release: 0.13.5-stable

# Conflicts:
#	authentik/admin/views/applications.py

.bumpversion.cfg

@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 2021.3.1-rc1
+current_version = 0.13.5-stable
 tag = True
 commit = True
 parse = (?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)\-(?P<release>.*)
@@ -31,6 +31,6 @@ values =
 
 [bumpversion:file:authentik/__init__.py]
 
-[bumpversion:file:outpost/pkg/version.go]
+[bumpversion:file:proxy/pkg/version.go]
 
 [bumpversion:file:web/src/constants.ts]

.github/dependabot.yml

@@ -1,7 +1,7 @@
 version: 2
 updates:
 - package-ecosystem: gomod
-  directory: "/outpost"
+  directory: "/proxy"
   schedule:
     interval: daily
     time: "04:00"
@@ -16,14 +16,6 @@ updates:
   open-pull-requests-limit: 10
   assignees:
   - BeryJu
-- package-ecosystem: npm
-  directory: "/website"
-  schedule:
-    interval: daily
-    time: "04:00"
-  open-pull-requests-limit: 10
-  assignees:
-  - BeryJu
 - package-ecosystem: pip
   directory: "/"
   schedule:
@@ -41,7 +33,7 @@ updates:
   assignees:
   - BeryJu
 - package-ecosystem: docker
-  directory: "/outpost"
+  directory: "/proxy"
   schedule:
     interval: daily
     time: "04:00"

.github/workflows/release.yml

@@ -18,11 +18,11 @@ jobs:
       - name: Building Docker Image
         run: docker build
           --no-cache
-          -t beryju/authentik:2021.3.1-rc1
+          -t beryju/authentik:0.13.5-stable
           -t beryju/authentik:latest
           -f Dockerfile .
       - name: Push Docker Container to Registry (versioned)
-        run: docker push beryju/authentik:2021.3.1-rc1
+        run: docker push beryju/authentik:0.13.5-stable
       - name: Push Docker Container to Registry (latest)
         run: docker push beryju/authentik:latest
   build-proxy:
@@ -34,7 +34,7 @@ jobs:
           go-version: "^1.15"
       - name: prepare go api client
         run: |
-          cd outpost
+          cd proxy
           go get -u github.com/go-swagger/go-swagger/cmd/swagger
           swagger generate client -f ../swagger.yaml -A authentik -t pkg/
           go build -v .
@@ -45,14 +45,14 @@ jobs:
         run: docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD
       - name: Building Docker Image
         run: |
-          cd outpost/
+          cd proxy/
           docker build \
           --no-cache \
-          -t beryju/authentik-proxy:2021.3.1-rc1 \
+          -t beryju/authentik-proxy:0.13.5-stable \
           -t beryju/authentik-proxy:latest \
-          -f proxy.Dockerfile .
+          -f Dockerfile .
       - name: Push Docker Container to Registry (versioned)
-        run: docker push beryju/authentik-proxy:2021.3.1-rc1
+        run: docker push beryju/authentik-proxy:0.13.5-stable
       - name: Push Docker Container to Registry (latest)
         run: docker push beryju/authentik-proxy:latest
   build-static:
@@ -69,11 +69,11 @@ jobs:
           cd web/
           docker build \
           --no-cache \
-          -t beryju/authentik-static:2021.3.1-rc1 \
+          -t beryju/authentik-static:0.13.5-stable \
           -t beryju/authentik-static:latest \
           -f Dockerfile .
       - name: Push Docker Container to Registry (versioned)
-        run: docker push beryju/authentik-static:2021.3.1-rc1
+        run: docker push beryju/authentik-static:0.13.5-stable
       - name: Push Docker Container to Registry (latest)
         run: docker push beryju/authentik-static:latest
   test-release:
@@ -107,5 +107,5 @@ jobs:
           SENTRY_PROJECT: authentik
           SENTRY_URL: https://sentry.beryju.org
         with:
-          tagName: 2021.3.1-rc1
+          tagName: 0.13.5-stable
           environment: beryjuorg-prod

.gitignore

@@ -201,4 +201,3 @@ local.env.yml
 selenium_screenshots/
 backups/
 media/
-*mmdb

Dockerfile

@@ -20,7 +20,7 @@ RUN apt-get update && \
     curl https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add - && \
     echo "deb http://apt.postgresql.org/pub/repos/apt buster-pgdg main" > /etc/apt/sources.list.d/pgdg.list && \
     apt-get update && \
-    apt-get install -y --no-install-recommends postgresql-client-12 postgresql-client-11 build-essential libxmlsec1-dev pkg-config libmaxminddb0 && \
+    apt-get install -y --no-install-recommends postgresql-client-12 postgresql-client-11 build-essential libxmlsec1-dev pkg-config && \
     apt-get clean && \
     pip install -r /requirements.txt --no-cache-dir && \
     apt-get remove --purge -y build-essential && \

LICENSE

@@ -1,674 +1,21 @@
-                    GNU GENERAL PUBLIC LICENSE
-                       Version 3, 29 June 2007
-
- Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
- Everyone is permitted to copy and distribute verbatim copies
- of this license document, but changing it is not allowed.
-
-                            Preamble
-
-  The GNU General Public License is a free, copyleft license for
-software and other kinds of works.
-
-  The licenses for most software and other practical works are designed
-to take away your freedom to share and change the works.  By contrast,
-the GNU General Public License is intended to guarantee your freedom to
-share and change all versions of a program--to make sure it remains free
-software for all its users.  We, the Free Software Foundation, use the
-GNU General Public License for most of our software; it applies also to
-any other work released this way by its authors.  You can apply it to
-your programs, too.
-
-  When we speak of free software, we are referring to freedom, not
-price.  Our General Public Licenses are designed to make sure that you
-have the freedom to distribute copies of free software (and charge for
-them if you wish), that you receive source code or can get it if you
-want it, that you can change the software or use pieces of it in new
-free programs, and that you know you can do these things.
-
-  To protect your rights, we need to prevent others from denying you
-these rights or asking you to surrender the rights.  Therefore, you have
-certain responsibilities if you distribute copies of the software, or if
-you modify it: responsibilities to respect the freedom of others.
-
-  For example, if you distribute copies of such a program, whether
-gratis or for a fee, you must pass on to the recipients the same
-freedoms that you received.  You must make sure that they, too, receive
-or can get the source code.  And you must show them these terms so they
-know their rights.
-
-  Developers that use the GNU GPL protect your rights with two steps:
-(1) assert copyright on the software, and (2) offer you this License
-giving you legal permission to copy, distribute and/or modify it.
-
-  For the developers' and authors' protection, the GPL clearly explains
-that there is no warranty for this free software.  For both users' and
-authors' sake, the GPL requires that modified versions be marked as
-changed, so that their problems will not be attributed erroneously to
-authors of previous versions.
-
-  Some devices are designed to deny users access to install or run
-modified versions of the software inside them, although the manufacturer
-can do so.  This is fundamentally incompatible with the aim of
-protecting users' freedom to change the software.  The systematic
-pattern of such abuse occurs in the area of products for individuals to
-use, which is precisely where it is most unacceptable.  Therefore, we
-have designed this version of the GPL to prohibit the practice for those
-products.  If such problems arise substantially in other domains, we
-stand ready to extend this provision to those domains in future versions
-of the GPL, as needed to protect the freedom of users.
-
-  Finally, every program is threatened constantly by software patents.
-States should not allow patents to restrict development and use of
-software on general-purpose computers, but in those that do, we wish to
-avoid the special danger that patents applied to a free program could
-make it effectively proprietary.  To prevent this, the GPL assures that
-patents cannot be used to render the program non-free.
-
-  The precise terms and conditions for copying, distribution and
-modification follow.
-
-                       TERMS AND CONDITIONS
-
-  0. Definitions.
-
-  "This License" refers to version 3 of the GNU General Public License.
-
-  "Copyright" also means copyright-like laws that apply to other kinds of
-works, such as semiconductor masks.
-
-  "The Program" refers to any copyrightable work licensed under this
-License.  Each licensee is addressed as "you".  "Licensees" and
-"recipients" may be individuals or organizations.
-
-  To "modify" a work means to copy from or adapt all or part of the work
-in a fashion requiring copyright permission, other than the making of an
-exact copy.  The resulting work is called a "modified version" of the
-earlier work or a work "based on" the earlier work.
-
-  A "covered work" means either the unmodified Program or a work based
-on the Program.
-
-  To "propagate" a work means to do anything with it that, without
-permission, would make you directly or secondarily liable for
-infringement under applicable copyright law, except executing it on a
-computer or modifying a private copy.  Propagation includes copying,
-distribution (with or without modification), making available to the
-public, and in some countries other activities as well.
-
-  To "convey" a work means any kind of propagation that enables other
-parties to make or receive copies.  Mere interaction with a user through
-a computer network, with no transfer of a copy, is not conveying.
-
-  An interactive user interface displays "Appropriate Legal Notices"
-to the extent that it includes a convenient and prominently visible
-feature that (1) displays an appropriate copyright notice, and (2)
-tells the user that there is no warranty for the work (except to the
-extent that warranties are provided), that licensees may convey the
-work under this License, and how to view a copy of this License.  If
-the interface presents a list of user commands or options, such as a
-menu, a prominent item in the list meets this criterion.
-
-  1. Source Code.
-
-  The "source code" for a work means the preferred form of the work
-for making modifications to it.  "Object code" means any non-source
-form of a work.
-
-  A "Standard Interface" means an interface that either is an official
-standard defined by a recognized standards body, or, in the case of
-interfaces specified for a particular programming language, one that
-is widely used among developers working in that language.
-
-  The "System Libraries" of an executable work include anything, other
-than the work as a whole, that (a) is included in the normal form of
-packaging a Major Component, but which is not part of that Major
-Component, and (b) serves only to enable use of the work with that
-Major Component, or to implement a Standard Interface for which an
-implementation is available to the public in source code form.  A
-"Major Component", in this context, means a major essential component
-(kernel, window system, and so on) of the specific operating system
-(if any) on which the executable work runs, or a compiler used to
-produce the work, or an object code interpreter used to run it.
-
-  The "Corresponding Source" for a work in object code form means all
-the source code needed to generate, install, and (for an executable
-work) run the object code and to modify the work, including scripts to
-control those activities.  However, it does not include the work's
-System Libraries, or general-purpose tools or generally available free
-programs which are used unmodified in performing those activities but
-which are not part of the work.  For example, Corresponding Source
-includes interface definition files associated with source files for
-the work, and the source code for shared libraries and dynamically
-linked subprograms that the work is specifically designed to require,
-such as by intimate data communication or control flow between those
-subprograms and other parts of the work.
-
-  The Corresponding Source need not include anything that users
-can regenerate automatically from other parts of the Corresponding
-Source.
-
-  The Corresponding Source for a work in source code form is that
-same work.
-
-  2. Basic Permissions.
-
-  All rights granted under this License are granted for the term of
-copyright on the Program, and are irrevocable provided the stated
-conditions are met.  This License explicitly affirms your unlimited
-permission to run the unmodified Program.  The output from running a
-covered work is covered by this License only if the output, given its
-content, constitutes a covered work.  This License acknowledges your
-rights of fair use or other equivalent, as provided by copyright law.
-
-  You may make, run and propagate covered works that you do not
-convey, without conditions so long as your license otherwise remains
-in force.  You may convey covered works to others for the sole purpose
-of having them make modifications exclusively for you, or provide you
-with facilities for running those works, provided that you comply with
-the terms of this License in conveying all material for which you do
-not control copyright.  Those thus making or running the covered works
-for you must do so exclusively on your behalf, under your direction
-and control, on terms that prohibit them from making any copies of
-your copyrighted material outside their relationship with you.
-
-  Conveying under any other circumstances is permitted solely under
-the conditions stated below.  Sublicensing is not allowed; section 10
-makes it unnecessary.
-
-  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
-
-  No covered work shall be deemed part of an effective technological
-measure under any applicable law fulfilling obligations under article
-11 of the WIPO copyright treaty adopted on 20 December 1996, or
-similar laws prohibiting or restricting circumvention of such
-measures.
-
-  When you convey a covered work, you waive any legal power to forbid
-circumvention of technological measures to the extent such circumvention
-is effected by exercising rights under this License with respect to
-the covered work, and you disclaim any intention to limit operation or
-modification of the work as a means of enforcing, against the work's
-users, your or third parties' legal rights to forbid circumvention of
-technological measures.
-
-  4. Conveying Verbatim Copies.
-
-  You may convey verbatim copies of the Program's source code as you
-receive it, in any medium, provided that you conspicuously and
-appropriately publish on each copy an appropriate copyright notice;
-keep intact all notices stating that this License and any
-non-permissive terms added in accord with section 7 apply to the code;
-keep intact all notices of the absence of any warranty; and give all
-recipients a copy of this License along with the Program.
-
-  You may charge any price or no price for each copy that you convey,
-and you may offer support or warranty protection for a fee.
-
-  5. Conveying Modified Source Versions.
-
-  You may convey a work based on the Program, or the modifications to
-produce it from the Program, in the form of source code under the
-terms of section 4, provided that you also meet all of these conditions:
-
-    a) The work must carry prominent notices stating that you modified
-    it, and giving a relevant date.
-
-    b) The work must carry prominent notices stating that it is
-    released under this License and any conditions added under section
-    7.  This requirement modifies the requirement in section 4 to
-    "keep intact all notices".
-
-    c) You must license the entire work, as a whole, under this
-    License to anyone who comes into possession of a copy.  This
-    License will therefore apply, along with any applicable section 7
-    additional terms, to the whole of the work, and all its parts,
-    regardless of how they are packaged.  This License gives no
-    permission to license the work in any other way, but it does not
-    invalidate such permission if you have separately received it.
-
-    d) If the work has interactive user interfaces, each must display
-    Appropriate Legal Notices; however, if the Program has interactive
-    interfaces that do not display Appropriate Legal Notices, your
-    work need not make them do so.
-
-  A compilation of a covered work with other separate and independent
-works, which are not by their nature extensions of the covered work,
-and which are not combined with it such as to form a larger program,
-in or on a volume of a storage or distribution medium, is called an
-"aggregate" if the compilation and its resulting copyright are not
-used to limit the access or legal rights of the compilation's users
-beyond what the individual works permit.  Inclusion of a covered work
-in an aggregate does not cause this License to apply to the other
-parts of the aggregate.
-
-  6. Conveying Non-Source Forms.
-
-  You may convey a covered work in object code form under the terms
-of sections 4 and 5, provided that you also convey the
-machine-readable Corresponding Source under the terms of this License,
-in one of these ways:
-
-    a) Convey the object code in, or embodied in, a physical product
-    (including a physical distribution medium), accompanied by the
-    Corresponding Source fixed on a durable physical medium
-    customarily used for software interchange.
-
-    b) Convey the object code in, or embodied in, a physical product
-    (including a physical distribution medium), accompanied by a
-    written offer, valid for at least three years and valid for as
-    long as you offer spare parts or customer support for that product
-    model, to give anyone who possesses the object code either (1) a
-    copy of the Corresponding Source for all the software in the
-    product that is covered by this License, on a durable physical
-    medium customarily used for software interchange, for a price no
-    more than your reasonable cost of physically performing this
-    conveying of source, or (2) access to copy the
-    Corresponding Source from a network server at no charge.
-
-    c) Convey individual copies of the object code with a copy of the
-    written offer to provide the Corresponding Source.  This
-    alternative is allowed only occasionally and noncommercially, and
-    only if you received the object code with such an offer, in accord
-    with subsection 6b.
-
-    d) Convey the object code by offering access from a designated
-    place (gratis or for a charge), and offer equivalent access to the
-    Corresponding Source in the same way through the same place at no
-    further charge.  You need not require recipients to copy the
-    Corresponding Source along with the object code.  If the place to
-    copy the object code is a network server, the Corresponding Source
-    may be on a different server (operated by you or a third party)
-    that supports equivalent copying facilities, provided you maintain
-    clear directions next to the object code saying where to find the
-    Corresponding Source.  Regardless of what server hosts the
-    Corresponding Source, you remain obligated to ensure that it is
-    available for as long as needed to satisfy these requirements.
-
-    e) Convey the object code using peer-to-peer transmission, provided
-    you inform other peers where the object code and Corresponding
-    Source of the work are being offered to the general public at no
-    charge under subsection 6d.
-
-  A separable portion of the object code, whose source code is excluded
-from the Corresponding Source as a System Library, need not be
-included in conveying the object code work.
-
-  A "User Product" is either (1) a "consumer product", which means any
-tangible personal property which is normally used for personal, family,
-or household purposes, or (2) anything designed or sold for incorporation
-into a dwelling.  In determining whether a product is a consumer product,
-doubtful cases shall be resolved in favor of coverage.  For a particular
-product received by a particular user, "normally used" refers to a
-typical or common use of that class of product, regardless of the status
-of the particular user or of the way in which the particular user
-actually uses, or expects or is expected to use, the product.  A product
-is a consumer product regardless of whether the product has substantial
-commercial, industrial or non-consumer uses, unless such uses represent
-the only significant mode of use of the product.
-
-  "Installation Information" for a User Product means any methods,
-procedures, authorization keys, or other information required to install
-and execute modified versions of a covered work in that User Product from
-a modified version of its Corresponding Source.  The information must
-suffice to ensure that the continued functioning of the modified object
-code is in no case prevented or interfered with solely because
-modification has been made.
-
-  If you convey an object code work under this section in, or with, or
-specifically for use in, a User Product, and the conveying occurs as
-part of a transaction in which the right of possession and use of the
-User Product is transferred to the recipient in perpetuity or for a
-fixed term (regardless of how the transaction is characterized), the
-Corresponding Source conveyed under this section must be accompanied
-by the Installation Information.  But this requirement does not apply
-if neither you nor any third party retains the ability to install
-modified object code on the User Product (for example, the work has
-been installed in ROM).
-
-  The requirement to provide Installation Information does not include a
-requirement to continue to provide support service, warranty, or updates
-for a work that has been modified or installed by the recipient, or for
-the User Product in which it has been modified or installed.  Access to a
-network may be denied when the modification itself materially and
-adversely affects the operation of the network or violates the rules and
-protocols for communication across the network.
-
-  Corresponding Source conveyed, and Installation Information provided,
-in accord with this section must be in a format that is publicly
-documented (and with an implementation available to the public in
-source code form), and must require no special password or key for
-unpacking, reading or copying.
-
-  7. Additional Terms.
-
-  "Additional permissions" are terms that supplement the terms of this
-License by making exceptions from one or more of its conditions.
-Additional permissions that are applicable to the entire Program shall
-be treated as though they were included in this License, to the extent
-that they are valid under applicable law.  If additional permissions
-apply only to part of the Program, that part may be used separately
-under those permissions, but the entire Program remains governed by
-this License without regard to the additional permissions.
-
-  When you convey a copy of a covered work, you may at your option
-remove any additional permissions from that copy, or from any part of
-it.  (Additional permissions may be written to require their own
-removal in certain cases when you modify the work.)  You may place
-additional permissions on material, added by you to a covered work,
-for which you have or can give appropriate copyright permission.
-
-  Notwithstanding any other provision of this License, for material you
-add to a covered work, you may (if authorized by the copyright holders of
-that material) supplement the terms of this License with terms:
-
-    a) Disclaiming warranty or limiting liability differently from the
-    terms of sections 15 and 16 of this License; or
-
-    b) Requiring preservation of specified reasonable legal notices or
-    author attributions in that material or in the Appropriate Legal
-    Notices displayed by works containing it; or
-
-    c) Prohibiting misrepresentation of the origin of that material, or
-    requiring that modified versions of such material be marked in
-    reasonable ways as different from the original version; or
-
-    d) Limiting the use for publicity purposes of names of licensors or
-    authors of the material; or
-
-    e) Declining to grant rights under trademark law for use of some
-    trade names, trademarks, or service marks; or
-
-    f) Requiring indemnification of licensors and authors of that
-    material by anyone who conveys the material (or modified versions of
-    it) with contractual assumptions of liability to the recipient, for
-    any liability that these contractual assumptions directly impose on
-    those licensors and authors.
-
-  All other non-permissive additional terms are considered "further
-restrictions" within the meaning of section 10.  If the Program as you
-received it, or any part of it, contains a notice stating that it is
-governed by this License along with a term that is a further
-restriction, you may remove that term.  If a license document contains
-a further restriction but permits relicensing or conveying under this
-License, you may add to a covered work material governed by the terms
-of that license document, provided that the further restriction does
-not survive such relicensing or conveying.
-
-  If you add terms to a covered work in accord with this section, you
-must place, in the relevant source files, a statement of the
-additional terms that apply to those files, or a notice indicating
-where to find the applicable terms.
-
-  Additional terms, permissive or non-permissive, may be stated in the
-form of a separately written license, or stated as exceptions;
-the above requirements apply either way.
-
-  8. Termination.
-
-  You may not propagate or modify a covered work except as expressly
-provided under this License.  Any attempt otherwise to propagate or
-modify it is void, and will automatically terminate your rights under
-this License (including any patent licenses granted under the third
-paragraph of section 11).
-
-  However, if you cease all violation of this License, then your
-license from a particular copyright holder is reinstated (a)
-provisionally, unless and until the copyright holder explicitly and
-finally terminates your license, and (b) permanently, if the copyright
-holder fails to notify you of the violation by some reasonable means
-prior to 60 days after the cessation.
-
-  Moreover, your license from a particular copyright holder is
-reinstated permanently if the copyright holder notifies you of the
-violation by some reasonable means, this is the first time you have
-received notice of violation of this License (for any work) from that
-copyright holder, and you cure the violation prior to 30 days after
-your receipt of the notice.
-
-  Termination of your rights under this section does not terminate the
-licenses of parties who have received copies or rights from you under
-this License.  If your rights have been terminated and not permanently
-reinstated, you do not qualify to receive new licenses for the same
-material under section 10.
-
-  9. Acceptance Not Required for Having Copies.
-
-  You are not required to accept this License in order to receive or
-run a copy of the Program.  Ancillary propagation of a covered work
-occurring solely as a consequence of using peer-to-peer transmission
-to receive a copy likewise does not require acceptance.  However,
-nothing other than this License grants you permission to propagate or
-modify any covered work.  These actions infringe copyright if you do
-not accept this License.  Therefore, by modifying or propagating a
-covered work, you indicate your acceptance of this License to do so.
-
-  10. Automatic Licensing of Downstream Recipients.
-
-  Each time you convey a covered work, the recipient automatically
-receives a license from the original licensors, to run, modify and
-propagate that work, subject to this License.  You are not responsible
-for enforcing compliance by third parties with this License.
-
-  An "entity transaction" is a transaction transferring control of an
-organization, or substantially all assets of one, or subdividing an
-organization, or merging organizations.  If propagation of a covered
-work results from an entity transaction, each party to that
-transaction who receives a copy of the work also receives whatever
-licenses to the work the party's predecessor in interest had or could
-give under the previous paragraph, plus a right to possession of the
-Corresponding Source of the work from the predecessor in interest, if
-the predecessor has it or can get it with reasonable efforts.
-
-  You may not impose any further restrictions on the exercise of the
-rights granted or affirmed under this License.  For example, you may
-not impose a license fee, royalty, or other charge for exercise of
-rights granted under this License, and you may not initiate litigation
-(including a cross-claim or counterclaim in a lawsuit) alleging that
-any patent claim is infringed by making, using, selling, offering for
-sale, or importing the Program or any portion of it.
-
-  11. Patents.
-
-  A "contributor" is a copyright holder who authorizes use under this
-License of the Program or a work on which the Program is based.  The
-work thus licensed is called the contributor's "contributor version".
-
-  A contributor's "essential patent claims" are all patent claims
-owned or controlled by the contributor, whether already acquired or
-hereafter acquired, that would be infringed by some manner, permitted
-by this License, of making, using, or selling its contributor version,
-but do not include claims that would be infringed only as a
-consequence of further modification of the contributor version.  For
-purposes of this definition, "control" includes the right to grant
-patent sublicenses in a manner consistent with the requirements of
-this License.
-
-  Each contributor grants you a non-exclusive, worldwide, royalty-free
-patent license under the contributor's essential patent claims, to
-make, use, sell, offer for sale, import and otherwise run, modify and
-propagate the contents of its contributor version.
-
-  In the following three paragraphs, a "patent license" is any express
-agreement or commitment, however denominated, not to enforce a patent
-(such as an express permission to practice a patent or covenant not to
-sue for patent infringement).  To "grant" such a patent license to a
-party means to make such an agreement or commitment not to enforce a
-patent against the party.
-
-  If you convey a covered work, knowingly relying on a patent license,
-and the Corresponding Source of the work is not available for anyone
-to copy, free of charge and under the terms of this License, through a
-publicly available network server or other readily accessible means,
-then you must either (1) cause the Corresponding Source to be so
-available, or (2) arrange to deprive yourself of the benefit of the
-patent license for this particular work, or (3) arrange, in a manner
-consistent with the requirements of this License, to extend the patent
-license to downstream recipients.  "Knowingly relying" means you have
-actual knowledge that, but for the patent license, your conveying the
-covered work in a country, or your recipient's use of the covered work
-in a country, would infringe one or more identifiable patents in that
-country that you have reason to believe are valid.
-
-  If, pursuant to or in connection with a single transaction or
-arrangement, you convey, or propagate by procuring conveyance of, a
-covered work, and grant a patent license to some of the parties
-receiving the covered work authorizing them to use, propagate, modify
-or convey a specific copy of the covered work, then the patent license
-you grant is automatically extended to all recipients of the covered
-work and works based on it.
-
-  A patent license is "discriminatory" if it does not include within
-the scope of its coverage, prohibits the exercise of, or is
-conditioned on the non-exercise of one or more of the rights that are
-specifically granted under this License.  You may not convey a covered
-work if you are a party to an arrangement with a third party that is
-in the business of distributing software, under which you make payment
-to the third party based on the extent of your activity of conveying
-the work, and under which the third party grants, to any of the
-parties who would receive the covered work from you, a discriminatory
-patent license (a) in connection with copies of the covered work
-conveyed by you (or copies made from those copies), or (b) primarily
-for and in connection with specific products or compilations that
-contain the covered work, unless you entered into that arrangement,
-or that patent license was granted, prior to 28 March 2007.
-
-  Nothing in this License shall be construed as excluding or limiting
-any implied license or other defenses to infringement that may
-otherwise be available to you under applicable patent law.
-
-  12. No Surrender of Others' Freedom.
-
-  If conditions are imposed on you (whether by court order, agreement or
-otherwise) that contradict the conditions of this License, they do not
-excuse you from the conditions of this License.  If you cannot convey a
-covered work so as to satisfy simultaneously your obligations under this
-License and any other pertinent obligations, then as a consequence you may
-not convey it at all.  For example, if you agree to terms that obligate you
-to collect a royalty for further conveying from those to whom you convey
-the Program, the only way you could satisfy both those terms and this
-License would be to refrain entirely from conveying the Program.
-
-  13. Use with the GNU Affero General Public License.
-
-  Notwithstanding any other provision of this License, you have
-permission to link or combine any covered work with a work licensed
-under version 3 of the GNU Affero General Public License into a single
-combined work, and to convey the resulting work.  The terms of this
-License will continue to apply to the part which is the covered work,
-but the special requirements of the GNU Affero General Public License,
-section 13, concerning interaction through a network will apply to the
-combination as such.
-
-  14. Revised Versions of this License.
-
-  The Free Software Foundation may publish revised and/or new versions of
-the GNU General Public License from time to time.  Such new versions will
-be similar in spirit to the present version, but may differ in detail to
-address new problems or concerns.
-
-  Each version is given a distinguishing version number.  If the
-Program specifies that a certain numbered version of the GNU General
-Public License "or any later version" applies to it, you have the
-option of following the terms and conditions either of that numbered
-version or of any later version published by the Free Software
-Foundation.  If the Program does not specify a version number of the
-GNU General Public License, you may choose any version ever published
-by the Free Software Foundation.
-
-  If the Program specifies that a proxy can decide which future
-versions of the GNU General Public License can be used, that proxy's
-public statement of acceptance of a version permanently authorizes you
-to choose that version for the Program.
-
-  Later license versions may give you additional or different
-permissions.  However, no additional obligations are imposed on any
-author or copyright holder as a result of your choosing to follow a
-later version.
-
-  15. Disclaimer of Warranty.
-
-  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
-APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
-HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
-OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
-THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
-IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
-ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
-
-  16. Limitation of Liability.
-
-  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
-WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
-THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
-GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
-USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
-DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
-PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
-EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGES.
-
-  17. Interpretation of Sections 15 and 16.
-
-  If the disclaimer of warranty and limitation of liability provided
-above cannot be given local legal effect according to their terms,
-reviewing courts shall apply local law that most closely approximates
-an absolute waiver of all civil liability in connection with the
-Program, unless a warranty or assumption of liability accompanies a
-copy of the Program in return for a fee.
-
-                     END OF TERMS AND CONDITIONS
-
-            How to Apply These Terms to Your New Programs
-
-  If you develop a new program, and you want it to be of the greatest
-possible use to the public, the best way to achieve this is to make it
-free software which everyone can redistribute and change under these terms.
-
-  To do so, attach the following notices to the program.  It is safest
-to attach them to the start of each source file to most effectively
-state the exclusion of warranty; and each file should have at least
-the "copyright" line and a pointer to where the full notice is found.
-
-    <one line to give the program's name and a brief idea of what it does.>
-    Copyright (C) <year>  <name of author>
-
-    This program is free software: you can redistribute it and/or modify
-    it under the terms of the GNU General Public License as published by
-    the Free Software Foundation, either version 3 of the License, or
-    (at your option) any later version.
-
-    This program is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU General Public License for more details.
-
-    You should have received a copy of the GNU General Public License
-    along with this program.  If not, see <https://www.gnu.org/licenses/>.
-
-Also add information on how to contact you by electronic and paper mail.
-
-  If the program does terminal interaction, make it output a short
-notice like this when it starts in an interactive mode:
-
-    <program>  Copyright (C) <year>  <name of author>
-    This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
-    This is free software, and you are welcome to redistribute it
-    under certain conditions; type `show c' for details.
-
-The hypothetical commands `show w' and `show c' should show the appropriate
-parts of the General Public License.  Of course, your program's commands
-might be different; for a GUI interface, you would use an "about box".
-
-  You should also get your employer (if you work as a programmer) or school,
-if any, to sign a "copyright disclaimer" for the program, if necessary.
-For more information on this, and how to apply and follow the GNU GPL, see
-<https://www.gnu.org/licenses/>.
-
-  The GNU General Public License does not permit incorporating your program
-into proprietary programs.  If your program is a subroutine library, you
-may consider it more useful to permit linking proprietary applications with
-the library.  If this is what you want to do, use the GNU Lesser General
-Public License instead of this License.  But first, please read
-<https://www.gnu.org/licenses/why-not-lgpl.html>.
+MIT License
+
+Copyright (c) 2019 BeryJu.org
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

