97,6 +113,21 @@ class ChallengeResponse(PassiveSerializer):
super().__init__(instance=instance, data=data, **kwargs) super().__init__(instance=instance, data=data, **kwargs)
class AutosubmitChallenge(Challenge):
"""Autosubmit challenge used to send and navigate a POST request"""
url = CharField()
attrs = DictField(child=CharField())
title = CharField(required=False)
component = CharField(default="ak-stage-autosubmit")
class AutoSubmitChallengeResponse(ChallengeResponse):
"""Pseudo class for autosubmit response"""
component = CharField(default="ak-stage-autosubmit")
class HttpChallengeResponse(JsonResponse): class HttpChallengeResponse(JsonResponse):
"""Subclass of JsonResponse that uses the `DataclassEncoder`""" """Subclass of JsonResponse that uses the `DataclassEncoder`"""

View File

@ -1,11 +1,18 @@
"""flow exceptions""" """flow exceptions"""
from authentik.lib.sentry import SentryIgnoredException from authentik.lib.sentry import SentryIgnoredException
from authentik.policies.types import PolicyResult
class FlowNonApplicableException(SentryIgnoredException): class FlowNonApplicableException(SentryIgnoredException):
"""Flow does not apply to current user (denied by policy).""" """Flow does not apply to current user (denied by policy)."""
policy_result: PolicyResult
class EmptyFlowException(SentryIgnoredException): class EmptyFlowException(SentryIgnoredException):
"""Flow has no stages.""" """Flow has no stages."""
class FlowSkipStageException(SentryIgnoredException):
"""Exception to skip a stage"""

View File

@ -10,8 +10,8 @@ def add_title_for_defaults(apps: Apps, schema_editor: BaseDatabaseSchemaEditor):
"default-invalidation-flow": "Default Invalidation Flow", "default-invalidation-flow": "Default Invalidation Flow",
"default-source-enrollment": "Welcome to authentik! Please select a username.", "default-source-enrollment": "Welcome to authentik! Please select a username.",
"default-source-authentication": "Welcome to authentik!", "default-source-authentication": "Welcome to authentik!",
"default-provider-authorization-implicit-consent": "Default Provider Authorization Flow (implicit consent)", "default-provider-authorization-implicit-consent": "Redirecting to %(app)s",
"default-provider-authorization-explicit-consent": "Default Provider Authorization Flow (explicit consent)", "default-provider-authorization-explicit-consent": "Redirecting to %(app)s",
"default-password-change": "Change password", "default-password-change": "Change password",
} }
db_alias = schema_editor.connection.alias db_alias = schema_editor.connection.alias

View File

@ -130,7 +130,7 @@ class Migration(migrations.Migration):
dependencies = [ dependencies = [
("authentik_flows", "0017_auto_20210329_1334"), ("authentik_flows", "0017_auto_20210329_1334"),
("authentik_stages_user_write", "0002_auto_20200918_1653"), ("authentik_stages_user_write", "0002_auto_20200918_1653"),
("authentik_stages_user_login", "__latest__"), ("authentik_stages_user_login", "0003_session_duration_delta"),
("authentik_stages_password", "0002_passwordstage_change_flow"), ("authentik_stages_password", "0002_passwordstage_change_flow"),
("authentik_policies", "0001_initial"), ("authentik_policies", "0001_initial"),
("authentik_policies_expression", "0001_initial"), ("authentik_policies_expression", "0001_initial"),

View File

@ -0,0 +1,27 @@
# Generated by Django 4.0 on 2021-12-27 21:03
from django.apps.registry import Apps
from django.db import migrations, models
from django.db.backends.base.schema import BaseDatabaseSchemaEditor
def update_title_for_defaults(apps: Apps, schema_editor: BaseDatabaseSchemaEditor):
slug_title_map = {
"default-provider-authorization-implicit-consent": "Redirecting to %(app)s",
"default-provider-authorization-explicit-consent": "Redirecting to %(app)s",
}
db_alias = schema_editor.connection.alias
Flow = apps.get_model("authentik_flows", "Flow")
for flow in Flow.objects.using(db_alias).all():
if flow.slug not in slug_title_map:
continue
flow.title = slug_title_map[flow.slug]
flow.save()
class Migration(migrations.Migration):
dependencies = [
("authentik_flows", "0020_flowtoken"),
]
operations = [migrations.RunPython(update_title_for_defaults)]

Some files were not shown because too many files have changed in this diff Show More