Makefile

@@ -1,15 +1,20 @@
 all: lint-fix lint coverage gen
 
+test-full:
+	coverage run manage.py test --failfast -v 3 .
+	coverage html
+	coverage report
+
 test-integration:
 	k3d cluster create || exit 0
 	k3d kubeconfig write -o ~/.kube/config --overwrite
-	coverage run manage.py test -v 3 tests/integration
+	coverage run manage.py test --failfast -v 3 tests/integration
 
 test-e2e:
-	coverage run manage.py test -v 3 tests/e2e
+	coverage run manage.py test --failfast -v 3 tests/e2e
 
 coverage:
-	coverage run manage.py test -v 3 authentik
+	coverage run manage.py test --failfast -v 3 authentik
 	coverage html
 	coverage report
 

Pipfile

@@ -6,9 +6,6 @@ verify_ssl = true
 [packages]
 boto3 = "*"
 celery = "*"
-channels = "*"
-channels-redis = "*"
-dacite = "*"
 defusedxml = "*"
 django = "*"
 django-cors-middleware = "*"
@@ -18,33 +15,35 @@ django-guardian = "*"
 django-model-utils = "*"
 django-otp = "*"
 django-prometheus = "*"
+django-recaptcha = "*"
 django-redis = "*"
-django-storages = "*"
 djangorestframework = "*"
+django-storages = "*"
 djangorestframework-guardian = "*"
-docker = "*"
 drf_yasg2 = "*"
 facebook-sdk = "*"
-geoip2 = "*"
-gunicorn = "*"
-kubernetes = "*"
 ldap3 = "*"
 lxml = "*"
 packaging = "*"
 psycopg2-binary = "*"
 pycryptodome = "*"
 pyjwkest = "*"
+uvicorn = {extras = ["standard"],version = "*"}
+gunicorn = "*"
 pyyaml = "*"
+qrcode = "*"
 requests-oauthlib = "*"
 sentry-sdk = "*"
 service_identity = "*"
 structlog = "*"
 swagger-spec-validator = "*"
 urllib3 = {extras = ["secure"],version = "*"}
-uvicorn = {extras = ["standard"],version = "*"}
-webauthn = "*"
+dacite = "*"
+channels = "*"
+channels-redis = "*"
+kubernetes = "*"
+docker = "*"
 xmlsec = "*"
-twisted = "==20.3.0"
 
 [requires]
 python_version = "3.9"
@@ -56,7 +55,8 @@ black = "==20.8b1"
 bumpversion = "*"
 colorama = "*"
 coverage = "*"
-pylint = "<=2.6.0"
+django-debug-toolbar = "*"
+pylint = "*"
 pylint-django = "*"
 selenium = "*"
 prospector = "*"

README.md

@@ -1,8 +1,7 @@
-<img src="https://goauthentik.io/img/icon_top_brand_colour.svg" height="250" alt="authentik logo">
+<img src="web/icons/icon_top_brand.svg" height="250" alt="authentik logo">
 
 ---
 
-[![](https://img.shields.io/discord/809154715984199690?label=Discord&style=flat-square)](https://discord.gg/KPnmtNWy)
 [![CI Build status](https://img.shields.io/azure-devops/build/beryjuorg/authentik/1?style=flat-square)](https://dev.azure.com/beryjuorg/authentik/_build?definitionId=1)
 [![Tests](https://img.shields.io/azure-devops/tests/beryjuorg/authentik/1?compact_message&style=flat-square)](https://dev.azure.com/beryjuorg/authentik/_build?definitionId=1)
 [![Code Coverage](https://img.shields.io/codecov/c/gh/beryju/authentik?style=flat-square)](https://codecov.io/gh/BeryJu/authentik)
@@ -22,8 +21,8 @@ For bigger setups, there is a Helm Chart in the `helm/` directory. This is docum
 
 ## Screenshots
 
-![](https://goauthentik.io/img/screen_apps.png)
-![](https://goauthentik.io/img/screen_admin.png)
+![](website/static/img/screen_apps.png)
+![](website/static/img/screen_admin.png)
 
 ## Development
 

SECURITY.md

@@ -2,11 +2,13 @@
 
 ## Supported Versions
 
-| Version    | Supported          |
-| ---------- | ------------------ |
-| 0.13.x     | :white_check_mark: |
-| 0.14.x     | :white_check_mark: |
-| 2021.1.x   | :white_check_mark: |
+As authentik is currently in a pre-stable, only the latest "stable" version is supported. After authentik 1.0, this will change.
+
+| Version  | Supported          |
+| -------- | ------------------ |
+| 0.11.x   | :white_check_mark: |
+| 0.12.x   | :white_check_mark: |
+| 0.13.x   | :white_check_mark: |
 
 ## Reporting a Vulnerability
 

authentik/__init__.py

@@ -1,2 +1,2 @@
 """authentik"""
-__version__ = "2021.3.1-rc1"
+__version__ = "0.13.5-stable"

authentik/admin/api/metrics.py

@@ -2,10 +2,12 @@
 import time
 from collections import Counter
 from datetime import timedelta
+from typing import Dict, List
 
-from django.db.models import Count, ExpressionWrapper, F, Model
+from django.db.models import Count, ExpressionWrapper, F
 from django.db.models.fields import DurationField
 from django.db.models.functions import ExtractHour
+from django.http import response
 from django.utils.timezone import now
 from drf_yasg2.utils import swagger_auto_schema
 from rest_framework.fields import SerializerMethodField
@@ -15,10 +17,10 @@ from rest_framework.response import Response
 from rest_framework.serializers import Serializer
 from rest_framework.viewsets import ViewSet
 
-from authentik.events.models import Event, EventAction
+from authentik.audit.models import Event, EventAction
 
 
-def get_events_per_1h(**filter_kwargs) -> list[dict[str, int]]:
+def get_events_per_1h(**filter_kwargs) -> List[Dict[str, int]]:
     """Get event count by hour in the last day, fill with zeros"""
     date_from = now() - timedelta(days=1)
     result = (
@@ -31,7 +33,7 @@ def get_events_per_1h(**filter_kwargs) -> list[dict[str, int]]:
         .annotate(count=Count("pk"))
         .order_by("age_hours")
     )
-    data = Counter({int(d["age_hours"]): d["count"] for d in result})
+    data = Counter({d["age_hours"]: d["count"] for d in result})
     results = []
     _now = now()
     for hour in range(0, -24, -1):
@@ -58,10 +60,10 @@ class AdministrationMetricsSerializer(Serializer):
         """Get failed logins per hour for the last 24 hours"""
         return get_events_per_1h(action=EventAction.LOGIN_FAILED)
 
-    def create(self, validated_data: dict) -> Model:
+    def create(self, request: Request) -> response:
         raise NotImplementedError
 
-    def update(self, instance: Model, validated_data: dict) -> Model:
+    def update(self, request: Request) -> Response:
         raise NotImplementedError
 
 

authentik/admin/api/tasks.py

@@ -2,7 +2,6 @@
 from importlib import import_module
 
 from django.contrib import messages
-from django.db.models import Model
 from django.http.response import Http404
 from django.utils.translation import gettext_lazy as _
 from drf_yasg2.utils import swagger_auto_schema
@@ -14,7 +13,7 @@ from rest_framework.response import Response
 from rest_framework.serializers import Serializer
 from rest_framework.viewsets import ViewSet
 
-from authentik.events.monitored_tasks import TaskInfo
+from authentik.lib.tasks import TaskInfo
 
 
 class TaskSerializer(Serializer):
@@ -27,10 +26,10 @@ class TaskSerializer(Serializer):
     status = IntegerField(source="result.status.value")
     messages = ListField(source="result.messages")
 
-    def create(self, validated_data: dict) -> Model:
+    def create(self, request: Request) -> Response:
         raise NotImplementedError
 
-    def update(self, instance: Model, validated_data: dict) -> Model:
+    def update(self, request: Request) -> Response:
         raise NotImplementedError
 
 

authentik/admin/api/version.py

@@ -1,6 +1,5 @@
 """authentik administration overview"""
 from django.core.cache import cache
-from django.db.models import Model
 from drf_yasg2.utils import swagger_auto_schema
 from packaging.version import parse
 from rest_framework.fields import SerializerMethodField
@@ -40,10 +39,10 @@ class VersionSerializer(Serializer):
             self.get_version_latest(instance)
         )
 
-    def create(self, validated_data: dict) -> Model:
+    def create(self, request: Request) -> Response:
         raise NotImplementedError
 
-    def update(self, instance: Model, validated_data: dict) -> Model:
+    def update(self, request: Request) -> Response:
         raise NotImplementedError
 
 
@@ -52,7 +51,7 @@ class VersionViewSet(ListModelMixin, GenericViewSet):
 
     permission_classes = [IsAdminUser]
 
-    def get_queryset(self):  # pragma: no cover
+    def get_queryset(self):
         return None
 
     @swagger_auto_schema(responses={200: VersionSerializer(many=True)})

authentik/admin/api/workers.py

@@ -15,7 +15,7 @@ class WorkerViewSet(ListModelMixin, GenericViewSet):
     serializer_class = Serializer
     permission_classes = [IsAdminUser]
 
-    def get_queryset(self):  # pragma: no cover
+    def get_queryset(self):
         return None
 
     def list(self, request: Request) -> Response:

authentik/admin/forms/source.py

@@ -0,0 +1,17 @@
+"""authentik core source form fields"""
+
+SOURCE_FORM_FIELDS = [
+    "name",
+    "slug",
+    "enabled",
+    "authentication_flow",
+    "enrollment_flow",
+]
+SOURCE_SERIALIZER_FIELDS = [
+    "pk",
+    "name",
+    "slug",
+    "enabled",
+    "authentication_flow",
+    "enrollment_flow",
+]

authentik/admin/tasks.py

@@ -1,22 +1,14 @@
 """authentik admin tasks"""
-import re
-
 from django.core.cache import cache
-from django.core.validators import URLValidator
-from packaging.version import parse
 from requests import RequestException, get
-from structlog.stdlib import get_logger
+from structlog import get_logger
 
-from authentik import __version__
-from authentik.events.models import Event, EventAction
-from authentik.events.monitored_tasks import MonitoredTask, TaskResult, TaskResultStatus
+from authentik.lib.tasks import MonitoredTask, TaskResult, TaskResultStatus
 from authentik.root.celery import CELERY_APP
 
 LOGGER = get_logger()
 VERSION_CACHE_KEY = "authentik_latest_version"
-VERSION_CACHE_TIMEOUT = 8 * 60 * 60  # 8 hours
-# Chop of the first ^ because we want to search the entire string
-URL_FINDER = URLValidator.regex.pattern[1:]
+VERSION_CACHE_TIMEOUT = 2 * 60 * 60  # 2 hours
 
 
 @CELERY_APP.task(bind=True, base=MonitoredTask)
@@ -27,27 +19,12 @@ def update_latest_version(self: MonitoredTask):
         response.raise_for_status()
         data = response.json()
         tag_name = data.get("tag_name")
-        upstream_version = tag_name.split("/")[1]
-        cache.set(VERSION_CACHE_KEY, upstream_version, VERSION_CACHE_TIMEOUT)
+        cache.set(VERSION_CACHE_KEY, tag_name.split("/")[1], VERSION_CACHE_TIMEOUT)
         self.set_status(
             TaskResult(
                 TaskResultStatus.SUCCESSFUL, ["Successfully updated latest Version"]
             )
         )
-        # Check if upstream version is newer than what we're running,
-        # and if no event exists yet, create one.
-        local_version = parse(__version__)
-        if local_version < parse(upstream_version):
-            # Event has already been created, don't create duplicate
-            if Event.objects.filter(
-                action=EventAction.UPDATE_AVAILABLE,
-                context__new_version=upstream_version,
-            ).exists():
-                return
-            event_dict = {"new_version": upstream_version}
-            if match := re.search(URL_FINDER, data.get("body", "")):
-                event_dict["message"] = f"Changelog: {match.group()}"
-            Event.new(EventAction.UPDATE_AVAILABLE, **event_dict).save()
     except (RequestException, IndexError) as exc:
         cache.set(VERSION_CACHE_KEY, "0.0.0", VERSION_CACHE_TIMEOUT)
         self.set_status(TaskResult(TaskResultStatus.ERROR).with_error(exc))

authentik/admin/templates/administration/application/list.html

@@ -0,0 +1,131 @@
+{% extends "administration/base.html" %}
+
+{% load i18n %}
+{% load authentik_utils %}
+
+{% block content %}
+<section class="pf-c-page__main-section pf-m-light">
+    <div class="pf-c-content">
+        <h1>
+            <i class="pf-icon pf-icon-applications"></i>
+            {% trans 'Applications' %}
+        </h1>
+        <p>{% trans "External Applications which use authentik as Identity-Provider, utilizing protocols like OAuth2 and SAML." %}</p>
+    </div>
+</section>
+<section class="pf-c-page__main-section pf-m-no-padding-mobile">
+    <div class="pf-c-card">
+        {% if object_list %}
+        <div class="pf-c-toolbar">
+            <div class="pf-c-toolbar__content">
+                {% include 'partials/toolbar_search.html' %}
+                <div class="pf-c-toolbar__bulk-select">
+                    <ak-modal-button href="{% url 'authentik_admin:application-create' %}">
+                        <ak-spinner-button slot="trigger" class="pf-m-primary">
+                            {% trans 'Create' %}
+                        </ak-spinner-button>
+                        <div slot="modal"></div>
+                    </ak-modal-button>
+                    <button role="ak-refresh" class="pf-c-button pf-m-primary">
+                        {% trans 'Refresh' %}
+                    </button>
+                </div>
+                {% include 'partials/pagination.html' %}
+            </div>
+        </div>
+        <table class="pf-c-table pf-m-compact pf-m-grid-xl" role="grid">
+            <thead>
+                <tr role="row">
+                    <th role="columnheader"></th>
+                    <th role="columnheader" scope="col">{% trans 'Name' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'Slug' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'Provider' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'Provider Type' %}</th>
+                    <th role="columnheader"></th>
+                </tr>
+            </thead>
+            <tbody role="rowgroup">
+                {% for application in object_list %}
+                <tr role="row">
+                    <td role="cell" {% if application.meta_icon %} style="vertical-align: bottom;" {% endif %}>
+                        {% if application.meta_icon %}
+                        <img class="app-icon pf-c-avatar" src="{{ application.meta_icon.url }}" alt="{% trans 'Application Icon' %}">
+                        {% else %}
+                        <i class="pf-icon pf-icon-arrow"></i>
+                        {% endif %}
+                    </td>
+                    <td role="cell">
+                        <a href="/applications/{{ application.slug }}/">
+                            <div>
+                                {{ application.name }}
+                            </div>
+                            {% if application.meta_publisher %}
+                            <small>{{ application.meta_publisher }}</small>
+                            {% endif %}
+                        </a>
+                    </td>
+                    <td role="cell">
+                        <code>{{ application.slug }}</span>
+                    </td>
+                    <td role="cell">
+                        <span>
+                            {{ application.get_provider }}
+                        </span>
+                    </td>
+                    <td role="cell">
+                        <span>
+                            {{ application.get_provider|verbose_name }}
+                        </span>
+                    </td>
+                    <td>
+                        <ak-modal-button href="{% url 'authentik_admin:application-update' pk=application.pk %}">
+                            <ak-spinner-button slot="trigger" class="pf-m-secondary">
+                                {% trans 'Edit' %}
+                            </ak-spinner-button>
+                            <div slot="modal"></div>
+                        </ak-modal-button>
+                        <ak-modal-button href="{% url 'authentik_admin:application-delete' pk=application.pk %}">
+                            <ak-spinner-button slot="trigger" class="pf-m-danger">
+                                {% trans 'Delete' %}
+                            </ak-spinner-button>
+                            <div slot="modal"></div>
+                        </ak-modal-button>
+                    </td>
+                </tr>
+                {% endfor %}
+            </tbody>
+        </table>
+        <div class="pf-c-pagination pf-m-bottom">
+            {% include 'partials/pagination.html' %}
+        </div>
+        {% else %}
+        <div class="pf-c-toolbar">
+            <div class="pf-c-toolbar__content">
+                {% include 'partials/toolbar_search.html' %}
+            </div>
+        </div>
+        <div class="pf-c-empty-state">
+            <div class="pf-c-empty-state__content">
+                <i class="pf-icon pf-icon-applications pf-c-empty-state__icon" aria-hidden="true"></i>
+                <h1 class="pf-c-title pf-m-lg">
+                    {% trans 'No Applications.' %}
+                </h1>
+                <div class="pf-c-empty-state__body">
+                {% if request.GET.search != "" %}
+                    {% trans "Your search query doesn't match any application." %}
+                {% else %}
+                    {% trans 'Currently no applications exist. Click the button below to create one.' %}
+                {% endif %}
+                </div>
+                <ak-modal-button href="{% url 'authentik_admin:application-create' %}">
+                    <ak-spinner-button slot="trigger" class="pf-m-primary">
+                        {% trans 'Create' %}
+                    </ak-spinner-button>
+                    <div slot="modal"></div>
+                </ak-modal-button>
+            </div>
+        </div>
+        {% endif %}
+    </div>
+</section>
+{% endblock %}

authentik/admin/templates/administration/certificatekeypair/generate.html

@@ -1,14 +0,0 @@
-{% extends base_template|default:"generic/form.html" %}
-
-{% load authentik_utils %}
-{% load i18n %}
-
-{% block above_form %}
-<h1>
-    {% trans 'Generate Certificate-Key Pair' %}
-</h1>
-{% endblock %}
-
-{% block action %}
-{% trans 'Generate Certificate-Key Pair' %}
-{% endblock %}

authentik/admin/templates/administration/certificatekeypair/list.html

@@ -0,0 +1,116 @@
+{% extends "administration/base.html" %}
+
+{% load i18n %}
+{% load authentik_utils %}
+
+{% block content %}
+<section class="pf-c-page__main-section pf-m-light">
+    <div class="pf-c-content">
+        <h1>
+            <i class="pf-icon pf-icon-key"></i>
+            {% trans 'Certificate-Key Pairs' %}
+        </h1>
+        <p>{% trans "Import certificates of external providers or create certificates to sign requests with." %}</p>
+    </div>
+</section>
+<section class="pf-c-page__main-section pf-m-no-padding-mobile">
+    <div class="pf-c-card">
+        {% if object_list %}
+        <div class="pf-c-toolbar">
+            <div class="pf-c-toolbar__content">
+                {% include 'partials/toolbar_search.html' %}
+                <div class="pf-c-toolbar__bulk-select">
+                    <ak-modal-button href="{% url 'authentik_admin:certificatekeypair-create' %}">
+                        <ak-spinner-button slot="trigger" class="pf-m-primary">
+                            {% trans 'Create' %}
+                        </ak-spinner-button>
+                        <div slot="modal"></div>
+                    </ak-modal-button>
+                    <button role="ak-refresh" class="pf-c-button pf-m-primary">
+                        {% trans 'Refresh' %}
+                    </button>
+                </div>
+                {% include 'partials/pagination.html' %}
+            </div>
+        </div>
+        <table class="pf-c-table pf-m-compact pf-m-grid-xl" role="grid">
+            <thead>
+                <tr role="row">
+                    <th role="columnheader" scope="col">{% trans 'Name' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'Private Key available' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'Fingerprint' %}</th>
+                    <th role="cell"></th>
+                </tr>
+            </thead>
+            <tbody role="rowgroup">
+                {% for kp in object_list %}
+                <tr role="row">
+                    <th role="columnheader">
+                        <div>
+                            <div>{{ kp.name }}</div>
+                        </div>
+                    </th>
+                    <td role="cell">
+                        <span>
+                            {% if kp.key_data is not None %}
+                            {% trans 'Yes' %}
+                            {% else %}
+                            {% trans 'No' %}
+                            {% endif %}
+                        </span>
+                    </td>
+                    <td role="cell">
+                        <code>{{ kp.fingerprint }}</code>
+                    </td>
+                    <td>
+                        <ak-modal-button href="{% url 'authentik_admin:certificatekeypair-update' pk=kp.pk %}">
+                            <ak-spinner-button slot="trigger" class="pf-m-secondary">
+                                {% trans 'Edit' %}
+                            </ak-spinner-button>
+                            <div slot="modal"></div>
+                        </ak-modal-button>
+                        <ak-modal-button href="{% url 'authentik_admin:certificatekeypair-delete' pk=kp.pk %}">
+                            <ak-spinner-button slot="trigger" class="pf-m-danger">
+                                {% trans 'Delete' %}
+                            </ak-spinner-button>
+                            <div slot="modal"></div>
+                        </ak-modal-button>
+                    </td>
+                </tr>
+                {% endfor %}
+            </tbody>
+        </table>
+        <div class="pf-c-pagination pf-m-bottom">
+            {% include 'partials/pagination.html' %}
+        </div>
+        {% else %}
+        <div class="pf-c-toolbar">
+            <div class="pf-c-toolbar__content">
+                {% include 'partials/toolbar_search.html' %}
+            </div>
+        </div>
+        <div class="pf-c-empty-state">
+            <div class="pf-c-empty-state__content">
+                <i class="pf-icon pf-icon-key pf-c-empty-state__icon" aria-hidden="true"></i>
+                <h1 class="pf-c-title pf-m-lg">
+                    {% trans 'No Certificates.' %}
+                </h1>
+                <div class="pf-c-empty-state__body">
+                {% if request.GET.search != "" %}
+                    {% trans "Your search query doesn't match any certificates." %}
+                {% else %}
+                    {% trans 'Currently no certificates exist. Click the button below to create one.' %}
+                {% endif %}
+                </div>
+                <ak-modal-button href="{% url 'authentik_admin:certificatekeypair-create' %}">
+                    <ak-spinner-button slot="trigger" class="pf-m-primary">
+                        {% trans 'Create' %}
+                    </ak-spinner-button>
+                    <div slot="modal"></div>
+                </ak-modal-button>
+            </div>
+        </div>
+        {% endif %}
+    </div>
+</section>
+{% endblock %}

authentik/admin/templates/administration/flow/list.html

@@ -0,0 +1,135 @@
+{% extends "administration/base.html" %}
+
+{% load i18n %}
+{% load authentik_utils %}
+
+{% block content %}
+<section class="pf-c-page__main-section pf-m-light">
+    <div class="pf-c-content">
+        <h1>
+            <i class="pf-icon pf-icon-process-automation"></i>
+            {% trans 'Flows' %}
+        </h1>
+        <p>{% trans "Flows describe a chain of Stages to authenticate, enroll or recover a user. Stages are chosen based on policies applied to them." %}</p>
+    </div>
+</section>
+<section class="pf-c-page__main-section pf-m-no-padding-mobile">
+    <div class="pf-c-card">
+        {% if object_list %}
+        <div class="pf-c-toolbar">
+            <div class="pf-c-toolbar__content">
+                {% include 'partials/toolbar_search.html' %}
+                <div class="pf-c-toolbar__bulk-select">
+                    <ak-modal-button href="{% url 'authentik_admin:flow-create' %}">
+                        <ak-spinner-button slot="trigger" class="pf-m-primary">
+                            {% trans 'Create' %}
+                        </ak-spinner-button>
+                        <div slot="modal"></div>
+                    </ak-modal-button>
+                    <ak-modal-button href="{% url 'authentik_admin:flow-import' %}">
+                        <ak-spinner-button slot="trigger" class="pf-m-secondary">
+                            {% trans 'Import' %}
+                        </ak-spinner-button>
+                        <div slot="modal"></div>
+                    </ak-modal-button>
+                    <button role="ak-refresh" class="pf-c-button pf-m-primary">
+                        {% trans 'Refresh' %}
+                    </button>
+                </div>
+                {% include 'partials/pagination.html' %}
+            </div>
+        </div>
+        <table class="pf-c-table pf-m-compact pf-m-grid-xl" role="grid">
+            <thead>
+                <tr role="row">
+                    <th role="columnheader" scope="col">{% trans 'Identifier' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'Designation' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'Stages' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'Policies' %}</th>
+                    <th role="cell"></th>
+                </tr>
+            </thead>
+            <tbody role="rowgroup">
+                {% for flow in object_list %}
+                <tr role="row">
+                    <th role="columnheader">
+                        <a href="/flows/{{ flow.slug }}/">
+                            <div><code>{{ flow.slug }}</code></div>
+                            <small>{{ flow.name }}</small>
+                        </a>
+                    </th>
+                    <td role="cell">
+                        <span>
+                            {{ flow.designation }}
+                        </span>
+                    </td>
+                    <td role="cell">
+                        <span>
+                            {{ flow.stages.all|length }}
+                        </span>
+                    </td>
+                    <td role="cell">
+                        <span>
+                            {{ flow.policies.all|length }}
+                        </span>
+                    </td>
+                    <td>
+                        <ak-modal-button href="{% url 'authentik_admin:flow-update' pk=flow.pk %}">
+                            <ak-spinner-button slot="trigger" class="pf-m-secondary">
+                                {% trans 'Edit' %}
+                            </ak-spinner-button>
+                            <div slot="modal"></div>
+                        </ak-modal-button>
+                        <ak-modal-button href="{% url 'authentik_admin:flow-delete' pk=flow.pk %}">
+                            <ak-spinner-button slot="trigger" class="pf-m-danger">
+                                {% trans 'Delete' %}
+                            </ak-spinner-button>
+                            <div slot="modal"></div>
+                        </ak-modal-button>
+                        <a class="pf-c-button pf-m-secondary ak-root-link" href="{% url 'authentik_admin:flow-execute' pk=flow.pk %}?next={{ request.get_full_path }}">{% trans 'Execute' %}</a>
+                        <a class="pf-c-button pf-m-secondary ak-root-link" href="{% url 'authentik_admin:flow-export' pk=flow.pk %}?next={{ request.get_full_path }}">{% trans 'Export' %}</a>
+                    </td>
+                </tr>
+                {% endfor %}
+            </tbody>
+        </table>
+        <div class="pf-c-pagination pf-m-bottom">
+            {% include 'partials/pagination.html' %}
+        </div>
+        {% else %}
+        <div class="pf-c-toolbar">
+            <div class="pf-c-toolbar__content">
+                {% include 'partials/toolbar_search.html' %}
+            </div>
+        </div>
+        <div class="pf-c-empty-state">
+            <div class="pf-c-empty-state__content">
+                <i class="pf-icon pf-icon-process-automation pf-c-empty-state__icon" aria-hidden="true"></i>
+                <h1 class="pf-c-title pf-m-lg">
+                    {% trans 'No Flows.' %}
+                </h1>
+                <div class="pf-c-empty-state__body">
+                {% if request.GET.search != "" %}
+                    {% trans "Your search query doesn't match any flows." %}
+                {% else %}
+                    {% trans 'Currently no flows exist. Click the button below to create one.' %}
+                {% endif %}
+                </div>
+                <ak-modal-button href="{% url 'authentik_admin:flow-create' %}">
+                    <ak-spinner-button slot="trigger" class="pf-m-primary">
+                        {% trans 'Create' %}
+                    </ak-spinner-button>
+                    <div slot="modal"></div>
+                </ak-modal-button>
+                <ak-modal-button href="{% url 'authentik_admin:flow-import' %}">
+                    <ak-spinner-button slot="trigger" class="pf-m-secondary">
+                        {% trans 'Import' %}
+                    </ak-spinner-button>
+                    <div slot="modal"></div>
+                </ak-modal-button>
+            </div>
+        </div>
+        {% endif %}
+    </div>
+</section>
+{% endblock %}

authentik/admin/templates/administration/group/list.html

@@ -0,0 +1,114 @@
+{% extends "administration/base.html" %}
+
+{% load i18n %}
+
+{% block content %}
+<section class="pf-c-page__main-section pf-m-light">
+    <div class="pf-c-content">
+        <h1>
+            <i class="pf-icon pf-icon-users"></i>
+            {% trans 'Groups' %}
+        </h1>
+        <p>{% trans "Group users together and give them permissions based on the membership." %}
+        </p>
+    </div>
+</section>
+<section class="pf-c-page__main-section pf-m-no-padding-mobile">
+    <div class="pf-c-card">
+        {% if object_list %}
+        <div class="pf-c-toolbar">
+            <div class="pf-c-toolbar__content">
+                {% include 'partials/toolbar_search.html' %}
+                <div class="pf-c-toolbar__bulk-select">
+                    <ak-modal-button href="{% url 'authentik_admin:group-create' %}">
+                        <ak-spinner-button slot="trigger" class="pf-m-primary">
+                            {% trans 'Create' %}
+                        </ak-spinner-button>
+                        <div slot="modal"></div>
+                    </ak-modal-button>
+                    <button role="ak-refresh" class="pf-c-button pf-m-primary">
+                        {% trans 'Refresh' %}
+                    </button>
+                </div>
+                {% include 'partials/pagination.html' %}
+            </div>
+        </div>
+        <table class="pf-c-table pf-m-compact pf-m-grid-xl" role="grid">
+            <thead>
+                <tr role="row">
+                    <th role="columnheader" scope="col">{% trans 'Name' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'Parent' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'Members' %}</th>
+                    <th role="cell"></th>
+                </tr>
+            </thead>
+            <tbody role="rowgroup">
+                {% for group in object_list %}
+                <tr role="row">
+                    <td role="cell">
+                        <span>
+                            {{ group.name }}
+                        </span>
+                    </td>
+                    <td role="cell">
+                        <span>
+                            {{ group.parent }}
+                        </span>
+                    </td>
+                    <td role="cell">
+                        <span>
+                            {{ group.users.all|length }}
+                        </span>
+                    </td>
+                    <td>
+                        <ak-modal-button href="{% url 'authentik_admin:group-update' pk=group.pk %}">
+                            <ak-spinner-button slot="trigger" class="pf-m-secondary">
+                                {% trans 'Edit' %}
+                            </ak-spinner-button>
+                            <div slot="modal"></div>
+                        </ak-modal-button>
+                        <ak-modal-button href="{% url 'authentik_admin:group-delete' pk=group.pk %}">
+                            <ak-spinner-button slot="trigger" class="pf-m-danger">
+                                {% trans 'Delete' %}
+                            </ak-spinner-button>
+                            <div slot="modal"></div>
+                        </ak-modal-button>
+                    </td>
+                </tr>
+                {% endfor %}
+            </tbody>
+        </table>
+        <div class="pf-c-pagination pf-m-bottom">
+            {% include 'partials/pagination.html' %}
+        </div>
+        {% else %}
+        <div class="pf-c-toolbar">
+            <div class="pf-c-toolbar__content">
+                {% include 'partials/toolbar_search.html' %}
+            </div>
+        </div>
+        <div class="pf-c-empty-state">
+            <div class="pf-c-empty-state__content">
+                <i class="pf-icon pf-icon-users pf-c-empty-state__icon" aria-hidden="true"></i>
+                <h1 class="pf-c-title pf-m-lg">
+                    {% trans 'No Groups.' %}
+                </h1>
+                <div class="pf-c-empty-state__body">
+                {% if request.GET.search != "" %}
+                    {% trans "Your search query doesn't match any groups." %}
+                {% else %}
+                    {% trans 'Currently no group exist. Click the button below to create one.' %}
+                {% endif %}
+                </div>
+                <ak-modal-button href="{% url 'authentik_admin:group-create' %}">
+                    <ak-spinner-button slot="trigger" class="pf-m-primary">
+                        {% trans 'Create' %}
+                    </ak-spinner-button>
+                    <div slot="modal"></div>
+                </ak-modal-button>
+            </div>
+        </div>
+        {% endif %}
+    </div>
+</section>
+{% endblock %}

authentik/admin/templates/administration/outpost/list.html

@@ -0,0 +1,149 @@
+{% extends "administration/base.html" %}
+
+{% load i18n %}
+{% load humanize %}
+{% load authentik_utils %}
+{% load admin_reflection %}
+
+{% block content %}
+<section class="pf-c-page__main-section pf-m-light">
+    <div class="pf-c-content">
+        <h1>
+            <i class="pf-icon pf-icon-zone"></i>
+            {% trans 'Outposts' %}
+        </h1>
+        <p>{% trans "Outposts are deployments of authentik components to support different environments and protocols, like reverse proxies." %}</p>
+    </div>
+</section>
+<section class="pf-c-page__main-section pf-m-no-padding-mobile">
+    <div class="pf-c-card">
+        {% if object_list %}
+        <div class="pf-c-toolbar">
+            <div class="pf-c-toolbar__content">
+                {% include 'partials/toolbar_search.html' %}
+                <div class="pf-c-toolbar__bulk-select">
+                    <ak-modal-button href="{% url 'authentik_admin:outpost-create' %}">
+                        <ak-spinner-button slot="trigger" class="pf-m-primary">
+                            {% trans 'Create' %}
+                        </ak-spinner-button>
+                        <div slot="modal"></div>
+                    </ak-modal-button>
+                    <button role="ak-refresh" class="pf-c-button pf-m-primary">
+                        {% trans 'Refresh' %}
+                    </button>
+                </div>
+                {% include 'partials/pagination.html' %}
+            </div>
+        </div>
+        <table class="pf-c-table pf-m-compact pf-m-grid-xl" role="grid">
+            <thead>
+                <tr role="row">
+                    <th role="columnheader" scope="col">{% trans 'Name' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'Providers' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'Health' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'Version' %}</th>
+                    <th role="cell"></th>
+                </tr>
+            </thead>
+            <tbody role="rowgroup">
+                {% for outpost in object_list %}
+                <tr role="row">
+                    <th role="columnheader">
+                        <span>{{ outpost.name }}</span>
+                    </th>
+                    <td role="cell">
+                        <span>
+                            {{ outpost.providers.all.select_subclasses|join:", " }}
+                        </span>
+                    </td>
+                    {% with states=outpost.state %}
+                    {% if states|length > 0 %}
+                        <td role="cell">
+                            {% for state in states %}
+                            <div>
+                                {% if state.last_seen %}
+                                <i class="fas fa-check pf-m-success"></i> {{ state.last_seen|naturaltime }}
+                                {% else %}
+                                <i class="fas fa-times pf-m-danger"></i> {% trans 'Unhealthy' %}
+                                {% endif %}
+                            </div>
+                            {% endfor %}
+                        </td>
+                        <td role="cell">
+                            {% for state in states %}
+                                <div>
+                                    {% if not state.version %}
+                                    <i class="fas fa-question-circle"></i>
+                                    {% elif state.version_outdated %}
+                                    <i class="fas fa-times pf-m-danger"></i> {% blocktrans with is=state.version should=state.version_should %}{{ is }}, should be {{ should }}{% endblocktrans %}
+                                    {% else %}
+                                    <i class="fas fa-check pf-m-success"></i> {{ state.version }}
+                                    {% endif %}
+                                </div>
+                            {% endfor %}
+                        </td>
+                    {% else %}
+                        <td role="cell">
+                            <i class="fas fa-question-circle"></i>
+                        </td>
+                        <td role="cell">
+                            <i class="fas fa-question-circle"></i>
+                        </td>
+                    {% endif %}
+                    {% endwith %}
+                    <td>
+                        <ak-modal-button href="{% url 'authentik_admin:outpost-update' pk=outpost.pk %}">
+                            <ak-spinner-button slot="trigger" class="pf-m-secondary">
+                                {% trans 'Edit' %}
+                            </ak-spinner-button>
+                            <div slot="modal"></div>
+                        </ak-modal-button>
+                        <ak-modal-button href="{% url 'authentik_admin:outpost-delete' pk=outpost.pk %}">
+                            <ak-spinner-button slot="trigger" class="pf-m-danger">
+                                {% trans 'Delete' %}
+                            </ak-spinner-button>
+                            <div slot="modal"></div>
+                        </ak-modal-button>
+                        {% get_htmls outpost as htmls %}
+                        {% for html in htmls %}
+                        {{ html|safe }}
+                        {% endfor %}
+                    </td>
+                </tr>
+                {% endfor %}
+            </tbody>
+        </table>
+        <div class="pf-c-pagination pf-m-bottom">
+            {% include 'partials/pagination.html' %}
+        </div>
+        {% else %}
+        <div class="pf-c-toolbar">
+            <div class="pf-c-toolbar__content">
+                {% include 'partials/toolbar_search.html' %}
+            </div>
+        </div>
+        <div class="pf-c-empty-state">
+            <div class="pf-c-empty-state__content">
+                <i class="fas fa-map-marker pf-c-empty-state__icon" aria-hidden="true"></i>
+                <h1 class="pf-c-title pf-m-lg">
+                    {% trans 'No Outposts.' %}
+                </h1>
+                <div class="pf-c-empty-state__body">
+                {% if request.GET.search != "" %}
+                    {% trans "Your search query doesn't match any outposts." %}
+                {% else %}
+                    {% trans 'Currently no outposts exist. Click the button below to create one.' %}
+                {% endif %}
+                </div>
+                <ak-modal-button href="{% url 'authentik_admin:outpost-create' %}">
+                    <ak-spinner-button slot="trigger" class="pf-m-primary">
+                        {% trans 'Create' %}
+                    </ak-spinner-button>
+                    <div slot="modal"></div>
+                </ak-modal-button>
+            </div>
+        </div>
+        {% endif %}
+    </div>
+</section>
+{% endblock %}

authentik/admin/templates/administration/outpost_service_connection/list.html

@@ -0,0 +1,154 @@
+{% extends "administration/base.html" %}
+
+{% load i18n %}
+{% load humanize %}
+{% load authentik_utils %}
+{% load admin_reflection %}
+
+{% block content %}
+<section class="pf-c-page__main-section pf-m-light">
+    <div class="pf-c-content">
+        <h1>
+            <i class="pf-icon-integration"></i>
+            {% trans 'Outpost Service-Connections' %}
+        </h1>
+        <p>{% trans "Outpost Service-Connections define how authentik connects to external platforms to manage and deploy Outposts." %}</p>
+    </div>
+</section>
+<section class="pf-c-page__main-section pf-m-no-padding-mobile">
+    <div class="pf-c-card">
+        {% if object_list %}
+        <div class="pf-c-toolbar">
+            <div class="pf-c-toolbar__content">
+                {% include 'partials/toolbar_search.html' %}
+                <div class="pf-c-toolbar__bulk-select">
+                    <ak-dropdown class="pf-c-dropdown">
+                        <button class="pf-m-primary pf-c-dropdown__toggle" type="button">
+                            <span class="pf-c-dropdown__toggle-text">{% trans 'Create' %}</span>
+                            <i class="fas fa-caret-down pf-c-dropdown__toggle-icon" aria-hidden="true"></i>
+                        </button>
+                        <ul class="pf-c-dropdown__menu" hidden>
+                            {% for type, name in types.items %}
+                            <li>
+                                <ak-modal-button href="{% url 'authentik_admin:outpost-service-connection-create' %}?type={{ type }}">
+                                    <button slot="trigger" class="pf-c-dropdown__menu-item">
+                                        {{ name|verbose_name }}<br>
+                                        <small>
+                                            {{ name|doc }}
+                                        </small>
+                                    </button>
+                                    <div slot="modal"></div>
+                                </ak-modal-button>
+                            </li>
+                            {% endfor %}
+                        </ul>
+                    </ak-dropdown>
+                    <button role="ak-refresh" class="pf-c-button pf-m-primary">
+                        {% trans 'Refresh' %}
+                    </button>
+                </div>
+                {% include 'partials/pagination.html' %}
+            </div>
+        </div>
+        <table class="pf-c-table pf-m-compact pf-m-grid-xl" role="grid">
+            <thead>
+                <tr role="row">
+                    <th role="columnheader" scope="col">{% trans 'Name' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'Type' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'Local?' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'Status' %}</th>
+                    <th role="cell"></th>
+                </tr>
+            </thead>
+            <tbody role="rowgroup">
+                {% for sc in object_list %}
+                <tr role="row">
+                    <th role="columnheader">
+                        <span>{{ sc.name }}</span>
+                    </th>
+                    <td role="cell">
+                        <span>
+                            {{ sc|verbose_name }}
+                        </span>
+                    </td>
+                    <td role="cell">
+                        <span>
+                            {{ sc.local|yesno:"Yes,No" }}
+                        </span>
+                    </td>
+                    <td role="cell">
+                        <span>
+                            {% if sc.state.healthy %}
+                            <i class="fas fa-check pf-m-success"></i> {{ sc.state.version }}
+                            {% else %}
+                            <i class="fas fa-times pf-m-danger"></i> {% trans 'Unhealthy' %}
+                            {% endif %}
+                        </span>
+                    </td>
+                    <td>
+                        <ak-modal-button href="{% url 'authentik_admin:outpost-service-connection-update' pk=sc.pk %}">
+                            <ak-spinner-button slot="trigger" class="pf-m-secondary">
+                                {% trans 'Edit' %}
+                            </ak-spinner-button>
+                            <div slot="modal"></div>
+                        </ak-modal-button>
+                        <ak-modal-button href="{% url 'authentik_admin:outpost-service-connection-delete' pk=sc.pk %}">
+                            <ak-spinner-button slot="trigger" class="pf-m-danger">
+                                {% trans 'Delete' %}
+                            </ak-spinner-button>
+                            <div slot="modal"></div>
+                        </ak-modal-button>
+                    </td>
+                </tr>
+                {% endfor %}
+            </tbody>
+        </table>
+        <div class="pf-c-pagination pf-m-bottom">
+            {% include 'partials/pagination.html' %}
+        </div>
+        {% else %}
+        <div class="pf-c-toolbar">
+            <div class="pf-c-toolbar__content">
+                {% include 'partials/toolbar_search.html' %}
+            </div>
+        </div>
+        <div class="pf-c-empty-state">
+            <div class="pf-c-empty-state__content">
+                <i class="fas fa-map-marker pf-c-empty-state__icon" aria-hidden="true"></i>
+                <h1 class="pf-c-title pf-m-lg">
+                    {% trans 'No Outpost Service Connections.' %}
+                </h1>
+                <div class="pf-c-empty-state__body">
+                {% if request.GET.search != "" %}
+                    {% trans "Your search query doesn't match any outposts." %}
+                {% else %}
+                    {% trans 'Currently no service connections exist. Click the button below to create one.' %}
+                {% endif %}
+                </div>
+                <ak-dropdown class="pf-c-dropdown">
+                    <button class="pf-m-primary pf-c-dropdown__toggle" type="button">
+                        <span class="pf-c-dropdown__toggle-text">{% trans 'Create' %}</span>
+                        <i class="fas fa-caret-down pf-c-dropdown__toggle-icon" aria-hidden="true"></i>
+                    </button>
+                    <ul class="pf-c-dropdown__menu" hidden>
+                        {% for type, name in types.items %}
+                        <li>
+                            <ak-modal-button href="{% url 'authentik_admin:outpost-service-connection-create' %}?type={{ type }}">
+                                <button slot="trigger" class="pf-c-dropdown__menu-item">
+                                    {{ name|verbose_name }}<br>
+                                    <small>
+                                        {{ name|doc }}
+                                    </small>
+                                </button>
+                                <div slot="modal"></div>
+                            </ak-modal-button>
+                        </li>
+                        {% endfor %}
+                    </ul>
+                </ak-dropdown>
+            </div>
+        </div>
+        {% endif %}
+    </div>
+</section>
+{% endblock %}

authentik/admin/templates/administration/policy/list.html

@@ -0,0 +1,148 @@
+{% extends "administration/base.html" %}
+
+{% load i18n %}
+{% load authentik_utils %}
+
+{% block content %}
+<section class="pf-c-page__main-section pf-m-light">
+    <div class="pf-c-content">
+        <h1>
+            <i class="pf-icon pf-icon-infrastructure"></i>
+            {% trans 'Policies' %}
+        </h1>
+        <p>{% trans "Allow users to use Applications based on properties, enforce Password Criteria and selectively apply Stages." %}</p>
+    </div>
+</section>
+<section class="pf-c-page__main-section pf-m-no-padding-mobile">
+    <div class="pf-c-card">
+        {% if object_list %}
+        <div class="pf-c-toolbar">
+            <div class="pf-c-toolbar__content">
+                {% include 'partials/toolbar_search.html' %}
+                <div class="pf-c-toolbar__bulk-select">
+                    <ak-dropdown class="pf-c-dropdown">
+                        <button class="pf-m-primary pf-c-dropdown__toggle" type="button">
+                            <span class="pf-c-dropdown__toggle-text">{% trans 'Create' %}</span>
+                            <i class="fas fa-caret-down pf-c-dropdown__toggle-icon" aria-hidden="true"></i>
+                        </button>
+                        <ul class="pf-c-dropdown__menu" hidden>
+                            {% for type, name in types.items %}
+                            <li>
+                                <ak-modal-button href="{% url 'authentik_admin:policy-create' %}?type={{ type }}">
+                                    <button slot="trigger" class="pf-c-dropdown__menu-item">
+                                        {{ name|verbose_name }}<br>
+                                        <small>
+                                            {{ name|doc }}
+                                        </small>
+                                    </button>
+                                    <div slot="modal"></div>
+                                </ak-modal-button>
+                            </li>
+                            {% endfor %}
+                        </ul>
+                    </ak-dropdown>
+                </div>
+                {% include 'partials/pagination.html' %}
+            </div>
+        </div>
+        <table class="pf-c-table pf-m-compact pf-m-grid-xl" role="grid">
+            <thead>
+                <tr role="row">
+                    <th role="columnheader" scope="col">{% trans 'Name' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'Type' %}</th>
+                    <th role="cell"></th>
+                </tr>
+            </thead>
+            <tbody role="rowgroup">
+                {% for policy in object_list %}
+                <tr role="row">
+                    <th role="columnheader">
+                        <div>
+                            <div>{{ policy.name }}</div>
+                            {% if not policy.bindings.exists and not policy.promptstage_set.exists %}
+                            <i class="pf-icon pf-icon-warning-triangle"></i>
+                            <small>{% trans 'Warning: Policy is not assigned.' %}</small>
+                            {% else %}
+                            <i class="pf-icon pf-icon-ok"></i>
+                            <small>{% blocktrans with object_count=policy.bindings.all|length %}Assigned to {{ object_count }} objects.{% endblocktrans %}</small>
+                            {% endif %}
+                        </div>
+                    </th>
+                    <td role="cell">
+                        <span>
+                            {{ policy|verbose_name }}
+                        </span>
+                    </td>
+                    <td>
+                        <ak-modal-button href="{% url 'authentik_admin:policy-update' pk=policy.pk %}">
+                            <ak-spinner-button slot="trigger" class="pf-m-secondary">
+                                {% trans 'Edit' %}
+                            </ak-spinner-button>
+                            <div slot="modal"></div>
+                        </ak-modal-button>
+                        <ak-modal-button href="{% url 'authentik_admin:policy-test' pk=policy.pk %}">
+                            <ak-spinner-button slot="trigger" class="pf-m-secondary">
+                                {% trans 'Test' %}
+                            </ak-spinner-button>
+                            <div slot="modal"></div>
+                        </ak-modal-button>
+                        <ak-modal-button href="{% url 'authentik_admin:policy-delete' pk=policy.pk %}">
+                            <ak-spinner-button slot="trigger" class="pf-m-danger">
+                                {% trans 'Delete' %}
+                            </ak-spinner-button>
+                            <div slot="modal"></div>
+                        </ak-modal-button>
+                    </td>
+                </tr>
+                {% endfor %}
+            </tbody>
+        </table>
+        <div class="pf-c-pagination pf-m-bottom">
+            {% include 'partials/pagination.html' %}
+        </div>
+        {% else %}
+        <div class="pf-c-toolbar">
+            <div class="pf-c-toolbar__content">
+                {% include 'partials/toolbar_search.html' %}
+            </div>
+        </div>
+        <div class="pf-c-empty-state">
+            <div class="pf-c-empty-state__content">
+                <i class="pf-icon pf-icon-infrastructure pf-c-empty-state__icon" aria-hidden="true"></i>
+                <h1 class="pf-c-title pf-m-lg">
+                    {% trans 'No Policies.' %}
+                </h1>
+                <div class="pf-c-empty-state__body">
+                {% if request.GET.search != "" %}
+                    {% trans "Your search query doesn't match any policies." %}
+                {% else %}
+                    {% trans 'Currently no policies exist. Click the button below to create one.' %}
+                {% endif %}
+                </div>
+                <ak-dropdown class="pf-c-dropdown">
+                    <button class="pf-m-primary pf-c-dropdown__toggle" type="button">
+                        <span class="pf-c-dropdown__toggle-text">{% trans 'Create' %}</span>
+                        <i class="fas fa-caret-down pf-c-dropdown__toggle-icon" aria-hidden="true"></i>
+                    </button>
+                    <ul class="pf-c-dropdown__menu" hidden>
+                        {% for type, name in types.items %}
+                        <li>
+                            <ak-modal-button href="{% url 'authentik_admin:policy-create' %}?type={{ type }}">
+                                <button slot="trigger" class="pf-c-dropdown__menu-item">
+                                    {{ name|verbose_name }}<br>
+                                    <small>
+                                        {{ name|doc }}
+                                    </small>
+                                </button>
+                                <div slot="modal"></div>
+                            </ak-modal-button>
+                        </li>
+                        {% endfor %}
+                    </ul>
+                </ak-dropdown>
+            </div>
+        </div>
+        {% endif %}
+    </div>
+</section>
+{% endblock %}

authentik/admin/templates/administration/policy/test.html

@@ -3,42 +3,7 @@
 {% load i18n %}
 
 {% block above_form %}
-<h1>{% blocktrans with policy=policy %}Test {{ policy }}{% endblocktrans %}</h1>
-{% endblock %}
-
-{% block beneath_form %}
-{% if result %}
-<div class="pf-c-form__group ">
-    <div class="pf-c-form__group-label">
-        <label class="pf-c-form__label" for="context-1">
-            <span class="pf-c-form__label-text">{% trans 'Passing' %}</span>
-        </label>
-    </div>
-    <div class="pf-c-form__group-label">
-        <div class="c-form__horizontal-group">
-            <span class="pf-c-form__label-text">{{ result.passing|yesno:"Yes,No" }}</span>
-        </div>
-    </div>
-</div>
-<div class="pf-c-form__group ">
-    <div class="pf-c-form__group-label">
-        <label class="pf-c-form__label" for="context-1">
-            <span class="pf-c-form__label-text">{% trans 'Messages' %}</span>
-        </label>
-    </div>
-    <div class="pf-c-form__group-label">
-        <div class="c-form__horizontal-group">
-            <ul>
-                {% for m in result.messages %}
-                <li><span class="pf-c-form__label-text">{{ m }}</span></li>
-                {% empty %}
-                <li><span class="pf-c-form__label-text">-</span></li>
-                {% endfor %}
-            </ul>
-        </div>
-    </div>
-</div>
-{% endif %}
+<h1>{% blocktrans with policy=policy %}Test policy {{ policy }}{% endblocktrans %}</h1>
 {% endblock %}
 
 {% block action %}

authentik/admin/templates/administration/policy_binding/list.html

@@ -0,0 +1,119 @@
+{% extends "administration/base.html" %}
+
+{% load i18n %}
+{% load authentik_utils %}
+
+{% block content %}
+<section class="pf-c-page__main-section pf-m-light">
+    <div class="pf-c-content">
+        <h1>
+            <i class="pf-icon pf-icon-infrastructure"></i>
+            {% trans 'Policy Bindings' %}
+        </h1>
+        <p>{% trans "Bind existing Policies to Models accepting policies." %}</p>
+    </div>
+</section>
+<section class="pf-c-page__main-section pf-m-no-padding-mobile">
+    <div class="pf-c-card">
+        {% if object_list %}
+        <div class="pf-c-toolbar">
+            <div class="pf-c-toolbar__content">
+                <div class="pf-c-toolbar__bulk-select">
+                    <ak-modal-button href="{% url 'authentik_admin:policy-binding-create' %}">
+                        <ak-spinner-button slot="trigger" class="pf-m-primary">
+                            {% trans 'Create' %}
+                        </ak-spinner-button>
+                        <div slot="modal"></div>
+                    </ak-modal-button>
+                    <button role="ak-refresh" class="pf-c-button pf-m-primary">
+                        {% trans 'Refresh' %}
+                    </button>
+                </div>
+                {% include 'partials/pagination.html' %}
+            </div>
+        </div>
+        <table class="pf-c-table pf-m-compact pf-m-grid-xl" role="grid">
+            <thead>
+                <tr role="row">
+                    <th role="columnheader" scope="col">{% trans 'Policy' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'Enabled' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'Order' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'Timeout' %}</th>
+                    <th role="cell"></th>
+                </tr>
+            </thead>
+            <tbody role="rowgroup">
+                {% for pbm in object_list %}
+                    <tr role="role">
+                        <td>
+                            {{ pbm }}
+                            <small>
+                                {{ pbm|fieldtype }}
+                            </small>
+                        </td>
+                        <td></td>
+                        <td></td>
+                        <td></td>
+                        <td></td>
+                    </tr>
+                    {% for binding in pbm.bindings %}
+                    <tr class="row pf-c-table__expandable-row pf-m-expanded">
+                        <th role="cell">
+                            <div>{{ binding.policy }}</div>
+                            <small>
+                                {{ binding.policy|fieldtype }}
+                            </small>
+                        </th>
+                        <th role="cell">
+                            <div>{{ binding.enabled }}</div>
+                        </th>
+                        <th role="cell">
+                            <div>{{ binding.order }}</div>
+                        </th>
+                        <th role="cell">
+                            <div>{{ binding.timeout }}</div>
+                        </th>
+                        <td>
+                            <ak-modal-button href="{% url 'authentik_admin:policy-binding-update' pk=binding.pk %}">
+                                <ak-spinner-button slot="trigger" class="pf-m-secondary">
+                                    {% trans 'Edit' %}
+                                </ak-spinner-button>
+                                <div slot="modal"></div>
+                            </ak-modal-button>
+                            <ak-modal-button href="{% url 'authentik_admin:policy-binding-delete' pk=binding.pk %}">
+                                <ak-spinner-button slot="trigger" class="pf-m-danger">
+                                    {% trans 'Delete' %}
+                                </ak-spinner-button>
+                                <div slot="modal"></div>
+                            </ak-modal-button>
+                        </td>
+                    </tr>
+                    {% endfor %}
+                {% endfor %}
+            </tbody>
+        </table>
+        <div class="pf-c-pagination pf-m-bottom">
+            {% include 'partials/pagination.html' %}
+        </div>
+        {% else %}
+        <div class="pf-c-empty-state">
+            <div class="pf-c-empty-state__content">
+                <i class="fas fa-cubes pf-c-empty-state__icon" aria-hidden="true"></i>
+                <h1 class="pf-c-title pf-m-lg">
+                    {% trans 'No Policy Bindings.' %}
+                </h1>
+                <div class="pf-c-empty-state__body">
+                    {% trans 'Currently no policy bindings exist. Click the button below to create one.' %}
+                </div>
+                <ak-modal-button href="{% url 'authentik_admin:policy-binding-create' %}">
+                    <ak-spinner-button slot="trigger" class="pf-m-primary">
+                        {% trans 'Create' %}
+                    </ak-spinner-button>
+                    <div slot="modal"></div>
+                </ak-modal-button>
+            </div>
+        </div>
+        {% endif %}
+    </div>
+</section>
+{% endblock %}

authentik/admin/templates/administration/property_mapping/list.html

@@ -0,0 +1,139 @@
+{% extends "administration/base.html" %}
+
+{% load i18n %}
+{% load authentik_utils %}
+
+{% block content %}
+<section class="pf-c-page__main-section pf-m-light">
+    <div class="pf-c-content">
+        <h1>
+            <i class="pf-icon pf-icon-blueprint"></i>
+            {% trans 'Property Mappings' %}
+        </h1>
+        <p>{% trans "Control how authentik exposes and interprets information." %}
+        </p>
+    </div>
+</section>
+<section class="pf-c-page__main-section pf-m-no-padding-mobile">
+    <div class="pf-c-card">
+        {% if object_list %}
+        <div class="pf-c-toolbar">
+            <div class="pf-c-toolbar__content">
+                {% include 'partials/toolbar_search.html' %}
+                <div class="pf-c-toolbar__bulk-select">
+                    <ak-dropdown class="pf-c-dropdown">
+                        <button class="pf-m-primary pf-c-dropdown__toggle" type="button">
+                            <span class="pf-c-dropdown__toggle-text">{% trans 'Create' %}</span>
+                            <i class="fas fa-caret-down pf-c-dropdown__toggle-icon" aria-hidden="true"></i>
+                        </button>
+                        <ul class="pf-c-dropdown__menu" hidden>
+                            {% for type, name in types.items %}
+                            <li>
+                                <ak-modal-button href="{% url 'authentik_admin:property-mapping-create' %}?type={{ type }}">
+                                    <button slot="trigger" class="pf-c-dropdown__menu-item">
+                                        {{ name|verbose_name }}<br>
+                                        <small>
+                                            {{ name|doc }}
+                                        </small>
+                                    </button>
+                                    <div slot="modal"></div>
+                                </ak-modal-button>
+                            </li>
+                            {% endfor %}
+                        </ul>
+                    </ak-dropdown>
+                    <button role="ak-refresh" class="pf-c-button pf-m-primary">
+                        {% trans 'Refresh' %}
+                    </button>
+                </div>
+                {% include 'partials/pagination.html' %}
+            </div>
+        </div>
+        <table class="pf-c-table pf-m-compact pf-m-grid-xl" role="grid">
+            <thead>
+                <tr role="row">
+                    <th role="columnheader" scope="col">{% trans 'Name' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'Type' %}</th>
+                    <th role="cell"></th>
+                </tr>
+            </thead>
+            <tbody role="rowgroup">
+                {% for property_mapping in object_list %}
+                <tr role="row">
+                    <td role="cell">
+                        <span>
+                            {{ property_mapping.name }}
+                        </span>
+                    </td>
+                    <td role="cell">
+                        <span>
+                            {{ property_mapping|verbose_name }}
+                        </span>
+                    </td>
+                    <td>
+                        <ak-modal-button href="{% url 'authentik_admin:property-mapping-update' pk=property_mapping.pk %}">
+                            <ak-spinner-button slot="trigger" class="pf-m-secondary">
+                                {% trans 'Edit' %}
+                            </ak-spinner-button>
+                            <div slot="modal"></div>
+                        </ak-modal-button>
+                        <ak-modal-button href="{% url 'authentik_admin:property-mapping-delete' pk=property_mapping.pk %}">
+                            <ak-spinner-button slot="trigger" class="pf-m-danger">
+                                {% trans 'Delete' %}
+                            </ak-spinner-button>
+                            <div slot="modal"></div>
+                        </ak-modal-button>
+                    </td>
+                </tr>
+                {% endfor %}
+            </tbody>
+        </table>
+        <div class="pf-c-pagination pf-m-bottom">
+            {% include 'partials/pagination.html' %}
+        </div>
+        {% else %}
+        <div class="pf-c-toolbar">
+            <div class="pf-c-toolbar__content">
+                {% include 'partials/toolbar_search.html' %}
+            </div>
+        </div>
+        <div class="pf-c-empty-state">
+            <div class="pf-c-empty-state__content">
+                <i class="pf-icon pf-icon-blueprint pf-c-empty-state__icon" aria-hidden="true"></i>
+                <h1 class="pf-c-title pf-m-lg">
+                    {% trans 'No Property Mappings.' %}
+                </h1>
+                <div class="pf-c-empty-state__body">
+                {% if request.GET.search != "" %}
+                    {% trans "Your search query doesn't match any property mappings." %}
+                {% else %}
+                    {% trans 'Currently no property mappings exist. Click the button below to create one.' %}
+                {% endif %}
+                </div>
+                <ak-dropdown class="pf-c-dropdown">
+                    <button class="pf-m-primary pf-c-dropdown__toggle" type="button">
+                        <span class="pf-c-dropdown__toggle-text">{% trans 'Create' %}</span>
+                        <i class="fas fa-caret-down pf-c-dropdown__toggle-icon" aria-hidden="true"></i>
+                    </button>
+                    <ul class="pf-c-dropdown__menu" hidden>
+                        {% for type, name in types.items %}
+                        <li>
+                            <ak-modal-button href="{% url 'authentik_admin:property-mapping-create' %}?type={{ type }}">
+                                <button slot="trigger" class="pf-c-dropdown__menu-item">
+                                    {{ name|verbose_name }}<br>
+                                    <small>
+                                        {{ name|doc }}
+                                    </small>
+                                </button>
+                                <div slot="modal"></div>
+                            </ak-modal-button>
+                        </li>
+                        {% endfor %}
+                    </ul>
+                </ak-dropdown>
+            </div>
+        </div>
+        {% endif %}
+    </div>
+</section>
+{% endblock %}

authentik/admin/templates/administration/provider/list.html

@@ -0,0 +1,159 @@
+{% extends "administration/base.html" %}
+
+{% load i18n %}
+{% load authentik_utils %}
+{% load admin_reflection %}
+
+{% block content %}
+<section class="pf-c-page__main-section pf-m-light">
+    <div class="pf-c-content">
+        <h1>
+            <i class="pf-icon pf-icon-integration"></i>
+            {% trans 'Providers' %}
+        </h1>
+        <p>{% trans "Provide support for protocols like SAML and OAuth to assigned applications." %}
+    </p>
+    </div>
+</section>
+<section class="pf-c-page__main-section pf-m-no-padding-mobile">
+    <div class="pf-c-card">
+        {% if object_list %}
+        <div class="pf-c-toolbar">
+            <div class="pf-c-toolbar__content">
+                {% include 'partials/toolbar_search.html' %}
+                <div class="pf-c-toolbar__bulk-select">
+                    <ak-dropdown class="pf-c-dropdown">
+                        <button class="pf-m-primary pf-c-dropdown__toggle" type="button">
+                            <span class="pf-c-dropdown__toggle-text">{% trans 'Create' %}</span>
+                            <i class="fas fa-caret-down pf-c-dropdown__toggle-icon" aria-hidden="true"></i>
+                        </button>
+                        <ul class="pf-c-dropdown__menu" hidden>
+                            {% for type, name in types.items %}
+                            <li>
+                                <ak-modal-button href="{% url 'authentik_admin:provider-create' %}?type={{ type }}">
+                                    <button slot="trigger" class="pf-c-dropdown__menu-item">
+                                        {{ name|verbose_name }}<br>
+                                        <small>
+                                            {{ name|doc }}
+                                        </small>
+                                    </button>
+                                    <div slot="modal"></div>
+                                </ak-modal-button>
+                            </li>
+                            {% endfor %}
+                        </ul>
+                    </ak-dropdown>
+                    <button role="ak-refresh" class="pf-c-button pf-m-primary">
+                        {% trans 'Refresh' %}
+                    </button>
+                </div>
+                {% include 'partials/pagination.html' %}
+            </div>
+        </div>
+        <table class="pf-c-table pf-m-compact pf-m-grid-xl" role="grid">
+            <thead>
+                <tr role="row">
+                    <th role="columnheader" scope="col">{% trans 'Name' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'Type' %}</th>
+                    <th role="cell"></th>
+                </tr>
+            </thead>
+            <tbody role="rowgroup">
+                {% for provider in object_list %}
+                <tr role="row">
+                    <th role="columnheader">
+                        <div>
+                            <div>{{ provider.name }}</div>
+                            {% if not provider.application %}
+                            <i class="pf-icon pf-icon-warning-triangle"></i>
+                            <small>{% trans 'Warning: Provider not assigned to any application.' %}</small>
+                            {% else %}
+                            <i class="pf-icon pf-icon-ok"></i>
+                            <small>
+                                {% blocktrans with app=provider.application %}
+                                    Assigned to application {{ app }}.
+                                {% endblocktrans %}
+                            </small>
+                            {% endif %}
+                        </div>
+                    </th>
+                    <td role="cell">
+                        <span>
+                            {{ provider|verbose_name }}
+                        </span>
+                    </td>
+                    <td>
+                        <ak-modal-button href="{% url 'authentik_admin:provider-update' pk=provider.pk %}">
+                            <ak-spinner-button slot="trigger" class="pf-m-secondary">
+                                {% trans 'Edit' %}
+                            </ak-spinner-button>
+                            <div slot="modal"></div>
+                        </ak-modal-button>
+                        <ak-modal-button href="{% url 'authentik_admin:provider-delete' pk=provider.pk %}">
+                            <ak-spinner-button slot="trigger" class="pf-m-danger">
+                                {% trans 'Delete' %}
+                            </ak-spinner-button>
+                            <div slot="modal"></div>
+                        </ak-modal-button>
+                        {% get_links provider as links %}
+                        {% for name, href in links.items %}
+                            <a class="pf-c-button pf-m-tertiary ak-root-link" href="{{ href }}?back={{ request.get_full_path }}">{% trans name %}</a>
+                        {% endfor %}
+                        {% get_htmls provider as htmls %}
+                        {% for html in htmls %}
+                            {{ html|safe }}
+                        {% endfor %}
+                    </td>
+                </tr>
+                {% endfor %}
+            </tbody>
+        </table>
+        <div class="pf-c-pagination pf-m-bottom">
+            {% include 'partials/pagination.html' %}
+        </div>
+        {% else %}
+        <div class="pf-c-toolbar">
+            <div class="pf-c-toolbar__content">
+                {% include 'partials/toolbar_search.html' %}
+            </div>
+        </div>
+        <div class="pf-c-empty-state">
+            <div class="pf-c-empty-state__content">
+                <i class="pf-icon-integration pf-c-empty-state__icon" aria-hidden="true"></i>
+                <h1 class="pf-c-title pf-m-lg">
+                    {% trans 'No Providers.' %}
+                </h1>
+                <div class="pf-c-empty-state__body">
+                {% if request.GET.search != "" %}
+                    {% trans "Your search query doesn't match any providers." %}
+                {% else %}
+                    {% trans 'Currently no providers exist. Click the button below to create one.' %}
+                {% endif %}
+                </div>
+                <ak-dropdown class="pf-c-dropdown">
+                    <button class="pf-m-primary pf-c-dropdown__toggle" type="button">
+                        <span class="pf-c-dropdown__toggle-text">{% trans 'Create' %}</span>
+                        <i class="fas fa-caret-down pf-c-dropdown__toggle-icon" aria-hidden="true"></i>
+                    </button>
+                    <ul class="pf-c-dropdown__menu" hidden>
+                        {% for type, name in types.items %}
+                        <li>
+                            <ak-modal-button href="{% url 'authentik_admin:provider-create' %}?type={{ type }}">
+                                <button slot="trigger" class="pf-c-dropdown__menu-item">
+                                    {{ name|verbose_name }}<br>
+                                    <small>
+                                        {{ name|doc }}
+                                    </small>
+                                </button>
+                                <div slot="modal"></div>
+                            </ak-modal-button>
+                        </li>
+                        {% endfor %}
+                    </ul>
+                </ak-dropdown>
+            </div>
+        </div>
+        {% endif %}
+    </div>
+</section>
+{% endblock %}

authentik/admin/templates/administration/source/list.html

@@ -0,0 +1,153 @@
+{% extends "administration/base.html" %}
+
+{% load i18n %}
+{% load authentik_utils %}
+{% load admin_reflection %}
+
+{% block content %}
+<section class="pf-c-page__main-section pf-m-light">
+    <div class="pf-c-content">
+        <h1>
+            <i class="pf-icon pf-icon-middleware"></i>
+            {% trans 'Source' %}
+        </h1>
+        <p>{% trans "External Sources which can be used to get Identities into authentik, for example Social Providers like Twiter and GitHub or Enterprise Providers like ADFS and LDAP." %}
+        </p>
+    </div>
+</section>
+<section class="pf-c-page__main-section pf-m-no-padding-mobile">
+    <div class="pf-c-card">
+        {% if object_list %}
+        <div class="pf-c-toolbar">
+            <div class="pf-c-toolbar__content">
+                {% include 'partials/toolbar_search.html' %}
+                <div class="pf-c-toolbar__bulk-select">
+                    <ak-dropdown class="pf-c-dropdown">
+                        <button class="pf-m-primary pf-c-dropdown__toggle" type="button">
+                            <span class="pf-c-dropdown__toggle-text">{% trans 'Create' %}</span>
+                            <i class="fas fa-caret-down pf-c-dropdown__toggle-icon" aria-hidden="true"></i>
+                        </button>
+                        <ul class="pf-c-dropdown__menu" hidden>
+                            {% for type, name in types.items %}
+                            <li>
+                                <ak-modal-button href="{% url 'authentik_admin:source-create' %}?type={{ type }}">
+                                    <button slot="trigger" class="pf-c-dropdown__menu-item">
+                                        {{ name|verbose_name }}<br>
+                                        <small>
+                                            {{ name|doc }}
+                                        </small>
+                                    </button>
+                                    <div slot="modal"></div>
+                                </ak-modal-button>
+                            </li>
+                            {% endfor %}
+                        </ul>
+                    </ak-dropdown>
+                    <button role="ak-refresh" class="pf-c-button pf-m-primary">
+                        {% trans 'Refresh' %}
+                    </button>
+                </div>
+                {% include 'partials/pagination.html' %}
+            </div>
+        </div>
+        <table class="pf-c-table pf-m-compact pf-m-grid-xl" role="grid">
+            <thead>
+                <tr role="row">
+                    <th role="columnheader" scope="col">{% trans 'Name' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'Type' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'Additional Info' %}</th>
+                    <th role="cell"></th>
+                </tr>
+            </thead>
+            <tbody role="rowgroup">
+                {% for source in object_list %}
+                <tr role="row">
+                    <th role="columnheader">
+                        <a href="/sources/{{ source.slug }}/">
+                            <div>{{ source.name }}</div>
+                            {% if not source.enabled %}
+                            <small>{% trans 'Disabled' %}</small>
+                            {% endif %}
+                        </a>
+                    </th>
+                    <td role="cell">
+                        <span>
+                            {{ source|fieldtype }}
+                        </span>
+                    </td>
+                    <td role="cell">
+                        <span>
+                            {{ source.ui_additional_info|default:""|safe }}
+                        </span>
+                    </td>
+                    <td>
+                        <ak-modal-button href="{% url 'authentik_admin:source-update' pk=source.pk %}">
+                            <ak-spinner-button slot="trigger" class="pf-m-secondary">
+                                {% trans 'Edit' %}
+                            </ak-spinner-button>
+                            <div slot="modal"></div>
+                        </ak-modal-button>
+                        <ak-modal-button href="{% url 'authentik_admin:source-delete' pk=source.pk %}">
+                            <ak-spinner-button slot="trigger" class="pf-m-danger">
+                                {% trans 'Delete' %}
+                            </ak-spinner-button>
+                            <div slot="modal"></div>
+                        </ak-modal-button>
+                        {% get_links source as links %}
+                        {% for name, href in links %}
+                            <a class="pf-c-button pf-m-tertiary ak-root-link" href="{{ href }}?back={{ request.get_full_path }}">{% trans name %}</a>
+                        {% endfor %}
+                    </td>
+                </tr>
+                {% endfor %}
+            </tbody>
+        </table>
+        <div class="pf-c-pagination pf-m-bottom">
+            {% include 'partials/pagination.html' %}
+        </div>
+        {% else %}
+        <div class="pf-c-toolbar">
+            <div class="pf-c-toolbar__content">
+                {% include 'partials/toolbar_search.html' %}
+            </div>
+        </div>
+        <div class="pf-c-empty-state">
+            <div class="pf-c-empty-state__content">
+                <i class="pf-icon pf-icon-middleware pf-c-empty-state__icon" aria-hidden="true"></i>
+                <h1 class="pf-c-title pf-m-lg">
+                    {% trans 'No Sources.' %}
+                </h1>
+                <div class="pf-c-empty-state__body">
+                {% if request.GET.search != "" %}
+                    {% trans "Your search query doesn't match any sources." %}
+                {% else %}
+                    {% trans 'Currently no sources exist. Click the button below to create one.' %}
+                {% endif %}
+                </div>
+                <ak-dropdown class="pf-c-dropdown">
+                    <button class="pf-m-primary pf-c-dropdown__toggle" type="button">
+                        <span class="pf-c-dropdown__toggle-text">{% trans 'Create' %}</span>
+                        <i class="fas fa-caret-down pf-c-dropdown__toggle-icon" aria-hidden="true"></i>
+                    </button>
+                    <ul class="pf-c-dropdown__menu" hidden>
+                        {% for type, name in types.items %}
+                        <li>
+                            <ak-modal-button href="{% url 'authentik_admin:source-create' %}?type={{ type }}">
+                                <button slot="trigger" class="pf-c-dropdown__menu-item">
+                                    {{ name|verbose_name }}<br>
+                                    <small>
+                                        {{ name|doc }}
+                                    </small>
+                                </button>
+                                <div slot="modal"></div>
+                            </ak-modal-button>
+                        </li>
+                        {% endfor %}
+                    </ul>
+                </ak-dropdown>
+            </div>
+        </div>
+        {% endif %}
+    </div>
+</section>
+{% endblock %}

authentik/admin/templates/administration/stage/list.html

@@ -0,0 +1,148 @@
+{% extends "administration/base.html" %}
+
+{% load i18n %}
+{% load authentik_utils %}
+{% load admin_reflection %}
+
+{% block content %}
+<section class="pf-c-page__main-section pf-m-light">
+    <div class="pf-c-content">
+        <h1>
+            <i class="pf-icon pf-icon-plugged"></i>
+            {% trans 'Stages' %}
+        </h1>
+        <p>{% trans "Stages are single steps of a Flow that a user is guided through." %}</p>
+    </div>
+</section>
+<section class="pf-c-page__main-section pf-m-no-padding-mobile">
+    <div class="pf-c-card">
+        {% if object_list %}
+        <div class="pf-c-toolbar">
+            <div class="pf-c-toolbar__content">
+                {% include 'partials/toolbar_search.html' %}
+                <div class="pf-c-toolbar__bulk-select">
+                    <ak-dropdown class="pf-c-dropdown">
+                        <button class="pf-m-primary pf-c-dropdown__toggle" type="button">
+                            <span class="pf-c-dropdown__toggle-text">{% trans 'Create' %}</span>
+                            <i class="fas fa-caret-down pf-c-dropdown__toggle-icon" aria-hidden="true"></i>
+                        </button>
+                        <ul class="pf-c-dropdown__menu" hidden>
+                            {% for type, name in types.items %}
+                            <li>
+                                <ak-modal-button href="{% url 'authentik_admin:stage-create' %}?type={{ type }}">
+                                    <button slot="trigger" class="pf-c-dropdown__menu-item">
+                                        {{ name|verbose_name }}<br>
+                                        <small>
+                                            {{ name|doc }}
+                                        </small>
+                                    </button>
+                                    <div slot="modal"></div>
+                                </ak-modal-button>
+                            </li>
+                            {% endfor %}
+                        </ul>
+                    </ak-dropdown>
+                    <button role="ak-refresh" class="pf-c-button pf-m-primary">
+                        {% trans 'Refresh' %}
+                    </button>
+                </div>
+                {% include 'partials/pagination.html' %}
+            </div>
+        </div>
+        <table class="pf-c-table pf-m-compact pf-m-grid-xl" role="grid">
+            <thead>
+                <tr role="row">
+                    <th role="columnheader" scope="col">{% trans 'Name' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'Flows' %}</th>
+                    <th role="cell"></th>
+                </tr>
+            </thead>
+            <tbody role="rowgroup">
+                {% for stage in object_list %}
+                <tr role="row">
+                    <th role="columnheader">
+                        <div>
+                            <div>{{ stage.name }}</div>
+                            <small>{{ stage|verbose_name }}</small>
+                        </div>
+                    </th>
+                    <td role="cell">
+                        <ul>
+                            {% for flow in stage.flow_set.all %}
+                            <li>{{ flow.slug }}<</li>
+                            {% empty %}
+                            <li>-</li>
+                            {% endfor %}
+                        </ul>
+                    </td>
+                    <td>
+                        <ak-modal-button href="{% url 'authentik_admin:stage-update' pk=stage.stage_uuid %}">
+                            <ak-spinner-button slot="trigger" class="pf-m-secondary">
+                                {% trans 'Edit' %}
+                            </ak-spinner-button>
+                            <div slot="modal"></div>
+                        </ak-modal-button>
+                        <ak-modal-button href="{% url 'authentik_admin:stage-delete' pk=stage.stage_uuid %}">
+                            <ak-spinner-button slot="trigger" class="pf-m-danger">
+                                {% trans 'Delete' %}
+                            </ak-spinner-button>
+                            <div slot="modal"></div>
+                        </ak-modal-button>
+                        {% get_links stage as links %}
+                        {% for name, href in links.items %}
+                        <a class="pf-c-button pf-m-tertiary ak-root-link" href="{{ href }}?back={{ request.get_full_path }}">{% trans name %}</a>
+                        {% endfor %}
+                    </td>
+                </tr>
+                {% endfor %}
+            </tbody>
+        </table>
+        <div class="pf-c-pagination pf-m-bottom">
+            {% include 'partials/pagination.html' %}
+        </div>
+        {% else %}
+        <div class="pf-c-toolbar">
+            <div class="pf-c-toolbar__content">
+                {% include 'partials/toolbar_search.html' %}
+            </div>
+        </div>
+        <div class="pf-c-empty-state">
+            <div class="pf-c-empty-state__content">
+                <i class="pf-icon pf-icon-plugged pf-c-empty-state__icon" aria-hidden="true"></i>
+                <h1 class="pf-c-title pf-m-lg">
+                    {% trans 'No Stages.' %}
+                </h1>
+                <div class="pf-c-empty-state__body">
+                {% if request.GET.search != "" %}
+                    {% trans "Your search query doesn't match any stages." %}
+                {% else %}
+                    {% trans 'Currently no stages exist. Click the button below to create one.' %}
+                {% endif %}
+                </div>
+                <ak-dropdown class="pf-c-dropdown">
+                    <button class="pf-m-primary pf-c-dropdown__toggle" type="button">
+                        <span class="pf-c-dropdown__toggle-text">{% trans 'Create' %}</span>
+                        <i class="fas fa-caret-down pf-c-dropdown__toggle-icon" aria-hidden="true"></i>
+                    </button>
+                    <ul class="pf-c-dropdown__menu" hidden>
+                        {% for type, name in types.items %}
+                        <li>
+                            <ak-modal-button href="{% url 'authentik_admin:stage-create' %}?type={{ type }}">
+                                <button slot="trigger" class="pf-c-dropdown__menu-item">
+                                    {{ name|verbose_name }}<br>
+                                    <small>
+                                        {{ name|doc }}
+                                    </small>
+                                </button>
+                                <div slot="modal"></div>
+                            </ak-modal-button>
+                        </li>
+                        {% endfor %}
+                    </ul>
+                </ak-dropdown>
+            </div>
+        </div>
+        {% endif %}
+    </div>
+</section>
+{% endblock %}

authentik/admin/templates/administration/stage_binding/list.html

@@ -0,0 +1,125 @@
+{% extends "administration/base.html" %}
+
+{% load i18n %}
+{% load authentik_utils %}
+
+{% block content %}
+<section class="pf-c-page__main-section pf-m-light">
+    <div class="pf-c-content">
+        <h1>
+            <i class="pf-icon pf-icon-infrastructure"></i>
+            {% trans 'Stage Bindings' %}
+        </h1>
+        <p>{% trans "Bind existing Stages to Flows." %}</p>
+    </div>
+</section>
+<section class="pf-c-page__main-section pf-m-no-padding-mobile">
+    <div class="pf-c-card">
+        {% if object_list %}
+        <div class="pf-c-toolbar">
+            <div class="pf-c-toolbar__content">
+                <div class="pf-c-toolbar__bulk-select">
+                    <ak-modal-button href="{% url 'authentik_admin:stage-binding-create' %}">
+                        <ak-spinner-button slot="trigger" class="pf-m-primary">
+                            {% trans 'Create' %}
+                        </ak-spinner-button>
+                        <div slot="modal"></div>
+                    </ak-modal-button>
+                    <button role="ak-refresh" class="pf-c-button pf-m-primary">
+                        {% trans 'Refresh' %}
+                    </button>
+                </div>
+                {% include 'partials/pagination.html' %}
+            </div>
+        </div>
+        <table class="pf-c-table pf-m-compact pf-m-grid-xl" role="grid">
+            <thead>
+                <tr role="row">
+                    <th role="columnheader" scope="col">{% trans 'Order' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'Name' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'Stage Type' %}</th>
+                    <th role="cell"></th>
+                </tr>
+            </thead>
+            <tbody role="rowgroup">
+                {% regroup object_list by target as grouped_bindings %}
+                {% for flow in grouped_bindings %}
+                    <tr role="role">
+                        <td>
+                            {% blocktrans with slug=flow.grouper.slug %}
+                            Flow {{ slug }}
+                            {% endblocktrans %}
+                        </td>
+                        <td></td>
+                        <td></td>
+                        <td></td>
+                    </tr>
+                    {% for binding in flow.list %}
+                    <tr class="pf-c-table__expandable-row pf-m-expanded" role="row">
+                        <td role="cell">
+                            <span>
+                                {{ binding.order }}
+                            </span>
+                        </td>
+                        <th role="columnheader">
+                            <div>
+                                <div>{{ binding.target.slug }}</div>
+                                <small>
+                                    {{ binding.target.name }}
+                                </small>
+                            </div>
+                        </th>
+                        <td role="cell">
+                            <div>
+                                <div>
+                                    {{ binding.stage.name }}
+                                </div>
+                                <small>
+                                    {{ binding.stage }}
+                                </small>
+                            </div>
+                        </td>
+                        <td>
+                            <ak-modal-button href="{% url 'authentik_admin:stage-binding-update' pk=binding.pk %}">
+                                <ak-spinner-button slot="trigger" class="pf-m-secondary">
+                                    {% trans 'Update' %}
+                                </ak-spinner-button>
+                                <div slot="modal"></div>
+                            </ak-modal-button>
+                            <ak-modal-button href="{% url 'authentik_admin:stage-binding-delete' pk=binding.pk %}">
+                                <ak-spinner-button slot="trigger" class="pf-m-danger">
+                                    {% trans 'Delete' %}
+                                </ak-spinner-button>
+                                <div slot="modal"></div>
+                            </ak-modal-button>
+                        </td>
+                    </tr>
+                    {% endfor %}
+                {% endfor %}
+            </tbody>
+        </table>
+        <div class="pf-c-pagination pf-m-bottom">
+            {% include 'partials/pagination.html' %}
+        </div>
+        {% else %}
+        <div class="pf-c-empty-state">
+            <div class="pf-c-empty-state__content">
+                <i class="fas fa-cubes pf-c-empty-state__icon" aria-hidden="true"></i>
+                <h1 class="pf-c-title pf-m-lg">
+                    {% trans 'No Flow-Stage Bindings.' %}
+                </h1>
+                <div class="pf-c-empty-state__body">
+                    {% trans 'Currently no flow-stage bindings exist. Click the button below to create one.' %}
+                </div>
+                <ak-modal-button href="{% url 'authentik_admin:stage-binding-create' %}">
+                    <ak-spinner-button slot="trigger" class="pf-m-primary">
+                        {% trans 'Create' %}
+                    </ak-spinner-button>
+                    <div slot="modal"></div>
+                </ak-modal-button>
+            </div>
+        </div>
+        {% endif %}
+    </div>
+</section>
+{% endblock %}

authentik/admin/templates/administration/stage_invitation/list.html

@@ -0,0 +1,109 @@
+{% extends "administration/base.html" %}
+
+{% load i18n %}
+{% load authentik_utils %}
+
+{% block content %}
+<section class="pf-c-page__main-section pf-m-light">
+    <div class="pf-c-content">
+        <h1>
+            <i class="pf-icon pf-icon-migration"></i>
+            {% trans 'Invitations' %}
+        </h1>
+        <p>{% trans "Create Invitation Links to enroll Users, and optionally force specific attributes of their account." %}
+        </p>
+    </div>
+</section>
+<section class="pf-c-page__main-section pf-m-no-padding-mobile">
+    <div class="pf-c-card">
+        {% if object_list %}
+        <div class="pf-c-toolbar">
+            <div class="pf-c-toolbar__content">
+                {% include 'partials/toolbar_search.html' %}
+                <div class="pf-c-toolbar__bulk-select">
+                    <ak-modal-button href="{% url 'authentik_admin:stage-invitation-create' %}">
+                        <ak-spinner-button slot="trigger" class="pf-m-primary">
+                            {% trans 'Create' %}
+                        </ak-spinner-button>
+                        <div slot="modal"></div>
+                    </ak-modal-button>
+                    <button role="ak-refresh" class="pf-c-button pf-m-primary">
+                        {% trans 'Refresh' %}
+                    </button>
+                </div>
+                {% include 'partials/pagination.html' %}
+            </div>
+        </div>
+        <table class="pf-c-table pf-m-compact pf-m-grid-xl" role="grid">
+            <thead>
+                <tr role="row">
+                    <th role="columnheader" scope="col">{% trans 'ID' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'Created by' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'Expiry' %}</th>
+                    <th role="cell"></th>
+                </tr>
+            </thead>
+            <tbody role="rowgroup">
+                {% for invitation in object_list %}
+                <tr role="row">
+                    <td role="cell">
+                        <span>
+                            {{ invitation.invite_uuid }}
+                        </span>
+                    </td>
+                    <td role="cell">
+                        <span>
+                            {{ invitation.created_by }}
+                        </span>
+                    </td>
+                    <td role="cell">
+                        <span>
+                            {{ invitation.expiry|default:"-" }}
+                        </span>
+                    </td>
+                    <td>
+                        <ak-modal-button href="{% url 'authentik_admin:stage-invitation-delete' pk=invitation.pk %}">
+                            <ak-spinner-button slot="trigger" class="pf-m-danger">
+                                {% trans 'Delete' %}
+                            </ak-spinner-button>
+                            <div slot="modal"></div>
+                        </ak-modal-button>
+                    </td>
+                </tr>
+                {% endfor %}
+            </tbody>
+        </table>
+        <div class="pf-c-pagination pf-m-bottom">
+            {% include 'partials/pagination.html' %}
+        </div>
+        {% else %}
+        <div class="pf-c-toolbar">
+            <div class="pf-c-toolbar__content">
+                {% include 'partials/toolbar_search.html' %}
+            </div>
+        </div>
+        <div class="pf-c-empty-state">
+            <div class="pf-c-empty-state__content">
+                <i class="pf-icon pf-icon-migration pf-c-empty-state__icon" aria-hidden="true"></i>
+                <h1 class="pf-c-title pf-m-lg">
+                    {% trans 'No Invitations.' %}
+                </h1>
+                <div class="pf-c-empty-state__body">
+                {% if request.GET.search != "" %}
+                    {% trans "Your search query doesn't match any invitations." %}
+                {% else %}
+                    {% trans 'Currently no invitations exist. Click the button below to create one.' %}
+                {% endif %}
+                </div>
+                <ak-modal-button href="{% url 'authentik_admin:stage-invitation-create' %}">
+                    <ak-spinner-button slot="trigger" class="pf-m-primary">
+                        {% trans 'Create' %}
+                    </ak-spinner-button>
+                    <div slot="modal"></div>
+                </ak-modal-button>
+            </div>
+        </div>
+        {% endif %}
+    </div>
+</section>
+{% endblock %}

authentik/admin/templates/administration/stage_prompt/list.html

@@ -0,0 +1,130 @@
+{% extends "administration/base.html" %}
+
+{% load i18n %}
+{% load authentik_utils %}
+{% load admin_reflection %}
+
+{% block content %}
+<section class="pf-c-page__main-section pf-m-light">
+    <div class="pf-c-content">
+        <h1>
+            <i class="pf-icon pf-icon-plugged"></i>
+            {% trans 'Prompts' %}
+        </h1>
+        <p>{% trans "Single Prompts that can be used for Prompt Stages." %}</p>
+    </div>
+</section>
+<section class="pf-c-page__main-section pf-m-no-padding-mobile">
+    <div class="pf-c-card">
+        {% if object_list %}
+        <div class="pf-c-toolbar">
+            <div class="pf-c-toolbar__content">
+                {% include 'partials/toolbar_search.html' %}
+                <div class="pf-c-toolbar__bulk-select">
+                    <ak-modal-button href="{% url 'authentik_admin:stage-prompt-create' %}">
+                        <ak-spinner-button slot="trigger" class="pf-m-primary">
+                            {% trans 'Create' %}
+                        </ak-spinner-button>
+                        <div slot="modal"></div>
+                    </ak-modal-button>
+                    <button role="ak-refresh" class="pf-c-button pf-m-primary">
+                        {% trans 'Refresh' %}
+                    </button>
+                </div>
+                {% include 'partials/pagination.html' %}
+            </div>
+        </div>
+        <table class="pf-c-table pf-m-compact pf-m-grid-xl" role="grid">
+            <thead>
+                <tr role="row">
+                    <th role="columnheader" scope="col">{% trans 'Field' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'Label' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'Type' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'Order' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'Flows' %}</th>
+                    <th role="cell"></th>
+                </tr>
+            </thead>
+            <tbody role="rowgroup">
+                {% for prompt in object_list %}
+                <tr role="row">
+                    <th role="columnheader">
+                        <div>
+                            <div>{{ prompt.field_key }}</div>
+                        </div>
+                    </th>
+                    <td role="cell">
+                        <div>
+                            {{ prompt.label }}
+                        </div>
+                    </td>
+                    <td role="cell">
+                        <div>
+                            {{ prompt.type }}
+                        </div>
+                    </td>
+                    <td role="cell">
+                        <div>
+                            {{ prompt.order }}
+                        </div>
+                    </td>
+                    <td role="cell">
+                        <ul>
+                            {% for flow in prompt.flow_set.all %}
+                            <li>{{ flow.slug }}</li>
+                            {% empty %}
+                            <li>-</li>
+                            {% endfor %}
+                        </ul>
+                    </td>
+                    <td>
+                        <ak-modal-button href="{% url 'authentik_admin:stage-prompt-update' pk=prompt.pk %}">
+                            <ak-spinner-button slot="trigger" class="pf-m-secondary">
+                                {% trans 'Update' %}
+                            </ak-spinner-button>
+                            <div slot="modal"></div>
+                        </ak-modal-button>
+                        <ak-modal-button href="{% url 'authentik_admin:stage-prompt-delete' pk=prompt.pk %}">
+                            <ak-spinner-button slot="trigger" class="pf-m-danger">
+                                {% trans 'Delete' %}
+                            </ak-spinner-button>
+                            <div slot="modal"></div>
+                        </ak-modal-button>
+                        {% get_links prompt as links %}
+                        {% for name, href in links.items %}
+                        <a class="pf-c-button pf-m-tertiary ak-root-link" href="{{ href }}?back={{ request.get_full_path }}">{% trans name %}</a>
+                        {% endfor %}
+                    </td>
+                </tr>
+                {% endfor %}
+            </tbody>
+        </table>
+        <div class="pf-c-pagination pf-m-bottom">
+            {% include 'partials/pagination.html' %}
+        </div>
+        {% else %}
+        <div class="pf-c-toolbar">
+            <div class="pf-c-toolbar__content">
+                {% include 'partials/toolbar_search.html' %}
+            </div>
+        </div>
+        <div class="pf-c-empty-state">
+            <div class="pf-c-empty-state__content">
+                <i class="pf-icon pf-icon-plugged pf-c-empty-state__icon" aria-hidden="true"></i>
+                <h1 class="pf-c-title pf-m-lg">
+                    {% trans 'No Stage Prompts.' %}
+                </h1>
+                <div class="pf-c-empty-state__body">
+                {% if request.GET.search != "" %}
+                    {% trans "Your search query doesn't match any stage prompts." %}
+                {% else %}
+                    {% trans 'Currently no stage prompts exist. Click the button below to create one.' %}
+                {% endif %}
+                </div>
+                <a href="{% url 'authentik_admin:stage-prompt-create' %}?back={{ request.get_full_path }}" class="pf-c-button pf-m-primary" type="button">{% trans 'Create' %}</a>
+            </div>
+        </div>
+        {% endif %}
+    </div>
+</section>
+{% endblock %}

authentik/admin/templates/administration/task/list.html

@@ -0,0 +1,84 @@
+{% extends "administration/base.html" %}
+
+{% load i18n %}
+{% load humanize %}
+{% load authentik_utils %}
+
+{% block content %}
+<section class="pf-c-page__main-section pf-m-light">
+    <div class="pf-c-content">
+        <h1>
+            <i class="pf-icon pf-icon-automation"></i>
+            {% trans 'System Tasks' %}
+        </h1>
+        <p>{% trans "Long-running operations which authentik executes in the background." %}</p>
+    </div>
+</section>
+<section class="pf-c-page__main-section pf-m-no-padding-mobile">
+    <div class="pf-c-card">
+        <div class="pf-c-toolbar">
+            <div class="pf-c-toolbar__content">
+                <button role="ak-refresh" class="pf-c-button pf-m-primary">
+                    {% trans 'Refresh' %}
+                </button>
+            </div>
+        </div>
+        <table class="pf-c-table pf-m-compact pf-m-grid-xl" role="grid">
+            <thead>
+                <tr role="row">
+                    <th role="columnheader" scope="col">{% trans 'Identifier' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'Description' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'Last Run' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'Status' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'Messages' %}</th>
+                    <th role="cell"></th>
+                </tr>
+            </thead>
+            <tbody role="rowgroup">
+                {% for task in object_list %}
+                <tr role="row">
+                    <th role="columnheader">
+                        <pre>{{ task.task_name }}</pre>
+                    </th>
+                    <td role="cell">
+                        <span>
+                            {{ task.task_description }}
+                        </span>
+                    </td>
+                    <td role="cell">
+                        <span>
+                            {{ task.finish_timestamp|naturaltime }}
+                        </span>
+                    </td>
+                    <td role="cell">
+                        <span>
+                            {% if task.result.status == task_successful %}
+                            <i class="fas fa-check pf-m-success"></i> {% trans 'Successful' %}
+                            {% elif task.result.status == task_warning %}
+                            <i class="fas fa-exclamation-triangle pf-m-warning"></i> {% trans 'Warning' %}
+                            {% elif task.result.status == task_error %}
+                            <i class="fas fa-times pf-m-danger"></i> {% trans 'Error' %}
+                            {% else %}
+                            <i class="fas fa-question-circle"></i> {% trans 'Unknown' %}
+                            {% endif %}
+                        </span>
+                    </td>
+                    <td>
+                        {% for message in task.result.messages %}
+                        <div>
+                            {{ message }}
+                        </div>
+                        {% endfor %}
+                    </td>
+                    <td>
+                        <ak-action-button url="{% url 'authentik_api:admin_system_tasks-retry' pk=task.task_name %}">
+                            {% trans 'Retry Task' %}
+                        </ak-action-button>
+                    </td>
+                </tr>
+                {% endfor %}
+            </tbody>
+        </table>
+    </div>
+</section>
+{% endblock %}

authentik/admin/templates/administration/token/list.html

@@ -0,0 +1,102 @@
+{% extends "administration/base.html" %}
+
+{% load i18n %}
+{% load authentik_utils %}
+
+{% block content %}
+<section class="pf-c-page__main-section pf-m-light">
+    <div class="pf-c-content">
+        <h1>
+            <i class="pf-icon pf-icon-security"></i>
+            {% trans 'Tokens' %}
+        </h1>
+        <p>{% trans "Tokens are used throughout authentik for Email validation stages, Recovery keys and API access." %}</p>
+    </div>
+</section>
+<section class="pf-c-page__main-section pf-m-no-padding-mobile">
+    <div class="pf-c-card">
+        {% if object_list %}
+        <div class="pf-c-toolbar">
+            <div class="pf-c-toolbar__content">
+                {% include 'partials/toolbar_search.html' %}
+                {% include 'partials/pagination.html' %}
+            </div>
+        </div>
+        <table class="pf-c-table pf-m-compact pf-m-grid-xl" role="grid">
+            <thead>
+                <tr role="row">
+                    <th role="columnheader" scope="col">{% trans 'Identifier' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'User' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'Expires?' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'Expiry Date' %}</th>
+                    <th role="cell"></th>
+                </tr>
+            </thead>
+            <tbody role="rowgroup">
+                {% for token in object_list %}
+                <tr role="row">
+                    <th role="columnheader">
+                        <div>{{ token.identifier }}</div>
+                    </th>
+                    <td role="cell">
+                        <span>
+                            {{ token.user }}
+                        </span>
+                    </td>
+                    <td role="cell">
+                        <span>
+                            {{ token.expiring|yesno:"Yes,No" }}
+                        </span>
+                    </td>
+                    <td role="cell">
+                        <span>
+                            {% if not token.expiring %}
+                            -
+                            {% else %}
+                            {{ token.expires }}
+                            {% endif %}
+                        </span>
+                    </td>
+                    <td>
+                        <ak-modal-button href="{% url 'authentik_admin:token-delete' pk=token.pk %}">
+                            <ak-spinner-button slot="trigger" class="pf-m-danger">
+                                {% trans 'Delete' %}
+                            </ak-spinner-button>
+                            <div slot="modal"></div>
+                        </ak-modal-button>
+                        <ak-token-copy-button identifier="{{ token.identifier }}">
+                            {% trans 'Copy token' %}
+                        </ak-token-copy-button>
+                    </td>
+                </tr>
+                {% endfor %}
+            </tbody>
+        </table>
+        <div class="pf-c-pagination pf-m-bottom">
+            {% include 'partials/pagination.html' %}
+        </div>
+        {% else %}
+        <div class="pf-c-toolbar">
+            <div class="pf-c-toolbar__content">
+                {% include 'partials/toolbar_search.html' %}
+            </div>
+        </div>
+        <div class="pf-c-empty-state">
+            <div class="pf-c-empty-state__content">
+                <i class="fas fa-key pf-c-empty-state__icon" aria-hidden="true"></i>
+                <h1 class="pf-c-title pf-m-lg">
+                    {% trans 'No Tokens.' %}
+                </h1>
+                <div class="pf-c-empty-state__body">
+                {% if request.GET.search != "" %}
+                    {% trans "Your search query doesn't match any token." %}
+                {% else %}
+                    {% trans 'Currently no tokens exist.' %}
+                {% endif %}
+                </div>
+            </div>
+        </div>
+        {% endif %}
+    </div>
+</section>
+{% endblock %}

authentik/admin/templates/administration/user/list.html

@@ -0,0 +1,125 @@
+{% extends "administration/base.html" %}
+
+{% load i18n %}
+{% load authentik_utils %}
+
+{% block content %}
+<section class="pf-c-page__main-section pf-m-light">
+    <div class="pf-c-content">
+        <h1>
+            <i class="pf-icon pf-icon-user"></i>
+            {% trans 'Users' %}
+        </h1>
+    </div>
+</section>
+<section class="pf-c-page__main-section pf-m-no-padding-mobile">
+    <div class="pf-c-card">
+        {% if object_list %}
+        <div class="pf-c-toolbar">
+            <div class="pf-c-toolbar__content">
+                {% include 'partials/toolbar_search.html' %}
+                <div class="pf-c-toolbar__bulk-select">
+                    <ak-modal-button href="{% url 'authentik_admin:user-create' %}">
+                        <ak-spinner-button slot="trigger" class="pf-m-primary">
+                            {% trans 'Create' %}
+                        </ak-spinner-button>
+                        <div slot="modal"></div>
+                    </ak-modal-button>
+                    <button role="ak-refresh" class="pf-c-button pf-m-primary">
+                        {% trans 'Refresh' %}
+                    </button>
+                </div>
+                {% include 'partials/pagination.html' %}
+            </div>
+        </div>
+        <table class="pf-c-table pf-m-compact pf-m-grid-xl" role="grid">
+            <thead>
+                <tr role="row">
+                    <th role="columnheader" scope="col">{% trans 'Name' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'Active' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'Last Login' %}</th>
+                    <th role="cell"></th>
+                </tr>
+            </thead>
+            <tbody role="rowgroup">
+                {% for user in object_list %}
+                <tr role="row">
+                    <th role="columnheader">
+                        <div>
+                            <div>{{ user.username }}</div>
+                            <small>{{ user.name }}</small>
+                        </div>
+                    </th>
+                    <td role="cell">
+                        <span>
+                            {{ user.is_active }}
+                        </span>
+                    </td>
+                    <td role="cell">
+                        <span>
+                            {{ user.last_login }}
+                        </span>
+                    </td>
+                    <td>
+                        <ak-modal-button href="{% url 'authentik_admin:user-update' pk=user.pk %}">
+                            <ak-spinner-button slot="trigger" class="pf-m-secondary">
+                                {% trans 'Edit' %}
+                            </ak-spinner-button>
+                            <div slot="modal"></div>
+                        </ak-modal-button>
+                        {% if user.is_active %}
+                        <ak-modal-button href="{% url 'authentik_admin:user-disable' pk=user.pk %}">
+                            <ak-spinner-button slot="trigger" class="pf-m-warning">
+                                {% trans 'Disable' %}
+                            </ak-spinner-button>
+                            <div slot="modal"></div>
+                        </ak-modal-button>
+                        {% else %}
+                        <ak-modal-button href="{% url 'authentik_admin:user-delete' pk=user.pk %}">
+                            <ak-spinner-button slot="trigger" class="pf-m-primary">
+                                {% trans 'Enable' %}
+                            </ak-spinner-button>
+                            <div slot="modal"></div>
+                        </ak-modal-button>
+                        {% endif %}
+                        <a class="pf-c-button pf-m-tertiary ak-root-link" href="{% url 'authentik_admin:user-password-reset' pk=user.pk %}?back={{ request.get_full_path }}">{% trans 'Reset Password' %}</a>
+                        <a class="pf-c-button pf-m-tertiary ak-root-link" href="{% url 'authentik_core:impersonate-init' user_id=user.pk %}">{% trans 'Impersonate' %}</a>
+                    </td>
+                </tr>
+                {% endfor %}
+            </tbody>
+        </table>
+        <div class="pf-c-pagination pf-m-bottom">
+            {% include 'partials/pagination.html' %}
+        </div>
+        {% else %}
+        <div class="pf-c-toolbar">
+            <div class="pf-c-toolbar__content">
+                {% include 'partials/toolbar_search.html' %}
+            </div>
+        </div>
+        <div class="pf-c-empty-state">
+            <div class="pf-c-empty-state__content">
+                <i class="pf-icon pf-icon-user pf-c-empty-state__icon" aria-hidden="true"></i>
+                <h1 class="pf-c-title pf-m-lg">
+                    {% trans 'No Users.' %}
+                </h1>
+                <div class="pf-c-empty-state__body">
+                {% if request.GET.search != "" %}
+                    {% trans "Your search query doesn't match any users." %}
+                {% else %}
+                    {% trans 'Currently no users exist. How did you even get here.' %}
+                {% endif %}
+                </div>
+                <ak-modal-button href="{% url 'authentik_admin:user-create' %}">
+                    <ak-spinner-button slot="trigger" class="pf-m-primary">
+                        {% trans 'Create' %}
+                    </ak-spinner-button>
+                    <div slot="modal"></div>
+                </ak-modal-button>
+            </div>
+        </div>
+        {% endif %}
+    </div>
+</section>
+{% endblock %}

authentik/admin/templatetags/admin_reflection.py

@@ -0,0 +1,62 @@
+"""authentik admin templatetags"""
+from django import template
+from django.db.models import Model
+from django.utils.html import mark_safe
+from structlog import get_logger
+
+register = template.Library()
+LOGGER = get_logger()
+
+
+@register.simple_tag()
+def get_links(model_instance):
+    """Find all link_ methods on an object instance, run them and return as dict"""
+    prefix = "link_"
+    links = {}
+
+    if not isinstance(model_instance, Model):
+        LOGGER.warning("Model is not instance of Model", model_instance=model_instance)
+        return links
+
+    try:
+        for name in dir(model_instance):
+            if not name.startswith(prefix):
+                continue
+            value = getattr(model_instance, name)
+            if not callable(value):
+                continue
+            human_name = name.replace(prefix, "").replace("_", " ").capitalize()
+            link = value()
+            if link:
+                links[human_name] = link
+    except NotImplementedError:
+        pass
+
+    return links
+
+
+@register.simple_tag(takes_context=True)
+def get_htmls(context, model_instance):
+    """Find all html_ methods on an object instance, run them and return as dict"""
+    prefix = "html_"
+    htmls = []
+
+    if not isinstance(model_instance, Model):
+        LOGGER.warning("Model is not instance of Model", model_instance=model_instance)
+        return htmls
+
+    try:
+        for name in dir(model_instance):
+            if not name.startswith(prefix):
+                continue
+            value = getattr(model_instance, name)
+            if not callable(value):
+                continue
+            if name.startswith(prefix):
+                html = value(context.get("request"))
+                if html:
+                    htmls.append(mark_safe(html))
+    except NotImplementedError:
+        pass
+
+    return htmls

authentik/admin/tests/test_api.py

@@ -1,8 +1,8 @@
 """test admin api"""
 from json import loads
 
+from django.shortcuts import reverse
 from django.test import TestCase
-from django.urls import reverse
 
 from authentik import __version__
 from authentik.core.models import Group, User

authentik/admin/tests/test_generated.py

@@ -3,8 +3,8 @@ from importlib import import_module
 from typing import Callable
 
 from django.forms import ModelForm
+from django.shortcuts import reverse
 from django.test import Client, TestCase
-from django.urls import reverse
 from django.urls.exceptions import NoReverseMatch
 
 from authentik.admin.urls import urlpatterns

authentik/admin/tests/test_tasks.py

@@ -1,81 +0,0 @@
-"""test admin tasks"""
-import json
-from dataclasses import dataclass
-from unittest.mock import Mock, patch
-
-from django.core.cache import cache
-from django.test import TestCase
-from requests.exceptions import RequestException
-
-from authentik.admin.tasks import VERSION_CACHE_KEY, update_latest_version
-from authentik.events.models import Event, EventAction
-
-
-@dataclass
-class MockResponse:
-    """Mock class to emulate the methods of requests's Response we need"""
-
-    status_code: int
-    response: str
-
-    def json(self) -> dict:
-        """Get json parsed response"""
-        return json.loads(self.response)
-
-    def raise_for_status(self):
-        """raise RequestException if status code is 400 or more"""
-        if self.status_code >= 400:
-            raise RequestException
-
-
-REQUEST_MOCK_VALID = Mock(
-    return_value=MockResponse(
-        200,
-        """{
-            "tag_name": "version/99999999.9999999",
-            "body": "https://goauthentik.io/test"
-        }""",
-    )
-)
-
-REQUEST_MOCK_INVALID = Mock(return_value=MockResponse(400, "{}"))
-
-
-class TestAdminTasks(TestCase):
-    """test admin tasks"""
-
-    @patch("authentik.admin.tasks.get", REQUEST_MOCK_VALID)
-    def test_version_valid_response(self):
-        """Test Update checker with valid response"""
-        update_latest_version.delay().get()
-        self.assertEqual(cache.get(VERSION_CACHE_KEY), "99999999.9999999")
-        self.assertTrue(
-            Event.objects.filter(
-                action=EventAction.UPDATE_AVAILABLE,
-                context__new_version="99999999.9999999",
-                context__message="Changelog: https://goauthentik.io/test",
-            ).exists()
-        )
-        # test that a consecutive check doesn't create a duplicate event
-        update_latest_version.delay().get()
-        self.assertEqual(
-            len(
-                Event.objects.filter(
-                    action=EventAction.UPDATE_AVAILABLE,
-                    context__new_version="99999999.9999999",
-                    context__message="Changelog: https://goauthentik.io/test",
-                )
-            ),
-            1,
-        )
-
-    @patch("authentik.admin.tasks.get", REQUEST_MOCK_INVALID)
-    def test_version_error(self):
-        """Test Update checker with invalid response"""
-        update_latest_version.delay().get()
-        self.assertEqual(cache.get(VERSION_CACHE_KEY), "0.0.0")
-        self.assertFalse(
-            Event.objects.filter(
-                action=EventAction.UPDATE_AVAILABLE, context__new_version="0.0.0"
-            ).exists()
-        )

authentik/admin/urls.py

@@ -4,8 +4,6 @@ from django.urls import path
 from authentik.admin.views import (
     applications,
     certificate_key_pair,
-    events_notifications_rules,
-    events_notifications_transports,
     flows,
     groups,
     outposts,
@@ -20,10 +18,10 @@ from authentik.admin.views import (
     stages_bindings,
     stages_invitations,
     stages_prompts,
+    tasks,
     tokens,
     users,
 )
-from authentik.providers.saml.views.metadata import MetadataImportView
 
 urlpatterns = [
     path(
@@ -37,6 +35,9 @@ urlpatterns = [
         name="overview-clear-policy-cache",
     ),
     # Applications
+    path(
+        "applications/", applications.ApplicationListView.as_view(), name="applications"
+    ),
     path(
         "applications/create/",
         applications.ApplicationCreateView.as_view(),
@@ -53,12 +54,14 @@ urlpatterns = [
         name="application-delete",
     ),
     # Tokens
+    path("tokens/", tokens.TokenListView.as_view(), name="tokens"),
     path(
         "tokens/<uuid:pk>/delete/",
         tokens.TokenDeleteView.as_view(),
         name="token-delete",
     ),
     # Sources
+    path("sources/", sources.SourceListView.as_view(), name="sources"),
     path("sources/create/", sources.SourceCreateView.as_view(), name="source-create"),
     path(
         "sources/<uuid:pk>/update/",
@@ -71,6 +74,7 @@ urlpatterns = [
         name="source-delete",
     ),
     # Policies
+    path("policies/", policies.PolicyListView.as_view(), name="policies"),
     path("policies/create/", policies.PolicyCreateView.as_view(), name="policy-create"),
     path(
         "policies/<uuid:pk>/update/",
@@ -88,6 +92,11 @@ urlpatterns = [
         name="policy-test",
     ),
     # Policy bindings
+    path(
+        "policies/bindings/",
+        policies_bindings.PolicyBindingListView.as_view(),
+        name="policies-bindings",
+    ),
     path(
         "policies/bindings/create/",
         policies_bindings.PolicyBindingCreateView.as_view(),
@@ -104,16 +113,12 @@ urlpatterns = [
         name="policy-binding-delete",
     ),
     # Providers
+    path("providers/", providers.ProviderListView.as_view(), name="providers"),
     path(
         "providers/create/",
         providers.ProviderCreateView.as_view(),
         name="provider-create",
     ),
-    path(
-        "providers/create/saml/from-metadata/",
-        MetadataImportView.as_view(),
-        name="provider-saml-from-metadata",
-    ),
     path(
         "providers/<int:pk>/update/",
         providers.ProviderUpdateView.as_view(),
@@ -125,6 +130,7 @@ urlpatterns = [
         name="provider-delete",
     ),
     # Stages
+    path("stages/", stages.StageListView.as_view(), name="stages"),
     path("stages/create/", stages.StageCreateView.as_view(), name="stage-create"),
     path(
         "stages/<uuid:pk>/update/",
@@ -137,6 +143,11 @@ urlpatterns = [
         name="stage-delete",
     ),
     # Stage bindings
+    path(
+        "stages/bindings/",
+        stages_bindings.StageBindingListView.as_view(),
+        name="stage-bindings",
+    ),
     path(
         "stages/bindings/create/",
         stages_bindings.StageBindingCreateView.as_view(),
@@ -154,21 +165,31 @@ urlpatterns = [
     ),
     # Stage Prompts
     path(
-        "stages_prompts/create/",
+        "stages/prompts/",
+        stages_prompts.PromptListView.as_view(),
+        name="stage-prompts",
+    ),
+    path(
+        "stages/prompts/create/",
         stages_prompts.PromptCreateView.as_view(),
         name="stage-prompt-create",
     ),
     path(
-        "stages_prompts/<uuid:pk>/update/",
+        "stages/prompts/<uuid:pk>/update/",
         stages_prompts.PromptUpdateView.as_view(),
         name="stage-prompt-update",
     ),
     path(
-        "stages_prompts/<uuid:pk>/delete/",
+        "stages/prompts/<uuid:pk>/delete/",
         stages_prompts.PromptDeleteView.as_view(),
         name="stage-prompt-delete",
     ),
     # Stage Invitations
+    path(
+        "stages/invitations/",
+        stages_invitations.InvitationListView.as_view(),
+        name="stage-invitations",
+    ),
     path(
         "stages/invitations/create/",
         stages_invitations.InvitationCreateView.as_view(),
@@ -180,6 +201,7 @@ urlpatterns = [
         name="stage-invitation-delete",
     ),
     # Flows
+    path("flows/", flows.FlowListView.as_view(), name="flows"),
     path(
         "flows/create/",
         flows.FlowCreateView.as_view(),
@@ -211,6 +233,11 @@ urlpatterns = [
         name="flow-delete",
     ),
     # Property Mappings
+    path(
+        "property-mappings/",
+        property_mappings.PropertyMappingListView.as_view(),
+        name="property-mappings",
+    ),
     path(
         "property-mappings/create/",
         property_mappings.PropertyMappingCreateView.as_view(),
@@ -226,12 +253,8 @@ urlpatterns = [
         property_mappings.PropertyMappingDeleteView.as_view(),
         name="property-mapping-delete",
     ),
-    path(
-        "property-mappings/<uuid:pk>/test/",
-        property_mappings.PropertyMappingTestView.as_view(),
-        name="property-mapping-test",
-    ),
     # Users
+    path("users/", users.UserListView.as_view(), name="users"),
     path("users/create/", users.UserCreateView.as_view(), name="user-create"),
     path("users/<int:pk>/update/", users.UserUpdateView.as_view(), name="user-update"),
     path("users/<int:pk>/delete/", users.UserDeleteView.as_view(), name="user-delete"),
@@ -245,6 +268,7 @@ urlpatterns = [
         name="user-password-reset",
     ),
     # Groups
+    path("groups/", groups.GroupListView.as_view(), name="groups"),
     path("groups/create/", groups.GroupCreateView.as_view(), name="group-create"),
     path(
         "groups/<uuid:pk>/update/",
@@ -257,16 +281,16 @@ urlpatterns = [
         name="group-delete",
     ),
     # Certificate-Key Pairs
+    path(
+        "crypto/certificates/",
+        certificate_key_pair.CertificateKeyPairListView.as_view(),
+        name="certificate_key_pair",
+    ),
     path(
         "crypto/certificates/create/",
         certificate_key_pair.CertificateKeyPairCreateView.as_view(),
         name="certificatekeypair-create",
     ),
-    path(
-        "crypto/certificates/generate/",
-        certificate_key_pair.CertificateKeyPairGenerateView.as_view(),
-        name="certificatekeypair-generate",
-    ),
     path(
         "crypto/certificates/<uuid:pk>/update/",
         certificate_key_pair.CertificateKeyPairUpdateView.as_view(),
@@ -278,6 +302,11 @@ urlpatterns = [
         name="certificatekeypair-delete",
     ),
     # Outposts
+    path(
+        "outposts/",
+        outposts.OutpostListView.as_view(),
+        name="outposts",
+    ),
     path(
         "outposts/create/",
         outposts.OutpostCreateView.as_view(),
@@ -295,50 +324,29 @@ urlpatterns = [
     ),
     # Outpost Service Connections
     path(
-        "outpost_service_connections/create/",
+        "outposts/service_connections/",
+        outposts_service_connections.OutpostServiceConnectionListView.as_view(),
+        name="outpost-service-connections",
+    ),
+    path(
+        "outposts/service_connections/create/",
         outposts_service_connections.OutpostServiceConnectionCreateView.as_view(),
         name="outpost-service-connection-create",
     ),
     path(
-        "outpost_service_connections/<uuid:pk>/update/",
+        "outposts/service_connections/<uuid:pk>/update/",
         outposts_service_connections.OutpostServiceConnectionUpdateView.as_view(),
         name="outpost-service-connection-update",
     ),
     path(
-        "outpost_service_connections/<uuid:pk>/delete/",
+        "outposts/service_connections/<uuid:pk>/delete/",
         outposts_service_connections.OutpostServiceConnectionDeleteView.as_view(),
         name="outpost-service-connection-delete",
     ),
-    # Event Notification Transpots
+    # Tasks
     path(
-        "events/transports/create/",
-        events_notifications_transports.NotificationTransportCreateView.as_view(),
-        name="notification-transport-create",
-    ),
-    path(
-        "events/transports/<uuid:pk>/update/",
-        events_notifications_transports.NotificationTransportUpdateView.as_view(),
-        name="notification-transport-update",
-    ),
-    path(
-        "events/transports/<uuid:pk>/delete/",
-        events_notifications_transports.NotificationTransportDeleteView.as_view(),
-        name="notification-transport-delete",
-    ),
-    # Event Notification Rules
-    path(
-        "events/rules/create/",
-        events_notifications_rules.NotificationRuleCreateView.as_view(),
-        name="notification-rule-create",
-    ),
-    path(
-        "events/rules/<uuid:pk>/update/",
-        events_notifications_rules.NotificationRuleUpdateView.as_view(),
-        name="notification-rule-update",
-    ),
-    path(
-        "events/rules/<uuid:pk>/delete/",
-        events_notifications_rules.NotificationRuleDeleteView.as_view(),
-        name="notification-rule-delete",
+        "tasks/",
+        tasks.TaskListView.as_view(),
+        name="tasks",
     ),
 ]

authentik/admin/views/applications.py

@@ -1,24 +1,52 @@
 """authentik Application administration"""
-from typing import Any
-
 from django.contrib.auth.mixins import LoginRequiredMixin
 from django.contrib.auth.mixins import (
     PermissionRequiredMixin as DjangoPermissionRequiredMixin,
 )
 from django.contrib.messages.views import SuccessMessageMixin
+from django.urls import reverse_lazy
 from django.utils.translation import gettext as _
-from django.views.generic import UpdateView
-from guardian.mixins import PermissionRequiredMixin
-from guardian.shortcuts import get_objects_for_user
+from django.views.generic import ListView, UpdateView
+from guardian.mixins import PermissionListMixin, PermissionRequiredMixin
 
-from authentik.admin.views.utils import DeleteMessageView
+from authentik.admin.views.utils import (
+    BackSuccessUrlMixin,
+    DeleteMessageView,
+    SearchListMixin,
+    UserPaginateListMixin,
+)
 from authentik.core.forms.applications import ApplicationForm
 from authentik.core.models import Application
 from authentik.lib.views import CreateAssignPermView
 
 
+class ApplicationListView(
+    LoginRequiredMixin,
+    PermissionListMixin,
+    UserPaginateListMixin,
+    SearchListMixin,
+    ListView,
+):
+    """Show list of all applications"""
+
+    model = Application
+    permission_required = "authentik_core.view_application"
+    ordering = "name"
+    template_name = "administration/application/list.html"
+
+    search_fields = [
+        "name",
+        "slug",
+        "meta_launch_url",
+        "meta_icon_url",
+        "meta_description",
+        "meta_publisher",
+    ]
+
+
 class ApplicationCreateView(
     SuccessMessageMixin,
+    BackSuccessUrlMixin,
     LoginRequiredMixin,
     DjangoPermissionRequiredMixin,
     CreateAssignPermView,
@@ -29,29 +57,14 @@ class ApplicationCreateView(
     form_class = ApplicationForm
     permission_required = "authentik_core.add_application"
 
-    success_url = "/"
     template_name = "generic/create.html"
+    success_url = reverse_lazy("authentik_admin:applications")
     success_message = _("Successfully created Application")
 
-    def get_initial(self) -> dict[str, Any]:
-        if "provider" in self.request.GET:
-            try:
-                initial_provider_pk = int(self.request.GET["provider"])
-            except ValueError:
-                return super().get_initial()
-            providers = (
-                get_objects_for_user(self.request.user, "authentik_core.view_provider")
-                .filter(pk=initial_provider_pk)
-                .select_subclasses()
-            )
-            if not providers.exists():
-                return {}
-            return {"provider": providers.first()}
-        return super().get_initial()
-
 
 class ApplicationUpdateView(
     SuccessMessageMixin,
+    BackSuccessUrlMixin,
     LoginRequiredMixin,
     PermissionRequiredMixin,
     UpdateView,
@@ -62,8 +75,8 @@ class ApplicationUpdateView(
     form_class = ApplicationForm
     permission_required = "authentik_core.change_application"
 
-    success_url = "/"
     template_name = "generic/update.html"
+    success_url = reverse_lazy("authentik_admin:applications")
     success_message = _("Successfully updated Application")
 
 
@@ -75,6 +88,6 @@ class ApplicationDeleteView(
     model = Application
     permission_required = "authentik_core.delete_application"
 
-    success_url = "/"
     template_name = "generic/delete.html"
+    success_url = reverse_lazy("authentik_admin:applications")
     success_message = _("Successfully deleted Application")

authentik/admin/views/certificate_key_pair.py

@@ -4,25 +4,42 @@ from django.contrib.auth.mixins import (
     PermissionRequiredMixin as DjangoPermissionRequiredMixin,
 )
 from django.contrib.messages.views import SuccessMessageMixin
-from django.http.response import HttpResponse
 from django.urls import reverse_lazy
 from django.utils.translation import gettext as _
-from django.views.generic import UpdateView
-from django.views.generic.edit import FormView
-from guardian.mixins import PermissionRequiredMixin
+from django.views.generic import ListView, UpdateView
+from guardian.mixins import PermissionListMixin, PermissionRequiredMixin
 
-from authentik.admin.views.utils import DeleteMessageView
-from authentik.crypto.builder import CertificateBuilder
-from authentik.crypto.forms import (
-    CertificateKeyPairForm,
-    CertificateKeyPairGenerateForm,
+from authentik.admin.views.utils import (
+    BackSuccessUrlMixin,
+    DeleteMessageView,
+    SearchListMixin,
+    UserPaginateListMixin,
 )
+from authentik.crypto.forms import CertificateKeyPairForm
 from authentik.crypto.models import CertificateKeyPair
 from authentik.lib.views import CreateAssignPermView
 
 
+class CertificateKeyPairListView(
+    LoginRequiredMixin,
+    PermissionListMixin,
+    UserPaginateListMixin,
+    SearchListMixin,
+    ListView,
+):
+    """Show list of all keypairs"""
+
+    model = CertificateKeyPair
+    permission_required = "authentik_crypto.view_certificatekeypair"
+    ordering = "name"
+    template_name = "administration/certificatekeypair/list.html"
+
+    search_fields = ["name"]
+
+
 class CertificateKeyPairCreateView(
     SuccessMessageMixin,
+    BackSuccessUrlMixin,
     LoginRequiredMixin,
     DjangoPermissionRequiredMixin,
     CreateAssignPermView,
@@ -34,39 +51,13 @@ class CertificateKeyPairCreateView(
     permission_required = "authentik_crypto.add_certificatekeypair"
 
     template_name = "generic/create.html"
-    success_url = reverse_lazy("authentik_core:shell")
-    success_message = _("Successfully created Certificate-Key Pair")
-
-
-class CertificateKeyPairGenerateView(
-    SuccessMessageMixin,
-    LoginRequiredMixin,
-    DjangoPermissionRequiredMixin,
-    FormView,
-):
-    """Generate new CertificateKeyPair"""
-
-    model = CertificateKeyPair
-    form_class = CertificateKeyPairGenerateForm
-    permission_required = "authentik_crypto.add_certificatekeypair"
-
-    template_name = "administration/certificatekeypair/generate.html"
-    success_url = reverse_lazy("authentik_core:shell")
-    success_message = _("Successfully generated Certificate-Key Pair")
-
-    def form_valid(self, form: CertificateKeyPairGenerateForm) -> HttpResponse:
-        builder = CertificateBuilder()
-        builder.common_name = form.data["common_name"]
-        builder.build(
-            subject_alt_names=form.data.get("subject_alt_name", "").split(","),
-            validity_days=int(form.data["validity_days"]),
-        )
-        builder.save()
-        return super().form_valid(form)
+    success_url = reverse_lazy("authentik_admin:certificate_key_pair")
+    success_message = _("Successfully created CertificateKeyPair")
 
 
 class CertificateKeyPairUpdateView(
     SuccessMessageMixin,
+    BackSuccessUrlMixin,
     LoginRequiredMixin,
     PermissionRequiredMixin,
     UpdateView,
@@ -78,7 +69,7 @@ class CertificateKeyPairUpdateView(
     permission_required = "authentik_crypto.change_certificatekeypair"
 
     template_name = "generic/update.html"
-    success_url = reverse_lazy("authentik_core:shell")
+    success_url = reverse_lazy("authentik_admin:certificate_key_pair")
     success_message = _("Successfully updated Certificate-Key Pair")
 
 
@@ -91,5 +82,5 @@ class CertificateKeyPairDeleteView(
     permission_required = "authentik_crypto.delete_certificatekeypair"
 
     template_name = "generic/delete.html"
-    success_url = reverse_lazy("authentik_core:shell")
+    success_url = reverse_lazy("authentik_admin:certificate_key_pair")
     success_message = _("Successfully deleted Certificate-Key Pair")

authentik/admin/views/events_notifications_rules.py

@@ -1,61 +0,0 @@
-"""authentik NotificationRule administration"""
-from django.contrib.auth.mixins import LoginRequiredMixin
-from django.contrib.auth.mixins import (
-    PermissionRequiredMixin as DjangoPermissionRequiredMixin,
-)
-from django.contrib.messages.views import SuccessMessageMixin
-from django.utils.translation import gettext as _
-from django.views.generic import UpdateView
-from guardian.mixins import PermissionRequiredMixin
-
-from authentik.admin.views.utils import DeleteMessageView
-from authentik.events.forms import NotificationRuleForm
-from authentik.events.models import NotificationRule
-from authentik.lib.views import CreateAssignPermView
-
-
-class NotificationRuleCreateView(
-    SuccessMessageMixin,
-    LoginRequiredMixin,
-    DjangoPermissionRequiredMixin,
-    CreateAssignPermView,
-):
-    """Create new NotificationRule"""
-
-    model = NotificationRule
-    form_class = NotificationRuleForm
-    permission_required = "authentik_events.add_NotificationRule"
-
-    success_url = "/"
-    template_name = "generic/create.html"
-    success_message = _("Successfully created Notification Rule")
-
-
-class NotificationRuleUpdateView(
-    SuccessMessageMixin,
-    LoginRequiredMixin,
-    PermissionRequiredMixin,
-    UpdateView,
-):
-    """Update application"""
-
-    model = NotificationRule
-    form_class = NotificationRuleForm
-    permission_required = "authentik_events.change_NotificationRule"
-
-    success_url = "/"
-    template_name = "generic/update.html"
-    success_message = _("Successfully updated Notification Rule")
-
-
-class NotificationRuleDeleteView(
-    LoginRequiredMixin, PermissionRequiredMixin, DeleteMessageView
-):
-    """Delete application"""
-
-    model = NotificationRule
-    permission_required = "authentik_events.delete_NotificationRule"
-
-    success_url = "/"
-    template_name = "generic/delete.html"
-    success_message = _("Successfully deleted Notification Rule")

authentik/admin/views/events_notifications_transports.py

@@ -1,58 +0,0 @@
-"""authentik NotificationTransport administration"""
-from django.contrib.auth.mixins import LoginRequiredMixin
-from django.contrib.auth.mixins import (
-    PermissionRequiredMixin as DjangoPermissionRequiredMixin,
-)
-from django.contrib.messages.views import SuccessMessageMixin
-from django.utils.translation import gettext as _
-from django.views.generic import UpdateView
-from guardian.mixins import PermissionRequiredMixin
-
-from authentik.admin.views.utils import DeleteMessageView
-from authentik.events.forms import NotificationTransportForm
-from authentik.events.models import NotificationTransport
-from authentik.lib.views import CreateAssignPermView
-
-
-class NotificationTransportCreateView(
-    SuccessMessageMixin,
-    LoginRequiredMixin,
-    DjangoPermissionRequiredMixin,
-    CreateAssignPermView,
-):
-    """Create new NotificationTransport"""
-
-    model = NotificationTransport
-    form_class = NotificationTransportForm
-    permission_required = "authentik_events.add_notificationtransport"
-    success_url = "/"
-    template_name = "generic/create.html"
-    success_message = _("Successfully created Notification Transport")
-
-
-class NotificationTransportUpdateView(
-    SuccessMessageMixin,
-    LoginRequiredMixin,
-    PermissionRequiredMixin,
-    UpdateView,
-):
-    """Update application"""
-
-    model = NotificationTransport
-    form_class = NotificationTransportForm
-    permission_required = "authentik_events.change_notificationtransport"
-    success_url = "/"
-    template_name = "generic/update.html"
-    success_message = _("Successfully updated Notification Transport")
-
-
-class NotificationTransportDeleteView(
-    LoginRequiredMixin, PermissionRequiredMixin, DeleteMessageView
-):
-    """Delete application"""
-
-    model = NotificationTransport
-    permission_required = "authentik_events.delete_notificationtransport"
-    success_url = "/"
-    template_name = "generic/delete.html"
-    success_message = _("Successfully deleted Notification Transport")

authentik/admin/views/flows.py

@@ -8,11 +8,15 @@ from django.contrib.messages.views import SuccessMessageMixin
 from django.http import HttpRequest, HttpResponse, JsonResponse
 from django.urls import reverse_lazy
 from django.utils.translation import gettext as _
-from django.views.generic import DetailView, FormView, UpdateView
-from guardian.mixins import PermissionRequiredMixin
+from django.views.generic import DetailView, FormView, ListView, UpdateView
+from guardian.mixins import PermissionListMixin, PermissionRequiredMixin
 
-from authentik.admin.views.utils import DeleteMessageView
-from authentik.flows.exceptions import FlowNonApplicableException
+from authentik.admin.views.utils import (
+    BackSuccessUrlMixin,
+    DeleteMessageView,
+    SearchListMixin,
+    UserPaginateListMixin,
+)
 from authentik.flows.forms import FlowForm, FlowImportForm
 from authentik.flows.models import Flow
 from authentik.flows.planner import PLAN_CONTEXT_PENDING_USER
@@ -21,11 +25,28 @@ from authentik.flows.transfer.exporter import FlowExporter
 from authentik.flows.transfer.importer import FlowImporter
 from authentik.flows.views import SESSION_KEY_PLAN, FlowPlanner
 from authentik.lib.utils.urls import redirect_with_qs
-from authentik.lib.views import CreateAssignPermView, bad_request_message
+from authentik.lib.views import CreateAssignPermView
+
+
+class FlowListView(
+    LoginRequiredMixin,
+    PermissionListMixin,
+    UserPaginateListMixin,
+    SearchListMixin,
+    ListView,
+):
+    """Show list of all flows"""
+
+    model = Flow
+    permission_required = "authentik_flows.view_flow"
+    ordering = "name"
+    template_name = "administration/flow/list.html"
+    search_fields = ["name", "slug", "designation", "title"]
 
 
 class FlowCreateView(
     SuccessMessageMixin,
+    BackSuccessUrlMixin,
     LoginRequiredMixin,
     DjangoPermissionRequiredMixin,
     CreateAssignPermView,
@@ -37,12 +58,13 @@ class FlowCreateView(
     permission_required = "authentik_flows.add_flow"
 
     template_name = "generic/create.html"
-    success_url = reverse_lazy("authentik_core:shell")
+    success_url = reverse_lazy("authentik_admin:flows")
     success_message = _("Successfully created Flow")
 
 
 class FlowUpdateView(
     SuccessMessageMixin,
+    BackSuccessUrlMixin,
     LoginRequiredMixin,
     PermissionRequiredMixin,
     UpdateView,
@@ -54,7 +76,7 @@ class FlowUpdateView(
     permission_required = "authentik_flows.change_flow"
 
     template_name = "generic/update.html"
-    success_url = reverse_lazy("authentik_core:shell")
+    success_url = reverse_lazy("authentik_admin:flows")
     success_message = _("Successfully updated Flow")
 
 
@@ -65,7 +87,7 @@ class FlowDeleteView(LoginRequiredMixin, PermissionRequiredMixin, DeleteMessageV
     permission_required = "authentik_flows.delete_flow"
 
     template_name = "generic/delete.html"
-    success_url = reverse_lazy("authentik_core:shell")
+    success_url = reverse_lazy("authentik_admin:flows")
     success_message = _("Successfully deleted Flow")
 
 
@@ -81,17 +103,8 @@ class FlowDebugExecuteView(LoginRequiredMixin, PermissionRequiredMixin, DetailVi
         flow: Flow = self.get_object()
         planner = FlowPlanner(flow)
         planner.use_cache = False
-        try:
-            plan = planner.plan(self.request, {PLAN_CONTEXT_PENDING_USER: request.user})
-            self.request.session[SESSION_KEY_PLAN] = plan
-        except FlowNonApplicableException as exc:
-            return bad_request_message(
-                request,
-                _(
-                    "Flow not applicable to current user/request: %(messages)s"
-                    % {"messages": str(exc)}
-                ),
-            )
+        plan = planner.plan(self.request, {PLAN_CONTEXT_PENDING_USER: request.user})
+        self.request.session[SESSION_KEY_PLAN] = plan
         return redirect_with_qs(
             "authentik_flows:flow-executor-shell",
             self.request.GET,
@@ -105,7 +118,7 @@ class FlowImportView(LoginRequiredMixin, FormView):
 
     form_class = FlowImportForm
     template_name = "administration/flow/import.html"
-    success_url = reverse_lazy("authentik_core:shell")
+    success_url = reverse_lazy("authentik_admin:flows")
 
     def dispatch(self, request, *args, **kwargs):
         if not request.user.is_superuser:

authentik/admin/views/groups.py

@@ -6,17 +6,39 @@ from django.contrib.auth.mixins import (
 from django.contrib.messages.views import SuccessMessageMixin
 from django.urls import reverse_lazy
 from django.utils.translation import gettext as _
-from django.views.generic import UpdateView
-from guardian.mixins import PermissionRequiredMixin
+from django.views.generic import ListView, UpdateView
+from guardian.mixins import PermissionListMixin, PermissionRequiredMixin
 
-from authentik.admin.views.utils import DeleteMessageView
+from authentik.admin.views.utils import (
+    BackSuccessUrlMixin,
+    DeleteMessageView,
+    SearchListMixin,
+    UserPaginateListMixin,
+)
 from authentik.core.forms.groups import GroupForm
 from authentik.core.models import Group
 from authentik.lib.views import CreateAssignPermView
 
 
+class GroupListView(
+    LoginRequiredMixin,
+    PermissionListMixin,
+    UserPaginateListMixin,
+    SearchListMixin,
+    ListView,
+):
+    """Show list of all groups"""
+
+    model = Group
+    permission_required = "authentik_core.view_group"
+    ordering = "name"
+    template_name = "administration/group/list.html"
+    search_fields = ["name", "attributes"]
+
+
 class GroupCreateView(
     SuccessMessageMixin,
+    BackSuccessUrlMixin,
     LoginRequiredMixin,
     DjangoPermissionRequiredMixin,
     CreateAssignPermView,
@@ -28,12 +50,13 @@ class GroupCreateView(
     permission_required = "authentik_core.add_group"
 
     template_name = "generic/create.html"
-    success_url = reverse_lazy("authentik_core:shell")
+    success_url = reverse_lazy("authentik_admin:groups")
     success_message = _("Successfully created Group")
 
 
 class GroupUpdateView(
     SuccessMessageMixin,
+    BackSuccessUrlMixin,
     LoginRequiredMixin,
     PermissionRequiredMixin,
     UpdateView,
@@ -45,7 +68,7 @@ class GroupUpdateView(
     permission_required = "authentik_core.change_group"
 
     template_name = "generic/update.html"
-    success_url = reverse_lazy("authentik_core:shell")
+    success_url = reverse_lazy("authentik_admin:groups")
     success_message = _("Successfully updated Group")
 
 
@@ -56,5 +79,5 @@ class GroupDeleteView(LoginRequiredMixin, PermissionRequiredMixin, DeleteMessage
     permission_required = "authentik_flows.delete_group"
 
     template_name = "generic/delete.html"
-    success_url = reverse_lazy("authentik_core:shell")
+    success_url = reverse_lazy("authentik_admin:groups")
     success_message = _("Successfully deleted Group")

authentik/admin/views/outposts.py

@@ -1,24 +1,47 @@
 """authentik Outpost administration"""
 from dataclasses import asdict
-from typing import Any
+from typing import Any, Dict
 
 from django.contrib.auth.mixins import LoginRequiredMixin
 from django.contrib.auth.mixins import (
     PermissionRequiredMixin as DjangoPermissionRequiredMixin,
 )
 from django.contrib.messages.views import SuccessMessageMixin
+from django.urls import reverse_lazy
 from django.utils.translation import gettext as _
-from django.views.generic import UpdateView
-from guardian.mixins import PermissionRequiredMixin
+from django.views.generic import ListView, UpdateView
+from guardian.mixins import PermissionListMixin, PermissionRequiredMixin
 
-from authentik.admin.views.utils import DeleteMessageView
+from authentik.admin.views.utils import (
+    BackSuccessUrlMixin,
+    DeleteMessageView,
+    SearchListMixin,
+    UserPaginateListMixin,
+)
 from authentik.lib.views import CreateAssignPermView
 from authentik.outposts.forms import OutpostForm
 from authentik.outposts.models import Outpost, OutpostConfig
 
 
+class OutpostListView(
+    LoginRequiredMixin,
+    PermissionListMixin,
+    UserPaginateListMixin,
+    SearchListMixin,
+    ListView,
+):
+    """Show list of all outposts"""
+
+    model = Outpost
+    permission_required = "authentik_outposts.view_outpost"
+    ordering = "name"
+    template_name = "administration/outpost/list.html"
+    search_fields = ["name", "_config"]
+
+
 class OutpostCreateView(
     SuccessMessageMixin,
+    BackSuccessUrlMixin,
     LoginRequiredMixin,
     DjangoPermissionRequiredMixin,
     CreateAssignPermView,
@@ -28,11 +51,12 @@ class OutpostCreateView(
     model = Outpost
     form_class = OutpostForm
     permission_required = "authentik_outposts.add_outpost"
-    success_url = "/"
+
     template_name = "generic/create.html"
+    success_url = reverse_lazy("authentik_admin:outposts")
     success_message = _("Successfully created Outpost")
 
-    def get_initial(self) -> dict[str, Any]:
+    def get_initial(self) -> Dict[str, Any]:
         return {
             "_config": asdict(
                 OutpostConfig(authentik_host=self.request.build_absolute_uri("/"))
@@ -42,6 +66,7 @@ class OutpostCreateView(
 
 class OutpostUpdateView(
     SuccessMessageMixin,
+    BackSuccessUrlMixin,
     LoginRequiredMixin,
     PermissionRequiredMixin,
     UpdateView,
@@ -51,8 +76,9 @@ class OutpostUpdateView(
     model = Outpost
     form_class = OutpostForm
     permission_required = "authentik_outposts.change_outpost"
-    success_url = "/"
+
     template_name = "generic/update.html"
+    success_url = reverse_lazy("authentik_admin:outposts")
     success_message = _("Successfully updated Outpost")
 
 
@@ -61,6 +87,7 @@ class OutpostDeleteView(LoginRequiredMixin, PermissionRequiredMixin, DeleteMessa
 
     model = Outpost
     permission_required = "authentik_outposts.delete_outpost"
-    success_url = "/"
+
     template_name = "generic/delete.html"
+    success_url = reverse_lazy("authentik_admin:outposts")
     success_message = _("Successfully deleted Outpost")

authentik/admin/views/outposts_service_connections.py

@@ -6,18 +6,39 @@ from django.contrib.auth.mixins import (
 from django.contrib.messages.views import SuccessMessageMixin
 from django.urls import reverse_lazy
 from django.utils.translation import gettext as _
-from guardian.mixins import PermissionRequiredMixin
+from guardian.mixins import PermissionListMixin, PermissionRequiredMixin
 
 from authentik.admin.views.utils import (
+    BackSuccessUrlMixin,
     DeleteMessageView,
     InheritanceCreateView,
+    InheritanceListView,
     InheritanceUpdateView,
+    SearchListMixin,
+    UserPaginateListMixin,
 )
 from authentik.outposts.models import OutpostServiceConnection
 
 
+class OutpostServiceConnectionListView(
+    LoginRequiredMixin,
+    PermissionListMixin,
+    UserPaginateListMixin,
+    SearchListMixin,
+    InheritanceListView,
+):
+    """Show list of all outpost-service-connections"""
+
+    model = OutpostServiceConnection
+    permission_required = "authentik_outposts.add_outpostserviceconnection"
+    template_name = "administration/outpost_service_connection/list.html"
+    ordering = "pk"
+    search_fields = ["pk", "name"]
+
+
 class OutpostServiceConnectionCreateView(
     SuccessMessageMixin,
+    BackSuccessUrlMixin,
     LoginRequiredMixin,
     DjangoPermissionRequiredMixin,
     InheritanceCreateView,
@@ -28,12 +49,13 @@ class OutpostServiceConnectionCreateView(
     permission_required = "authentik_outposts.add_outpostserviceconnection"
 
     template_name = "generic/create.html"
-    success_url = reverse_lazy("authentik_core:shell")
-    success_message = _("Successfully created Outpost Service Connection")
+    success_url = reverse_lazy("authentik_admin:outpost-service-connections")
+    success_message = _("Successfully created OutpostServiceConnection")
 
 
 class OutpostServiceConnectionUpdateView(
     SuccessMessageMixin,
+    BackSuccessUrlMixin,
     LoginRequiredMixin,
     PermissionRequiredMixin,
     InheritanceUpdateView,
@@ -44,8 +66,8 @@ class OutpostServiceConnectionUpdateView(
     permission_required = "authentik_outposts.change_outpostserviceconnection"
 
     template_name = "generic/update.html"
-    success_url = reverse_lazy("authentik_core:shell")
-    success_message = _("Successfully updated Outpost Service Connection")
+    success_url = reverse_lazy("authentik_admin:outpost-service-connections")
+    success_message = _("Successfully updated OutpostServiceConnection")
 
 
 class OutpostServiceConnectionDeleteView(
@@ -57,5 +79,5 @@ class OutpostServiceConnectionDeleteView(
     permission_required = "authentik_outposts.delete_outpostserviceconnection"
 
     template_name = "generic/delete.html"
-    success_url = reverse_lazy("authentik_core:shell")
-    success_message = _("Successfully deleted Outpost Service Connection")
+    success_url = reverse_lazy("authentik_admin:outpost-service-connections")
+    success_message = _("Successfully deleted OutpostServiceConnection")

authentik/admin/views/overview.py

@@ -5,11 +5,10 @@ from django.http.request import HttpRequest
 from django.http.response import HttpResponse
 from django.utils.translation import gettext as _
 from django.views.generic import FormView
-from structlog.stdlib import get_logger
+from structlog import get_logger
 
 from authentik.admin.forms.overview import FlowCacheClearForm, PolicyCacheClearForm
 from authentik.admin.mixins import AdminRequiredMixin
-from authentik.core.api.applications import user_app_cache_key
 
 LOGGER = get_logger()
 
@@ -18,17 +17,15 @@ class PolicyCacheClearView(AdminRequiredMixin, SuccessMessageMixin, FormView):
     """View to clear Policy cache"""
 
     form_class = PolicyCacheClearForm
-    success_url = "/"
+
     template_name = "generic/form_non_model.html"
+    success_url = "/"
     success_message = _("Successfully cleared Policy cache")
 
     def post(self, request: HttpRequest, *args, **kwargs) -> HttpResponse:
         keys = cache.keys("policy_*")
         cache.delete_many(keys)
         LOGGER.debug("Cleared Policy cache", keys=len(keys))
-        # Also delete user application cache
-        keys = cache.keys(user_app_cache_key("*"))
-        cache.delete_many(keys)
         return super().post(request, *args, **kwargs)
 
 
@@ -36,8 +33,9 @@ class FlowCacheClearView(AdminRequiredMixin, SuccessMessageMixin, FormView):
     """View to clear Flow cache"""
 
     form_class = FlowCacheClearForm
-    success_url = "/"
+
     template_name = "generic/form_non_model.html"
+    success_url = "/"
     success_message = _("Successfully cleared Flow cache")
 
     def post(self, request: HttpRequest, *args, **kwargs) -> HttpResponse:

authentik/admin/views/policies.py

@@ -1,30 +1,53 @@
 """authentik Policy administration"""
-from typing import Any
+from typing import Any, Dict
 
+from django.contrib import messages
 from django.contrib.auth.mixins import LoginRequiredMixin
 from django.contrib.auth.mixins import (
     PermissionRequiredMixin as DjangoPermissionRequiredMixin,
 )
 from django.contrib.messages.views import SuccessMessageMixin
+from django.db.models import QuerySet
 from django.http import HttpResponse
 from django.urls import reverse_lazy
 from django.utils.translation import gettext as _
 from django.views.generic import FormView
 from django.views.generic.detail import DetailView
-from guardian.mixins import PermissionRequiredMixin
+from guardian.mixins import PermissionListMixin, PermissionRequiredMixin
 
 from authentik.admin.forms.policies import PolicyTestForm
 from authentik.admin.views.utils import (
+    BackSuccessUrlMixin,
     DeleteMessageView,
     InheritanceCreateView,
+    InheritanceListView,
     InheritanceUpdateView,
+    SearchListMixin,
+    UserPaginateListMixin,
 )
 from authentik.policies.models import Policy, PolicyBinding
 from authentik.policies.process import PolicyProcess, PolicyRequest
 
 
+class PolicyListView(
+    LoginRequiredMixin,
+    PermissionListMixin,
+    UserPaginateListMixin,
+    SearchListMixin,
+    InheritanceListView,
+):
+    """Show list of all policies"""
+
+    model = Policy
+    permission_required = "authentik_policies.view_policy"
+    ordering = "name"
+    template_name = "administration/policy/list.html"
+    search_fields = ["name"]
+
+
 class PolicyCreateView(
     SuccessMessageMixin,
+    BackSuccessUrlMixin,
     LoginRequiredMixin,
     DjangoPermissionRequiredMixin,
     InheritanceCreateView,
@@ -35,12 +58,13 @@ class PolicyCreateView(
     permission_required = "authentik_policies.add_policy"
 
     template_name = "generic/create.html"
-    success_url = reverse_lazy("authentik_core:shell")
+    success_url = reverse_lazy("authentik_admin:policies")
     success_message = _("Successfully created Policy")
 
 
 class PolicyUpdateView(
     SuccessMessageMixin,
+    BackSuccessUrlMixin,
     LoginRequiredMixin,
     PermissionRequiredMixin,
     InheritanceUpdateView,
@@ -51,7 +75,7 @@ class PolicyUpdateView(
     permission_required = "authentik_policies.change_policy"
 
     template_name = "generic/update.html"
-    success_url = reverse_lazy("authentik_core:shell")
+    success_url = reverse_lazy("authentik_admin:policies")
     success_message = _("Successfully updated Policy")
 
 
@@ -62,7 +86,7 @@ class PolicyDeleteView(LoginRequiredMixin, PermissionRequiredMixin, DeleteMessag
     permission_required = "authentik_policies.delete_policy"
 
     template_name = "generic/delete.html"
-    success_url = reverse_lazy("authentik_core:shell")
+    success_url = reverse_lazy("authentik_admin:policies")
     success_message = _("Successfully deleted Policy")
 
 
@@ -75,12 +99,12 @@ class PolicyTestView(LoginRequiredMixin, DetailView, PermissionRequiredMixin, Fo
     template_name = "administration/policy/test.html"
     object = None
 
-    def get_object(self, queryset=None) -> Policy:
+    def get_object(self, queryset=None) -> QuerySet:
         return (
             Policy.objects.filter(pk=self.kwargs.get("pk")).select_subclasses().first()
         )
 
-    def get_context_data(self, **kwargs: Any) -> dict[str, Any]:
+    def get_context_data(self, **kwargs: Any) -> Dict[str, Any]:
         kwargs["policy"] = self.get_object()
         return super().get_context_data(**kwargs)
 
@@ -93,12 +117,13 @@ class PolicyTestView(LoginRequiredMixin, DetailView, PermissionRequiredMixin, Fo
         user = form.cleaned_data.get("user")
 
         p_request = PolicyRequest(user)
-        p_request.debug = True
-        p_request.set_http_request(self.request)
-        p_request.context = form.cleaned_data.get("context", {})
+        p_request.http_request = self.request
+        p_request.context = form.cleaned_data
 
         proc = PolicyProcess(PolicyBinding(policy=policy), p_request, None)
         result = proc.execute()
-        context = self.get_context_data(form=form)
-        context["result"] = result
-        return self.render_to_response(context)
+        if result.passing:
+            messages.success(self.request, _("User successfully passed policy."))
+        else:
+            messages.error(self.request, _("User didn't pass policy."))
+        return self.render_to_response(self.get_context_data(form=form, result=result))

authentik/admin/views/policies_bindings.py

@@ -6,20 +6,55 @@ from django.contrib.auth.mixins import (
     PermissionRequiredMixin as DjangoPermissionRequiredMixin,
 )
 from django.contrib.messages.views import SuccessMessageMixin
-from django.db.models import Max
+from django.db.models import Max, QuerySet
 from django.urls import reverse_lazy
 from django.utils.translation import gettext as _
-from django.views.generic import UpdateView
-from guardian.mixins import PermissionRequiredMixin
+from django.views.generic import ListView, UpdateView
+from guardian.mixins import PermissionListMixin, PermissionRequiredMixin
+from guardian.shortcuts import get_objects_for_user
 
-from authentik.admin.views.utils import DeleteMessageView
+from authentik.admin.views.utils import (
+    BackSuccessUrlMixin,
+    DeleteMessageView,
+    UserPaginateListMixin,
+)
 from authentik.lib.views import CreateAssignPermView
 from authentik.policies.forms import PolicyBindingForm
 from authentik.policies.models import PolicyBinding, PolicyBindingModel
 
 
+class PolicyBindingListView(
+    LoginRequiredMixin, PermissionListMixin, UserPaginateListMixin, ListView
+):
+    """Show list of all policies"""
+
+    model = PolicyBinding
+    permission_required = "authentik_policies.view_policybinding"
+    ordering = ["order", "target"]
+    template_name = "administration/policy_binding/list.html"
+
+    def get_queryset(self) -> QuerySet:
+        # Since `select_subclasses` does not work with a foreign key, we have to do two queries here
+        # First, get all pbm objects that have bindings attached
+        objects = (
+            get_objects_for_user(
+                self.request.user, "authentik_policies.view_policybindingmodel"
+            )
+            .filter(policies__isnull=False)
+            .select_subclasses()
+            .select_related()
+            .order_by("pk")
+        )
+        for pbm in objects:
+            pbm.bindings = get_objects_for_user(
+                self.request.user, self.permission_required
+            ).filter(target__pk=pbm.pbm_uuid)
+        return objects
+
+
 class PolicyBindingCreateView(
     SuccessMessageMixin,
+    BackSuccessUrlMixin,
     LoginRequiredMixin,
     DjangoPermissionRequiredMixin,
     CreateAssignPermView,
@@ -31,7 +66,7 @@ class PolicyBindingCreateView(
     form_class = PolicyBindingForm
 
     template_name = "generic/create.html"
-    success_url = reverse_lazy("authentik_core:shell")
+    success_url = reverse_lazy("authentik_admin:policies-bindings")
     success_message = _("Successfully created PolicyBinding")
 
     def get_initial(self) -> dict[str, Any]:
@@ -53,6 +88,7 @@ class PolicyBindingCreateView(
 
 class PolicyBindingUpdateView(
     SuccessMessageMixin,
+    BackSuccessUrlMixin,
     LoginRequiredMixin,
     PermissionRequiredMixin,
     UpdateView,
@@ -64,7 +100,7 @@ class PolicyBindingUpdateView(
     form_class = PolicyBindingForm
 
     template_name = "generic/update.html"
-    success_url = reverse_lazy("authentik_core:shell")
+    success_url = reverse_lazy("authentik_admin:policies-bindings")
     success_message = _("Successfully updated PolicyBinding")
 
 
@@ -77,5 +113,5 @@ class PolicyBindingDeleteView(
     permission_required = "authentik_policies.delete_policybinding"
 
     template_name = "generic/delete.html"
-    success_url = reverse_lazy("authentik_core:shell")
+    success_url = reverse_lazy("authentik_admin:policies-bindings")
     success_message = _("Successfully deleted PolicyBinding")

authentik/admin/views/property_mappings.py

@@ -1,29 +1,44 @@
 """authentik PropertyMapping administration"""
-from json import dumps
-from typing import Any
-
 from django.contrib.auth.mixins import LoginRequiredMixin
 from django.contrib.auth.mixins import (
     PermissionRequiredMixin as DjangoPermissionRequiredMixin,
 )
 from django.contrib.messages.views import SuccessMessageMixin
-from django.http import HttpResponse
+from django.urls import reverse_lazy
 from django.utils.translation import gettext as _
-from django.views.generic import FormView
-from django.views.generic.detail import DetailView
-from guardian.mixins import PermissionRequiredMixin
+from guardian.mixins import PermissionListMixin, PermissionRequiredMixin
 
-from authentik.admin.forms.policies import PolicyTestForm
 from authentik.admin.views.utils import (
+    BackSuccessUrlMixin,
     DeleteMessageView,
     InheritanceCreateView,
+    InheritanceListView,
     InheritanceUpdateView,
+    SearchListMixin,
+    UserPaginateListMixin,
 )
 from authentik.core.models import PropertyMapping
 
 
+class PropertyMappingListView(
+    LoginRequiredMixin,
+    PermissionListMixin,
+    UserPaginateListMixin,
+    SearchListMixin,
+    InheritanceListView,
+):
+    """Show list of all property_mappings"""
+
+    model = PropertyMapping
+    permission_required = "authentik_core.view_propertymapping"
+    template_name = "administration/property_mapping/list.html"
+    ordering = "name"
+    search_fields = ["name", "expression"]
+
+
 class PropertyMappingCreateView(
     SuccessMessageMixin,
+    BackSuccessUrlMixin,
     LoginRequiredMixin,
     DjangoPermissionRequiredMixin,
     InheritanceCreateView,
@@ -32,13 +47,15 @@ class PropertyMappingCreateView(
 
     model = PropertyMapping
     permission_required = "authentik_core.add_propertymapping"
-    success_url = "/"
+
     template_name = "generic/create.html"
+    success_url = reverse_lazy("authentik_admin:property-mappings")
     success_message = _("Successfully created Property Mapping")
 
 
 class PropertyMappingUpdateView(
     SuccessMessageMixin,
+    BackSuccessUrlMixin,
     LoginRequiredMixin,
     PermissionRequiredMixin,
     InheritanceUpdateView,
@@ -47,8 +64,9 @@ class PropertyMappingUpdateView(
 
     model = PropertyMapping
     permission_required = "authentik_core.change_propertymapping"
-    success_url = "/"
+
     template_name = "generic/update.html"
+    success_url = reverse_lazy("authentik_admin:property-mappings")
     success_message = _("Successfully updated Property Mapping")
 
 
@@ -59,47 +77,7 @@ class PropertyMappingDeleteView(
 
     model = PropertyMapping
     permission_required = "authentik_core.delete_propertymapping"
-    success_url = "/"
+
     template_name = "generic/delete.html"
+    success_url = reverse_lazy("authentik_admin:property-mappings")
     success_message = _("Successfully deleted Property Mapping")
-
-
-class PropertyMappingTestView(
-    LoginRequiredMixin, DetailView, PermissionRequiredMixin, FormView
-):
-    """View to test property mappings"""
-
-    model = PropertyMapping
-    form_class = PolicyTestForm
-    permission_required = "authentik_core.view_propertymapping"
-    template_name = "administration/property_mapping/test.html"
-    object = None
-
-    def get_object(self, queryset=None) -> PropertyMapping:
-        return (
-            PropertyMapping.objects.filter(pk=self.kwargs.get("pk"))
-            .select_subclasses()
-            .first()
-        )
-
-    def get_context_data(self, **kwargs: Any) -> dict[str, Any]:
-        kwargs["property_mapping"] = self.get_object()
-        return super().get_context_data(**kwargs)
-
-    def post(self, *args, **kwargs) -> HttpResponse:
-        self.object = self.get_object()
-        return super().post(*args, **kwargs)
-
-    def form_valid(self, form: PolicyTestForm) -> HttpResponse:
-        mapping = self.get_object()
-        user = form.cleaned_data.get("user")
-
-        context = self.get_context_data(form=form)
-        try:
-            result = mapping.evaluate(
-                user, self.request, **form.cleaned_data.get("context", {})
-            )
-            context["result"] = dumps(result, indent=4)
-        except Exception as exc:  # pylint: disable=broad-except
-            context["result"] = str(exc)
-        return self.render_to_response(context)

authentik/admin/views/providers.py

@@ -4,19 +4,41 @@ from django.contrib.auth.mixins import (
     PermissionRequiredMixin as DjangoPermissionRequiredMixin,
 )
 from django.contrib.messages.views import SuccessMessageMixin
+from django.urls import reverse_lazy
 from django.utils.translation import gettext as _
-from guardian.mixins import PermissionRequiredMixin
+from guardian.mixins import PermissionListMixin, PermissionRequiredMixin
 
 from authentik.admin.views.utils import (
+    BackSuccessUrlMixin,
     DeleteMessageView,
     InheritanceCreateView,
+    InheritanceListView,
     InheritanceUpdateView,
+    SearchListMixin,
+    UserPaginateListMixin,
 )
 from authentik.core.models import Provider
 
 
+class ProviderListView(
+    LoginRequiredMixin,
+    PermissionListMixin,
+    UserPaginateListMixin,
+    SearchListMixin,
+    InheritanceListView,
+):
+    """Show list of all providers"""
+
+    model = Provider
+    permission_required = "authentik_core.add_provider"
+    template_name = "administration/provider/list.html"
+    ordering = "pk"
+    search_fields = ["pk", "name"]
+
+
 class ProviderCreateView(
     SuccessMessageMixin,
+    BackSuccessUrlMixin,
     LoginRequiredMixin,
     DjangoPermissionRequiredMixin,
     InheritanceCreateView,
@@ -25,13 +47,15 @@ class ProviderCreateView(
 
     model = Provider
     permission_required = "authentik_core.add_provider"
-    success_url = "/"
+
     template_name = "generic/create.html"
+    success_url = reverse_lazy("authentik_admin:providers")
     success_message = _("Successfully created Provider")
 
 
 class ProviderUpdateView(
     SuccessMessageMixin,
+    BackSuccessUrlMixin,
     LoginRequiredMixin,
     PermissionRequiredMixin,
     InheritanceUpdateView,
@@ -40,8 +64,9 @@ class ProviderUpdateView(
 
     model = Provider
     permission_required = "authentik_core.change_provider"
-    success_url = "/"
+
     template_name = "generic/update.html"
+    success_url = reverse_lazy("authentik_admin:providers")
     success_message = _("Successfully updated Provider")
 
 
@@ -52,6 +77,7 @@ class ProviderDeleteView(
 
     model = Provider
     permission_required = "authentik_core.delete_provider"
-    success_url = "/"
+
     template_name = "generic/delete.html"
+    success_url = reverse_lazy("authentik_admin:providers")
     success_message = _("Successfully deleted Provider")

authentik/admin/views/sources.py

@@ -4,19 +4,41 @@ from django.contrib.auth.mixins import (
     PermissionRequiredMixin as DjangoPermissionRequiredMixin,
 )
 from django.contrib.messages.views import SuccessMessageMixin
+from django.urls import reverse_lazy
 from django.utils.translation import gettext as _
-from guardian.mixins import PermissionRequiredMixin
+from guardian.mixins import PermissionListMixin, PermissionRequiredMixin
 
 from authentik.admin.views.utils import (
+    BackSuccessUrlMixin,
     DeleteMessageView,
     InheritanceCreateView,
+    InheritanceListView,
     InheritanceUpdateView,
+    SearchListMixin,
+    UserPaginateListMixin,
 )
 from authentik.core.models import Source
 
 
+class SourceListView(
+    LoginRequiredMixin,
+    PermissionListMixin,
+    UserPaginateListMixin,
+    SearchListMixin,
+    InheritanceListView,
+):
+    """Show list of all sources"""
+
+    model = Source
+    permission_required = "authentik_core.view_source"
+    ordering = "name"
+    template_name = "administration/source/list.html"
+    search_fields = ["name", "slug"]
+
+
 class SourceCreateView(
     SuccessMessageMixin,
+    BackSuccessUrlMixin,
     LoginRequiredMixin,
     DjangoPermissionRequiredMixin,
     InheritanceCreateView,
@@ -26,13 +48,14 @@ class SourceCreateView(
     model = Source
     permission_required = "authentik_core.add_source"
 
-    success_url = "/"
     template_name = "generic/create.html"
+    success_url = reverse_lazy("authentik_admin:sources")
     success_message = _("Successfully created Source")
 
 
 class SourceUpdateView(
     SuccessMessageMixin,
+    BackSuccessUrlMixin,
     LoginRequiredMixin,
     PermissionRequiredMixin,
     InheritanceUpdateView,
@@ -42,8 +65,8 @@ class SourceUpdateView(
     model = Source
     permission_required = "authentik_core.change_source"
 
-    success_url = "/"
     template_name = "generic/update.html"
+    success_url = reverse_lazy("authentik_admin:sources")
     success_message = _("Successfully updated Source")
 
 
@@ -53,6 +76,6 @@ class SourceDeleteView(LoginRequiredMixin, PermissionRequiredMixin, DeleteMessag
     model = Source
     permission_required = "authentik_core.delete_source"
 
-    success_url = "/"
     template_name = "generic/delete.html"
+    success_url = reverse_lazy("authentik_admin:sources")
     success_message = _("Successfully deleted Source")

authentik/admin/views/stages.py

@@ -6,18 +6,39 @@ from django.contrib.auth.mixins import (
 from django.contrib.messages.views import SuccessMessageMixin
 from django.urls import reverse_lazy
 from django.utils.translation import gettext as _
-from guardian.mixins import PermissionRequiredMixin
+from guardian.mixins import PermissionListMixin, PermissionRequiredMixin
 
 from authentik.admin.views.utils import (
+    BackSuccessUrlMixin,
     DeleteMessageView,
     InheritanceCreateView,
+    InheritanceListView,
     InheritanceUpdateView,
+    SearchListMixin,
+    UserPaginateListMixin,
 )
 from authentik.flows.models import Stage
 
 
+class StageListView(
+    LoginRequiredMixin,
+    PermissionListMixin,
+    UserPaginateListMixin,
+    SearchListMixin,
+    InheritanceListView,
+):
+    """Show list of all stages"""
+
+    model = Stage
+    template_name = "administration/stage/list.html"
+    permission_required = "authentik_flows.view_stage"
+    ordering = "name"
+    search_fields = ["name"]
+
+
 class StageCreateView(
     SuccessMessageMixin,
+    BackSuccessUrlMixin,
     LoginRequiredMixin,
     DjangoPermissionRequiredMixin,
     InheritanceCreateView,
@@ -28,12 +49,13 @@ class StageCreateView(
     template_name = "generic/create.html"
     permission_required = "authentik_flows.add_stage"
 
-    success_url = reverse_lazy("authentik_core:shell")
+    success_url = reverse_lazy("authentik_admin:stages")
     success_message = _("Successfully created Stage")
 
 
 class StageUpdateView(
     SuccessMessageMixin,
+    BackSuccessUrlMixin,
     LoginRequiredMixin,
     PermissionRequiredMixin,
     InheritanceUpdateView,
@@ -43,7 +65,7 @@ class StageUpdateView(
     model = Stage
     permission_required = "authentik_flows.update_application"
     template_name = "generic/update.html"
-    success_url = reverse_lazy("authentik_core:shell")
+    success_url = reverse_lazy("authentik_admin:stages")
     success_message = _("Successfully updated Stage")
 
 
@@ -53,5 +75,5 @@ class StageDeleteView(LoginRequiredMixin, PermissionRequiredMixin, DeleteMessage
     model = Stage
     template_name = "generic/delete.html"
     permission_required = "authentik_flows.delete_stage"
-    success_url = reverse_lazy("authentik_core:shell")
+    success_url = reverse_lazy("authentik_admin:stages")
     success_message = _("Successfully deleted Stage")

authentik/admin/views/stages_bindings.py

@@ -9,17 +9,33 @@ from django.contrib.messages.views import SuccessMessageMixin
 from django.db.models import Max
 from django.urls import reverse_lazy
 from django.utils.translation import gettext as _
-from django.views.generic import UpdateView
-from guardian.mixins import PermissionRequiredMixin
+from django.views.generic import ListView, UpdateView
+from guardian.mixins import PermissionListMixin, PermissionRequiredMixin
 
-from authentik.admin.views.utils import DeleteMessageView
+from authentik.admin.views.utils import (
+    BackSuccessUrlMixin,
+    DeleteMessageView,
+    UserPaginateListMixin,
+)
 from authentik.flows.forms import FlowStageBindingForm
 from authentik.flows.models import Flow, FlowStageBinding
 from authentik.lib.views import CreateAssignPermView
 
 
+class StageBindingListView(
+    LoginRequiredMixin, PermissionListMixin, UserPaginateListMixin, ListView
+):
+    """Show list of all flows"""
+
+    model = FlowStageBinding
+    permission_required = "authentik_flows.view_flowstagebinding"
+    ordering = ["target", "order"]
+    template_name = "administration/stage_binding/list.html"
+
+
 class StageBindingCreateView(
     SuccessMessageMixin,
+    BackSuccessUrlMixin,
     LoginRequiredMixin,
     DjangoPermissionRequiredMixin,
     CreateAssignPermView,
@@ -31,7 +47,7 @@ class StageBindingCreateView(
     form_class = FlowStageBindingForm
 
     template_name = "generic/create.html"
-    success_url = reverse_lazy("authentik_core:shell")
+    success_url = reverse_lazy("authentik_admin:stage-bindings")
     success_message = _("Successfully created StageBinding")
 
     def get_initial(self) -> dict[str, Any]:
@@ -51,6 +67,7 @@ class StageBindingCreateView(
 
 class StageBindingUpdateView(
     SuccessMessageMixin,
+    BackSuccessUrlMixin,
     LoginRequiredMixin,
     PermissionRequiredMixin,
     UpdateView,
@@ -62,7 +79,7 @@ class StageBindingUpdateView(
     form_class = FlowStageBindingForm
 
     template_name = "generic/update.html"
-    success_url = reverse_lazy("authentik_core:shell")
+    success_url = reverse_lazy("authentik_admin:stage-bindings")
     success_message = _("Successfully updated StageBinding")
 
 
@@ -75,5 +92,5 @@ class StageBindingDeleteView(
     permission_required = "authentik_flows.delete_flowstagebinding"
 
     template_name = "generic/delete.html"
-    success_url = reverse_lazy("authentik_core:shell")
+    success_url = reverse_lazy("authentik_admin:stage-bindings")
     success_message = _("Successfully deleted FlowStageBinding")

authentik/admin/views/stages_invitations.py

@@ -7,16 +7,40 @@ from django.contrib.messages.views import SuccessMessageMixin
 from django.http import HttpResponseRedirect
 from django.urls import reverse_lazy
 from django.utils.translation import gettext as _
-from guardian.mixins import PermissionRequiredMixin
+from django.views.generic import ListView
+from guardian.mixins import PermissionListMixin, PermissionRequiredMixin
 
-from authentik.admin.views.utils import DeleteMessageView
+from authentik.admin.views.utils import (
+    BackSuccessUrlMixin,
+    DeleteMessageView,
+    SearchListMixin,
+    UserPaginateListMixin,
+)
 from authentik.lib.views import CreateAssignPermView
 from authentik.stages.invitation.forms import InvitationForm
 from authentik.stages.invitation.models import Invitation
+from authentik.stages.invitation.signals import invitation_created
+
+
+class InvitationListView(
+    LoginRequiredMixin,
+    PermissionListMixin,
+    UserPaginateListMixin,
+    SearchListMixin,
+    ListView,
+):
+    """Show list of all invitations"""
+
+    model = Invitation
+    permission_required = "authentik_stages_invitation.view_invitation"
+    template_name = "administration/stage_invitation/list.html"
+    ordering = "-expires"
+    search_fields = ["created_by__username", "expires", "fixed_data"]
 
 
 class InvitationCreateView(
     SuccessMessageMixin,
+    BackSuccessUrlMixin,
     LoginRequiredMixin,
     DjangoPermissionRequiredMixin,
     CreateAssignPermView,
@@ -28,13 +52,14 @@ class InvitationCreateView(
     permission_required = "authentik_stages_invitation.add_invitation"
 
     template_name = "generic/create.html"
-    success_url = reverse_lazy("authentik_core:shell")
+    success_url = reverse_lazy("authentik_admin:stage-invitations")
     success_message = _("Successfully created Invitation")
 
     def form_valid(self, form):
         obj = form.save(commit=False)
         obj.created_by = self.request.user
         obj.save()
+        invitation_created.send(sender=self, request=self.request, invitation=obj)
         return HttpResponseRedirect(self.success_url)
 
 
@@ -47,5 +72,5 @@ class InvitationDeleteView(
     permission_required = "authentik_stages_invitation.delete_invitation"
 
     template_name = "generic/delete.html"
-    success_url = reverse_lazy("authentik_core:shell")
+    success_url = reverse_lazy("authentik_admin:stage-invitations")
     success_message = _("Successfully deleted Invitation")

authentik/admin/views/stages_prompts.py

@@ -6,17 +6,44 @@ from django.contrib.auth.mixins import (
 from django.contrib.messages.views import SuccessMessageMixin
 from django.urls import reverse_lazy
 from django.utils.translation import gettext as _
-from django.views.generic import UpdateView
-from guardian.mixins import PermissionRequiredMixin
+from django.views.generic import ListView, UpdateView
+from guardian.mixins import PermissionListMixin, PermissionRequiredMixin
 
-from authentik.admin.views.utils import DeleteMessageView
+from authentik.admin.views.utils import (
+    BackSuccessUrlMixin,
+    DeleteMessageView,
+    SearchListMixin,
+    UserPaginateListMixin,
+)
 from authentik.lib.views import CreateAssignPermView
 from authentik.stages.prompt.forms import PromptAdminForm
 from authentik.stages.prompt.models import Prompt
 
 
+class PromptListView(
+    LoginRequiredMixin,
+    PermissionListMixin,
+    UserPaginateListMixin,
+    SearchListMixin,
+    ListView,
+):
+    """Show list of all prompts"""
+
+    model = Prompt
+    permission_required = "authentik_stages_prompt.view_prompt"
+    ordering = "order"
+    template_name = "administration/stage_prompt/list.html"
+    search_fields = [
+        "field_key",
+        "label",
+        "type",
+        "placeholder",
+    ]
+
+
 class PromptCreateView(
     SuccessMessageMixin,
+    BackSuccessUrlMixin,
     LoginRequiredMixin,
     DjangoPermissionRequiredMixin,
     CreateAssignPermView,
@@ -28,12 +55,13 @@ class PromptCreateView(
     permission_required = "authentik_stages_prompt.add_prompt"
 
     template_name = "generic/create.html"
-    success_url = reverse_lazy("authentik_core:shell")
+    success_url = reverse_lazy("authentik_admin:stage-prompts")
     success_message = _("Successfully created Prompt")
 
 
 class PromptUpdateView(
     SuccessMessageMixin,
+    BackSuccessUrlMixin,
     LoginRequiredMixin,
     PermissionRequiredMixin,
     UpdateView,
@@ -45,7 +73,7 @@ class PromptUpdateView(
     permission_required = "authentik_stages_prompt.change_prompt"
 
     template_name = "generic/update.html"
-    success_url = reverse_lazy("authentik_core:shell")
+    success_url = reverse_lazy("authentik_admin:stage-prompts")
     success_message = _("Successfully updated Prompt")
 
 
@@ -56,5 +84,5 @@ class PromptDeleteView(LoginRequiredMixin, PermissionRequiredMixin, DeleteMessag
     permission_required = "authentik_stages_prompt.delete_prompt"
 
     template_name = "generic/delete.html"
-    success_url = reverse_lazy("authentik_core:shell")
+    success_url = reverse_lazy("authentik_admin:stage-prompts")
     success_message = _("Successfully deleted Prompt")

authentik/admin/views/tasks.py

@@ -0,0 +1,23 @@
+"""authentik Tasks List"""
+from typing import Any, Dict
+
+from django.views.generic.base import TemplateView
+
+from authentik.admin.mixins import AdminRequiredMixin
+from authentik.lib.tasks import TaskInfo, TaskResultStatus
+
+
+class TaskListView(AdminRequiredMixin, TemplateView):
+    """Show list of all background tasks"""
+
+    template_name = "administration/task/list.html"
+
+    def get_context_data(self, **kwargs: Any) -> Dict[str, Any]:
+        kwargs = super().get_context_data(**kwargs)
+        kwargs["object_list"] = sorted(
+            TaskInfo.all().values(), key=lambda x: x.task_name
+        )
+        kwargs["task_successful"] = TaskResultStatus.SUCCESSFUL
+        kwargs["task_warning"] = TaskResultStatus.WARNING
+        kwargs["task_error"] = TaskResultStatus.ERROR
+        return kwargs

authentik/admin/views/tokens.py

@@ -2,12 +2,38 @@
 from django.contrib.auth.mixins import LoginRequiredMixin
 from django.urls import reverse_lazy
 from django.utils.translation import gettext as _
-from guardian.mixins import PermissionRequiredMixin
+from django.views.generic import ListView
+from guardian.mixins import PermissionListMixin, PermissionRequiredMixin
 
-from authentik.admin.views.utils import DeleteMessageView
+from authentik.admin.views.utils import (
+    DeleteMessageView,
+    SearchListMixin,
+    UserPaginateListMixin,
+)
 from authentik.core.models import Token
 
 
+class TokenListView(
+    LoginRequiredMixin,
+    PermissionListMixin,
+    UserPaginateListMixin,
+    SearchListMixin,
+    ListView,
+):
+    """Show list of all tokens"""
+
+    model = Token
+    permission_required = "authentik_core.view_token"
+    ordering = "expires"
+    template_name = "administration/token/list.html"
+    search_fields = [
+        "identifier",
+        "intent",
+        "user__username",
+        "description",
+    ]
+
+
 class TokenDeleteView(LoginRequiredMixin, PermissionRequiredMixin, DeleteMessageView):
     """Delete token"""
 
@@ -15,5 +41,5 @@ class TokenDeleteView(LoginRequiredMixin, PermissionRequiredMixin, DeleteMessage
     permission_required = "authentik_core.delete_token"
 
     template_name = "generic/delete.html"
-    success_url = reverse_lazy("authentik_core:shell")
+    success_url = reverse_lazy("authentik_admin:tokens")
     success_message = _("Successfully deleted Token")

authentik/admin/views/users.py

@@ -8,20 +8,49 @@ from django.contrib.messages.views import SuccessMessageMixin
 from django.http import HttpRequest, HttpResponse
 from django.http.response import HttpResponseRedirect
 from django.shortcuts import redirect
-from django.urls import reverse_lazy
+from django.urls import reverse, reverse_lazy
 from django.utils.http import urlencode
 from django.utils.translation import gettext as _
-from django.views.generic import DetailView, UpdateView
-from guardian.mixins import PermissionRequiredMixin
+from django.views.generic import DetailView, ListView, UpdateView
+from guardian.mixins import (
+    PermissionListMixin,
+    PermissionRequiredMixin,
+    get_anonymous_user,
+)
 
 from authentik.admin.forms.users import UserForm
-from authentik.admin.views.utils import DeleteMessageView
+from authentik.admin.views.utils import (
+    BackSuccessUrlMixin,
+    DeleteMessageView,
+    SearchListMixin,
+    UserPaginateListMixin,
+)
 from authentik.core.models import Token, User
 from authentik.lib.views import CreateAssignPermView
 
 
+class UserListView(
+    LoginRequiredMixin,
+    PermissionListMixin,
+    UserPaginateListMixin,
+    SearchListMixin,
+    ListView,
+):
+    """Show list of all users"""
+
+    model = User
+    permission_required = "authentik_core.view_user"
+    ordering = "username"
+    template_name = "administration/user/list.html"
+    search_fields = ["username", "name", "attributes"]
+
+    def get_queryset(self):
+        return super().get_queryset().exclude(pk=get_anonymous_user().pk)
+
+
 class UserCreateView(
     SuccessMessageMixin,
+    BackSuccessUrlMixin,
     LoginRequiredMixin,
     DjangoPermissionRequiredMixin,
     CreateAssignPermView,
@@ -33,12 +62,13 @@ class UserCreateView(
     permission_required = "authentik_core.add_user"
 
     template_name = "generic/create.html"
-    success_url = reverse_lazy("authentik_core:shell")
+    success_url = reverse_lazy("authentik_admin:users")
     success_message = _("Successfully created User")
 
 
 class UserUpdateView(
     SuccessMessageMixin,
+    BackSuccessUrlMixin,
     LoginRequiredMixin,
     PermissionRequiredMixin,
     UpdateView,
@@ -52,7 +82,7 @@ class UserUpdateView(
     # By default the object's name is user which is used by other checks
     context_object_name = "object"
     template_name = "generic/update.html"
-    success_url = reverse_lazy("authentik_core:shell")
+    success_url = reverse_lazy("authentik_admin:users")
     success_message = _("Successfully updated User")
 
 
@@ -65,11 +95,13 @@ class UserDeleteView(LoginRequiredMixin, PermissionRequiredMixin, DeleteMessageV
     # By default the object's name is user which is used by other checks
     context_object_name = "object"
     template_name = "generic/delete.html"
-    success_url = reverse_lazy("authentik_core:shell")
+    success_url = reverse_lazy("authentik_admin:users")
     success_message = _("Successfully deleted User")
 
 
-class UserDisableView(LoginRequiredMixin, PermissionRequiredMixin, DeleteMessageView):
+class UserDisableView(
+    LoginRequiredMixin, PermissionRequiredMixin, BackSuccessUrlMixin, DeleteMessageView
+):
     """Disable user"""
 
     object: User
@@ -80,7 +112,7 @@ class UserDisableView(LoginRequiredMixin, PermissionRequiredMixin, DeleteMessage
     # By default the object's name is user which is used by other checks
     context_object_name = "object"
     template_name = "administration/user/disable.html"
-    success_url = reverse_lazy("authentik_core:shell")
+    success_url = reverse_lazy("authentik_admin:users")
     success_message = _("Successfully disabled User")
 
     def delete(self, request: HttpRequest, *args, **kwargs) -> HttpResponse:
@@ -91,7 +123,9 @@ class UserDisableView(LoginRequiredMixin, PermissionRequiredMixin, DeleteMessage
         return HttpResponseRedirect(success_url)
 
 
-class UserEnableView(LoginRequiredMixin, PermissionRequiredMixin, DetailView):
+class UserEnableView(
+    LoginRequiredMixin, PermissionRequiredMixin, BackSuccessUrlMixin, DetailView
+):
     """Enable user"""
 
     object: User
@@ -101,14 +135,15 @@ class UserEnableView(LoginRequiredMixin, PermissionRequiredMixin, DetailView):
 
     # By default the object's name is user which is used by other checks
     context_object_name = "object"
-    success_url = reverse_lazy("authentik_core:shell")
+    success_url = reverse_lazy("authentik_admin:users")
     success_message = _("Successfully enabled User")
 
     def get(self, request: HttpRequest, *args, **kwargs):
         self.object: User = self.get_object()
+        success_url = self.get_success_url()
         self.object.is_active = True
         self.object.save()
-        return HttpResponseRedirect(self.success_url)
+        return HttpResponseRedirect(success_url)
 
 
 class UserPasswordResetView(LoginRequiredMixin, PermissionRequiredMixin, DetailView):
@@ -125,7 +160,9 @@ class UserPasswordResetView(LoginRequiredMixin, PermissionRequiredMixin, DetailV
         )
         querystring = urlencode({"token": token.key})
         link = request.build_absolute_uri(
-            reverse_lazy("authentik_flows:default-recovery") + f"?{querystring}"
+            reverse("authentik_flows:default-recovery") + f"?{querystring}"
         )
-        messages.success(request, _("Password reset link: %(link)s" % {"link": link}))
-        return redirect("/")
+        messages.success(
+            request, _("Password reset link: <pre>%(link)s</pre>" % {"link": link})
+        )
+        return redirect("authentik_admin:users")

authentik/admin/views/utils.py

@@ -1,11 +1,15 @@
 """authentik admin util views"""
-from typing import Any
+from typing import Any, Dict, List, Optional
+from urllib.parse import urlparse
 
 from django.contrib import messages
 from django.contrib.messages.views import SuccessMessageMixin
+from django.contrib.postgres.search import SearchQuery, SearchVector
+from django.db.models import QuerySet
 from django.http import Http404
-from django.urls import reverse_lazy
-from django.views.generic import DeleteView, UpdateView
+from django.http.request import HttpRequest
+from django.views.generic import DeleteView, ListView, UpdateView
+from django.views.generic.list import MultipleObjectMixin
 
 from authentik.lib.utils.reflection import all_subclasses
 from authentik.lib.views import CreateAssignPermView
@@ -14,13 +18,42 @@ from authentik.lib.views import CreateAssignPermView
 class DeleteMessageView(SuccessMessageMixin, DeleteView):
     """DeleteView which shows `self.success_message` on successful deletion"""
 
-    success_url = reverse_lazy("authentik_core:shell")
-
     def delete(self, request, *args, **kwargs):
         messages.success(self.request, self.success_message)
         return super().delete(request, *args, **kwargs)
 
 
+class InheritanceListView(ListView):
+    """ListView for objects using InheritanceManager"""
+
+    def get_context_data(self, **kwargs):
+        kwargs["types"] = {x.__name__: x for x in all_subclasses(self.model)}
+        return super().get_context_data(**kwargs)
+
+    def get_queryset(self):
+        return super().get_queryset().select_subclasses()
+
+
+class SearchListMixin(MultipleObjectMixin):
+    """Accept search query using `search` querystring parameter. Requires self.search_fields,
+    a list of all fields to search. Can contain special lookups like __icontains"""
+
+    search_fields: List[str]
+
+    def get_queryset(self) -> QuerySet:
+        queryset = super().get_queryset()
+        if "search" in self.request.GET:
+            raw_query = self.request.GET["search"]
+            if raw_query == "":
+                # Empty query, don't search at all
+                return queryset
+            search = SearchQuery(raw_query, search_type="websearch")
+            return queryset.annotate(search=SearchVector(*self.search_fields)).filter(
+                search=search
+            )
+        return queryset
+
+
 class InheritanceCreateView(CreateAssignPermView):
     """CreateView for objects using InheritanceManager"""
 
@@ -34,7 +67,7 @@ class InheritanceCreateView(CreateAssignPermView):
             raise Http404 from exc
         return model().form
 
-    def get_context_data(self, **kwargs: Any) -> dict[str, Any]:
+    def get_context_data(self, **kwargs: Any) -> Dict[str, Any]:
         kwargs = super().get_context_data(**kwargs)
         form_cls = self.get_form_class()
         if hasattr(form_cls, "template_name"):
@@ -45,7 +78,7 @@ class InheritanceCreateView(CreateAssignPermView):
 class InheritanceUpdateView(UpdateView):
     """UpdateView for objects using InheritanceManager"""
 
-    def get_context_data(self, **kwargs: Any) -> dict[str, Any]:
+    def get_context_data(self, **kwargs: Any) -> Dict[str, Any]:
         kwargs = super().get_context_data(**kwargs)
         form_cls = self.get_form_class()
         if hasattr(form_cls, "template_name"):
@@ -61,3 +94,31 @@ class InheritanceUpdateView(UpdateView):
             .select_subclasses()
             .first()
         )
+
+
+class BackSuccessUrlMixin:
+    """Checks if a relative URL has been given as ?back param, and redirect to it. Otherwise
+    default to self.success_url."""
+
+    request: HttpRequest
+
+    success_url: Optional[str]
+
+    def get_success_url(self) -> str:
+        """get_success_url from FormMixin"""
+        back_param = self.request.GET.get("back")
+        if back_param:
+            if not bool(urlparse(back_param).netloc):
+                return back_param
+        return str(self.success_url)
+
+
+class UserPaginateListMixin:
+    """Get paginate_by value from user's attributes, defaulting to 15"""
+
+    request: HttpRequest
+
+    # pylint: disable=unused-argument
+    def get_paginate_by(self, queryset: QuerySet) -> int:
+        """get_paginate_by Function of ListView"""
+        return self.request.user.attributes.get("paginate_by", 15)

authentik/api/auth.py

@@ -1,11 +1,11 @@
 """API Authentication"""
 from base64 import b64decode
 from binascii import Error
-from typing import Any, Optional, Union
+from typing import Any, Optional, Tuple, Union
 
 from rest_framework.authentication import BaseAuthentication, get_authorization_header
 from rest_framework.request import Request
-from structlog.stdlib import get_logger
+from structlog import get_logger
 
 from authentik.core.models import Token, TokenIntents, User
 
@@ -44,7 +44,7 @@ def token_from_header(raw_header: bytes) -> Optional[Token]:
 class AuthentikTokenAuthentication(BaseAuthentication):
     """Token-based authentication using HTTP Basic authentication"""
 
-    def authenticate(self, request: Request) -> Union[tuple[User, Any], None]:
+    def authenticate(self, request: Request) -> Union[Tuple[User, Any], None]:
         """Token-based authentication using HTTP Basic authentication"""
         auth = get_authorization_header(request)
 

authentik/api/templates/rest_framework/api.html

@@ -1,31 +1,7 @@
 {% extends "rest_framework/base.html" %}
 
-{% block title %}{% if name %}{{ name }} – {% endif %}authentik{% endblock %}
-
 {% block branding %}
 <span class='navbar-brand'>
     authentik
 </span>
 {% endblock %}
-
-{% block style %}
-{{ block.super }}
-<style>
-    body {
-        background-color: #18191a;
-        color: #fafafa;
-    }
-    .prettyprint {
-        background-color: #1c1e21;
-        color: #fafafa;
-        border: 1px solid #2b2e33;
-    }
-    .pln {
-        color: #fafafa;
-    }
-    .well {
-        background-color: #1c1e21;
-        border: 1px solid #2b2e33;
-    }
-</style>
-{% endblock %}

authentik/api/v2/config.py

@@ -1,5 +1,4 @@
 """core Configs API"""
-from django.db.models import Model
 from drf_yasg2.utils import swagger_auto_schema
 from rest_framework.permissions import AllowAny
 from rest_framework.request import Request
@@ -20,10 +19,10 @@ class ConfigSerializer(Serializer):
     error_reporting_environment = ReadOnlyField()
     error_reporting_send_pii = ReadOnlyField()
 
-    def create(self, validated_data: dict) -> Model:
+    def create(self, request: Request) -> Response:
         raise NotImplementedError
 
-    def update(self, instance: Model, validated_data: dict) -> Model:
+    def update(self, request: Request) -> Response:
         raise NotImplementedError
 
 

authentik/api/v2/messages.py

@@ -1,6 +1,5 @@
 """core messages API"""
 from django.contrib.messages import get_messages
-from django.db.models import Model
 from drf_yasg2.utils import swagger_auto_schema
 from rest_framework.permissions import AllowAny
 from rest_framework.request import Request
@@ -18,10 +17,10 @@ class MessageSerializer(Serializer):
     extra_tags = ReadOnlyField()
     level_tag = ReadOnlyField()
 
-    def create(self, validated_data: dict) -> Model:
+    def create(self, request: Request) -> Response:
         raise NotImplementedError
 
-    def update(self, instance: Model, validated_data: dict) -> Model:
+    def update(self, request: Request) -> Response:
         raise NotImplementedError
 
 

authentik/api/v2/urls.py

@@ -11,6 +11,7 @@ from authentik.admin.api.version import VersionViewSet
 from authentik.admin.api.workers import WorkerViewSet
 from authentik.api.v2.config import ConfigsViewSet
 from authentik.api.v2.messages import MessagesViewSet
+from authentik.audit.api import EventViewSet
 from authentik.core.api.applications import ApplicationViewSet
 from authentik.core.api.groups import GroupViewSet
 from authentik.core.api.propertymappings import PropertyMappingViewSet
@@ -19,33 +20,29 @@ from authentik.core.api.sources import SourceViewSet
 from authentik.core.api.tokens import TokenViewSet
 from authentik.core.api.users import UserViewSet
 from authentik.crypto.api import CertificateKeyPairViewSet
-from authentik.events.api.event import EventViewSet
-from authentik.events.api.notification import NotificationViewSet
-from authentik.events.api.notification_rule import NotificationRuleViewSet
-from authentik.events.api.notification_transport import NotificationTransportViewSet
-from authentik.flows.api.bindings import FlowStageBindingViewSet
-from authentik.flows.api.flows import FlowViewSet
-from authentik.flows.api.stages import StageViewSet
-from authentik.flows.views import FlowExecutorView
-from authentik.outposts.api.outpost_service_connections import (
+from authentik.flows.api import (
+    FlowCacheViewSet,
+    FlowStageBindingViewSet,
+    FlowViewSet,
+    StageViewSet,
+)
+from authentik.outposts.api import (
     DockerServiceConnectionViewSet,
     KubernetesServiceConnectionViewSet,
-    ServiceConnectionViewSet,
+    OutpostViewSet,
+)
+from authentik.policies.api import (
+    PolicyBindingViewSet,
+    PolicyCacheViewSet,
+    PolicyViewSet,
 )
-from authentik.outposts.api.outposts import OutpostViewSet
-from authentik.policies.api import PolicyBindingViewSet, PolicyViewSet
 from authentik.policies.dummy.api import DummyPolicyViewSet
-from authentik.policies.event_matcher.api import EventMatcherPolicyViewSet
 from authentik.policies.expiry.api import PasswordExpiryPolicyViewSet
 from authentik.policies.expression.api import ExpressionPolicyViewSet
 from authentik.policies.group_membership.api import GroupMembershipPolicyViewSet
 from authentik.policies.hibp.api import HaveIBeenPwendPolicyViewSet
 from authentik.policies.password.api import PasswordPolicyViewSet
-from authentik.policies.reputation.api import (
-    IPReputationViewSet,
-    ReputationPolicyViewSet,
-    UserReputationViewSet,
-)
+from authentik.policies.reputation.api import ReputationPolicyViewSet
 from authentik.providers.oauth2.api import OAuth2ProviderViewSet, ScopeMappingViewSet
 from authentik.providers.proxy.api import (
     ProxyOutpostConfigViewSet,
@@ -55,19 +52,15 @@ from authentik.providers.saml.api import SAMLPropertyMappingViewSet, SAMLProvide
 from authentik.sources.ldap.api import LDAPPropertyMappingViewSet, LDAPSourceViewSet
 from authentik.sources.oauth.api import OAuthSourceViewSet
 from authentik.sources.saml.api import SAMLSourceViewSet
-from authentik.stages.authenticator_static.api import AuthenticatorStaticStageViewSet
-from authentik.stages.authenticator_totp.api import AuthenticatorTOTPStageViewSet
-from authentik.stages.authenticator_validate.api import (
-    AuthenticatorValidateStageViewSet,
-)
-from authentik.stages.authenticator_webauthn.api import AuthenticateWebAuthnStageViewSet
 from authentik.stages.captcha.api import CaptchaStageViewSet
 from authentik.stages.consent.api import ConsentStageViewSet
-from authentik.stages.deny.api import DenyStageViewSet
 from authentik.stages.dummy.api import DummyStageViewSet
 from authentik.stages.email.api import EmailStageViewSet
 from authentik.stages.identification.api import IdentificationStageViewSet
 from authentik.stages.invitation.api import InvitationStageViewSet, InvitationViewSet
+from authentik.stages.otp_static.api import OTPStaticStageViewSet
+from authentik.stages.otp_time.api import OTPTimeStageViewSet
+from authentik.stages.otp_validate.api import OTPValidateStageViewSet
 from authentik.stages.password.api import PasswordStageViewSet
 from authentik.stages.prompt.api import PromptStageViewSet, PromptViewSet
 from authentik.stages.user_delete.api import UserDeleteStageViewSet
@@ -91,7 +84,6 @@ router.register("core/users", UserViewSet)
 router.register("core/tokens", TokenViewSet)
 
 router.register("outposts/outposts", OutpostViewSet)
-router.register("outposts/service_connections/all", ServiceConnectionViewSet)
 router.register("outposts/service_connections/docker", DockerServiceConnectionViewSet)
 router.register(
     "outposts/service_connections/kubernetes", KubernetesServiceConnectionViewSet
@@ -99,14 +91,12 @@ router.register(
 router.register("outposts/proxy", ProxyOutpostConfigViewSet)
 
 router.register("flows/instances", FlowViewSet)
+router.register("flows/cached", FlowCacheViewSet, basename="flows_cache")
 router.register("flows/bindings", FlowStageBindingViewSet)
 
 router.register("crypto/certificatekeypairs", CertificateKeyPairViewSet)
 
-router.register("events/events", EventViewSet)
-router.register("events/notifications", NotificationViewSet)
-router.register("events/transports", NotificationTransportViewSet)
-router.register("events/rules", NotificationRuleViewSet)
+router.register("audit/events", EventViewSet)
 
 router.register("sources/all", SourceViewSet)
 router.register("sources/ldap", LDAPSourceViewSet)
@@ -114,15 +104,13 @@ router.register("sources/saml", SAMLSourceViewSet)
 router.register("sources/oauth", OAuthSourceViewSet)
 
 router.register("policies/all", PolicyViewSet)
+router.register("policies/cached", PolicyCacheViewSet, basename="policies_cache")
 router.register("policies/bindings", PolicyBindingViewSet)
 router.register("policies/expression", ExpressionPolicyViewSet)
-router.register("policies/event_matcher", EventMatcherPolicyViewSet)
 router.register("policies/group_membership", GroupMembershipPolicyViewSet)
 router.register("policies/haveibeenpwned", HaveIBeenPwendPolicyViewSet)
 router.register("policies/password_expiry", PasswordExpiryPolicyViewSet)
 router.register("policies/password", PasswordPolicyViewSet)
-router.register("policies/reputation/users", UserReputationViewSet)
-router.register("policies/reputation/ips", IPReputationViewSet)
 router.register("policies/reputation", ReputationPolicyViewSet)
 
 router.register("providers/all", ProviderViewSet)
@@ -136,17 +124,15 @@ router.register("propertymappings/saml", SAMLPropertyMappingViewSet)
 router.register("propertymappings/scope", ScopeMappingViewSet)
 
 router.register("stages/all", StageViewSet)
-router.register("stages/authenticator/static", AuthenticatorStaticStageViewSet)
-router.register("stages/authenticator/totp", AuthenticatorTOTPStageViewSet)
-router.register("stages/authenticator/validate", AuthenticatorValidateStageViewSet)
-router.register("stages/authenticator/webauthn", AuthenticateWebAuthnStageViewSet)
 router.register("stages/captcha", CaptchaStageViewSet)
 router.register("stages/consent", ConsentStageViewSet)
-router.register("stages/deny", DenyStageViewSet)
 router.register("stages/email", EmailStageViewSet)
 router.register("stages/identification", IdentificationStageViewSet)
+router.register("stages/invitation", InvitationStageViewSet)
 router.register("stages/invitation/invitations", InvitationViewSet)
-router.register("stages/invitation/stages", InvitationStageViewSet)
+router.register("stages/otp_static", OTPStaticStageViewSet)
+router.register("stages/otp_time", OTPTimeStageViewSet)
+router.register("stages/otp_validate", OTPValidateStageViewSet)
 router.register("stages/password", PasswordStageViewSet)
 router.register("stages/prompt/prompts", PromptViewSet)
 router.register("stages/prompt/stages", PromptStageViewSet)
@@ -162,9 +148,7 @@ info = openapi.Info(
     title="authentik API",
     default_version="v2",
     contact=openapi.Contact(email="hello@beryju.org"),
-    license=openapi.License(
-        name="GNU GPLv3", url="https://github.com/BeryJu/authentik/blob/master/LICENSE"
-    ),
+    license=openapi.License(name="MIT License"),
 )
 SchemaView = get_schema_view(
     info,
@@ -184,9 +168,4 @@ urlpatterns = [
         name="schema-swagger-ui",
     ),
     path("redoc/", SchemaView.with_ui("redoc", cache_timeout=0), name="schema-redoc"),
-    path(
-        "flows/executor/<slug:flow_slug>/",
-        FlowExecutorView.as_view(),
-        name="flow-executor",
-    ),
 ] + router.urls

authentik/audit/api.py

@@ -1,4 +1,4 @@
-"""Events API Views"""
+"""Audit API Views"""
 from django.db.models.aggregates import Count
 from django.db.models.fields.json import KeyTextTransform
 from drf_yasg2.utils import swagger_auto_schema
@@ -9,7 +9,7 @@ from rest_framework.response import Response
 from rest_framework.serializers import ModelSerializer, Serializer
 from rest_framework.viewsets import ReadOnlyModelViewSet
 
-from authentik.events.models import Event, EventAction
+from authentik.audit.models import Event, EventAction
 
 
 class EventSerializer(ModelSerializer):
@@ -48,16 +48,6 @@ class EventViewSet(ReadOnlyModelViewSet):
 
     queryset = Event.objects.all()
     serializer_class = EventSerializer
-    ordering = ["-created"]
-    search_fields = [
-        "event_uuid",
-        "user",
-        "action",
-        "app",
-        "context",
-        "client_ip",
-    ]
-    filterset_fields = ["action"]
 
     @swagger_auto_schema(
         method="GET", responses={200: EventTopPerUserSerialier(many=True)}

authentik/audit/apps.py

@@ -0,0 +1,16 @@
+"""authentik audit app"""
+from importlib import import_module
+
+from django.apps import AppConfig
+
+
+class AuthentikAuditConfig(AppConfig):
+    """authentik audit app"""
+
+    name = "authentik.audit"
+    label = "authentik_audit"
+    verbose_name = "authentik Audit"
+    mountpoint = "audit/"
+
+    def ready(self):
+        import_module("authentik.audit.signals")

authentik/audit/middleware.py

@@ -1,4 +1,4 @@
-"""Events middleware"""
+"""Audit middleware"""
 from functools import partial
 from typing import Callable
 
@@ -6,12 +6,10 @@ from django.contrib.auth.models import User
 from django.db.models import Model
 from django.db.models.signals import post_save, pre_delete
 from django.http import HttpRequest, HttpResponse
-from guardian.models import UserObjectPermission
 
+from authentik.audit.models import Event, EventAction, model_to_dict
+from authentik.audit.signals import EventNewThread
 from authentik.core.middleware import LOCAL
-from authentik.events.models import Event, EventAction, Notification
-from authentik.events.signals import EventNewThread
-from authentik.events.utils import model_to_dict
 
 
 class AuditMiddleware:
@@ -64,7 +62,7 @@ class AuditMiddleware:
         user: User, request: HttpRequest, sender, instance: Model, created: bool, **_
     ):
         """Signal handler for all object's post_save"""
-        if isinstance(instance, (Event, Notification, UserObjectPermission)):
+        if isinstance(instance, Event):
             return
 
         action = EventAction.MODEL_CREATED if created else EventAction.MODEL_UPDATED
@@ -76,7 +74,7 @@ class AuditMiddleware:
         user: User, request: HttpRequest, sender, instance: Model, **_
     ):
         """Signal handler for all object's pre_delete"""
-        if isinstance(instance, (Event, Notification, UserObjectPermission)):
+        if isinstance(instance, Event):
             return
 
         EventNewThread(

authentik/audit/migrations/0001_initial.py

@@ -63,8 +63,8 @@ class Migration(migrations.Migration):
                 ),
             ],
             options={
-                "verbose_name": "Event",
-                "verbose_name_plural": "Events",
+                "verbose_name": "Audit Event",
+                "verbose_name_plural": "Audit Events",
             },
         ),
     ]

authentik/audit/migrations/0002_auto_20200918_2116.py

@@ -6,7 +6,7 @@ from django.db import migrations, models
 class Migration(migrations.Migration):
 
     dependencies = [
-        ("authentik_events", "0001_initial"),
+        ("authentik_audit", "0001_initial"),
     ]
 
     operations = [

authentik/audit/migrations/0003_auto_20200917_1155.py

@@ -3,11 +3,11 @@ from django.apps.registry import Apps
 from django.db import migrations, models
 from django.db.backends.base.schema import BaseDatabaseSchemaEditor
 
-import authentik.events.models
+import authentik.audit.models
 
 
 def convert_user_to_json(apps: Apps, schema_editor: BaseDatabaseSchemaEditor):
-    Event = apps.get_model("authentik_events", "Event")
+    Event = apps.get_model("authentik_audit", "Event")
 
     db_alias = schema_editor.connection.alias
     for event in Event.objects.all():
@@ -15,7 +15,7 @@ def convert_user_to_json(apps: Apps, schema_editor: BaseDatabaseSchemaEditor):
         # Because event objects cannot be updated, we have to re-create them
         event.pk = None
         event.user_json = (
-            authentik.events.models.get_user(event.user) if event.user else {}
+            authentik.audit.models.get_user(event.user) if event.user else {}
         )
         event._state.adding = True
         event.save()
@@ -24,7 +24,7 @@ def convert_user_to_json(apps: Apps, schema_editor: BaseDatabaseSchemaEditor):
 class Migration(migrations.Migration):
 
     dependencies = [
-        ("authentik_events", "0002_auto_20200918_2116"),
+        ("authentik_audit", "0002_auto_20200918_2116"),
     ]
 
     operations = [

authentik/audit/migrations/0004_auto_20200921_1829.py

@@ -6,7 +6,7 @@ from django.db import migrations, models
 class Migration(migrations.Migration):
 
     dependencies = [
-        ("authentik_events", "0003_auto_20200917_1155"),
+        ("authentik_audit", "0003_auto_20200917_1155"),
     ]
 
     operations = [

authentik/audit/migrations/0005_auto_20201005_2139.py

@@ -6,7 +6,7 @@ from django.db import migrations, models
 class Migration(migrations.Migration):
 
     dependencies = [
-        ("authentik_events", "0004_auto_20200921_1829"),
+        ("authentik_audit", "0004_auto_20200921_1829"),
     ]
 
     operations = [

authentik/audit/migrations/0006_auto_20201017_2024.py

@@ -6,7 +6,7 @@ from django.db import migrations, models
 class Migration(migrations.Migration):
 
     dependencies = [
-        ("authentik_events", "0005_auto_20201005_2139"),
+        ("authentik_audit", "0005_auto_20201005_2139"),
     ]
 
     operations = [

authentik/audit/models.py

@@ -0,0 +1,199 @@
+"""authentik audit models"""
+from inspect import getmodule, stack
+from typing import Any, Dict, Optional, Union
+from uuid import UUID, uuid4
+
+from django.conf import settings
+from django.contrib.auth.models import AnonymousUser
+from django.core.exceptions import ValidationError
+from django.db import models
+from django.db.models.base import Model
+from django.http import HttpRequest
+from django.utils.translation import gettext as _
+from django.views.debug import SafeExceptionReporterFilter
+from guardian.utils import get_anonymous_user
+from structlog import get_logger
+
+from authentik.core.middleware import (
+    SESSION_IMPERSONATE_ORIGINAL_USER,
+    SESSION_IMPERSONATE_USER,
+)
+from authentik.core.models import User
+from authentik.lib.utils.http import get_client_ip
+
+LOGGER = get_logger("authentik.audit")
+
+
+def cleanse_dict(source: Dict[Any, Any]) -> Dict[Any, Any]:
+    """Cleanse a dictionary, recursively"""
+    final_dict = {}
+    for key, value in source.items():
+        try:
+            if SafeExceptionReporterFilter.hidden_settings.search(key):
+                final_dict[key] = SafeExceptionReporterFilter.cleansed_substitute
+            else:
+                final_dict[key] = value
+        except TypeError:
+            final_dict[key] = value
+        if isinstance(value, dict):
+            final_dict[key] = cleanse_dict(value)
+    return final_dict
+
+
+def model_to_dict(model: Model) -> Dict[str, Any]:
+    """Convert model to dict"""
+    name = str(model)
+    if hasattr(model, "name"):
+        name = model.name
+    return {
+        "app": model._meta.app_label,
+        "model_name": model._meta.model_name,
+        "pk": model.pk,
+        "name": name,
+    }
+
+
+def get_user(user: User, original_user: Optional[User] = None) -> Dict[str, Any]:
+    """Convert user object to dictionary, optionally including the original user"""
+    if isinstance(user, AnonymousUser):
+        user = get_anonymous_user()
+    user_data = {
+        "username": user.username,
+        "pk": user.pk,
+        "email": user.email,
+    }
+    if original_user:
+        original_data = get_user(original_user)
+        original_data["on_behalf_of"] = user_data
+        return original_data
+    return user_data
+
+
+def sanitize_dict(source: Dict[Any, Any]) -> Dict[Any, Any]:
+    """clean source of all Models that would interfere with the JSONField.
+    Models are replaced with a dictionary of {
+        app: str,
+        name: str,
+        pk: Any
+    }"""
+    final_dict = {}
+    for key, value in source.items():
+        if isinstance(value, dict):
+            final_dict[key] = sanitize_dict(value)
+        elif isinstance(value, models.Model):
+            final_dict[key] = sanitize_dict(model_to_dict(value))
+        elif isinstance(value, UUID):
+            final_dict[key] = value.hex
+        else:
+            final_dict[key] = value
+    return final_dict
+
+
+class EventAction(models.TextChoices):
+    """All possible actions to save into the audit log"""
+
+    LOGIN = "login"
+    LOGIN_FAILED = "login_failed"
+    LOGOUT = "logout"
+
+    USER_WRITE = "user_write"
+    SUSPICIOUS_REQUEST = "suspicious_request"
+    PASSWORD_SET = "password_set"  # noqa # nosec
+
+    TOKEN_VIEW = "token_view"  # nosec
+
+    INVITE_CREATED = "invitation_created"
+    INVITE_USED = "invitation_used"
+
+    AUTHORIZE_APPLICATION = "authorize_application"
+    SOURCE_LINKED = "source_linked"
+
+    IMPERSONATION_STARTED = "impersonation_started"
+    IMPERSONATION_ENDED = "impersonation_ended"
+
+    MODEL_CREATED = "model_created"
+    MODEL_UPDATED = "model_updated"
+    MODEL_DELETED = "model_deleted"
+
+    CUSTOM_PREFIX = "custom_"
+
+
+class Event(models.Model):
+    """An individual audit log event"""
+
+    event_uuid = models.UUIDField(primary_key=True, editable=False, default=uuid4)
+    user = models.JSONField(default=dict)
+    action = models.TextField(choices=EventAction.choices)
+    app = models.TextField()
+    context = models.JSONField(default=dict, blank=True)
+    client_ip = models.GenericIPAddressField(null=True)
+    created = models.DateTimeField(auto_now_add=True)
+
+    @staticmethod
+    def _get_app_from_request(request: HttpRequest) -> str:
+        if not isinstance(request, HttpRequest):
+            return ""
+        return request.resolver_match.app_name
+
+    @staticmethod
+    def new(
+        action: Union[str, EventAction],
+        app: Optional[str] = None,
+        _inspect_offset: int = 1,
+        **kwargs,
+    ) -> "Event":
+        """Create new Event instance from arguments. Instance is NOT saved."""
+        if not isinstance(action, EventAction):
+            action = EventAction.CUSTOM_PREFIX + action
+        if not app:
+            app = getmodule(stack()[_inspect_offset][0]).__name__
+        cleaned_kwargs = cleanse_dict(sanitize_dict(kwargs))
+        event = Event(action=action, app=app, context=cleaned_kwargs)
+        return event
+
+    def from_http(
+        self, request: HttpRequest, user: Optional[settings.AUTH_USER_MODEL] = None
+    ) -> "Event":
+        """Add data from a Django-HttpRequest, allowing the creation of
+        Events independently from requests.
+        `user` arguments optionally overrides user from requests."""
+        if hasattr(request, "user"):
+            self.user = get_user(
+                request.user,
+                request.session.get(SESSION_IMPERSONATE_ORIGINAL_USER, None),
+            )
+        if user:
+            self.user = get_user(user)
+        # Check if we're currently impersonating, and add that user
+        if hasattr(request, "session"):
+            if SESSION_IMPERSONATE_ORIGINAL_USER in request.session:
+                self.user = get_user(request.session[SESSION_IMPERSONATE_ORIGINAL_USER])
+                self.user["on_behalf_of"] = get_user(
+                    request.session[SESSION_IMPERSONATE_USER]
+                )
+        # User 255.255.255.255 as fallback if IP cannot be determined
+        self.client_ip = get_client_ip(request) or "255.255.255.255"
+        # If there's no app set, we get it from the requests too
+        if not self.app:
+            self.app = Event._get_app_from_request(request)
+        self.save()
+        return self
+
+    def save(self, *args, **kwargs):
+        if not self._state.adding:
+            raise ValidationError(
+                "you may not edit an existing %s" % self._meta.model_name
+            )
+        LOGGER.debug(
+            "Created Audit event",
+            action=self.action,
+            context=self.context,
+            client_ip=self.client_ip,
+            user=self.user,
+        )
+        return super().save(*args, **kwargs)
+
+    class Meta:
+
+        verbose_name = _("Audit Event")
+        verbose_name_plural = _("Audit Events")

authentik/audit/signals.py

@@ -1,24 +1,20 @@
-"""authentik events signal listener"""
+"""authentik audit signal listener"""
 from threading import Thread
-from typing import Any, Optional
+from typing import Any, Dict, Optional
 
 from django.contrib.auth.signals import (
     user_logged_in,
     user_logged_out,
     user_login_failed,
 )
-from django.db.models.signals import post_save
 from django.dispatch import receiver
 from django.http import HttpRequest
 
+from authentik.audit.models import Event, EventAction
 from authentik.core.models import User
 from authentik.core.signals import password_changed
-from authentik.events.models import Event, EventAction
-from authentik.events.tasks import event_notification_handler
-from authentik.flows.planner import PLAN_CONTEXT_SOURCE, FlowPlan
-from authentik.flows.views import SESSION_KEY_PLAN
 from authentik.stages.invitation.models import Invitation
-from authentik.stages.invitation.signals import invitation_used
+from authentik.stages.invitation.signals import invitation_created, invitation_used
 from authentik.stages.user_write.signals import user_write
 
 
@@ -27,7 +23,7 @@ class EventNewThread(Thread):
 
     action: str
     request: HttpRequest
-    kwargs: dict[str, Any]
+    kwargs: Dict[str, Any]
     user: Optional[User] = None
 
     def __init__(
@@ -48,11 +44,6 @@ class EventNewThread(Thread):
 def on_user_logged_in(sender, request: HttpRequest, user: User, **_):
     """Log successful login"""
     thread = EventNewThread(EventAction.LOGIN, request)
-    if SESSION_KEY_PLAN in request.session:
-        flow_plan: FlowPlan = request.session[SESSION_KEY_PLAN]
-        if PLAN_CONTEXT_SOURCE in flow_plan.context:
-            # Login request came from an external source, save it in the context
-            thread.kwargs["using_source"] = flow_plan.context[PLAN_CONTEXT_SOURCE]
     thread.user = user
     thread.run()
 
@@ -69,7 +60,7 @@ def on_user_logged_out(sender, request: HttpRequest, user: User, **_):
 @receiver(user_write)
 # pylint: disable=unused-argument
 def on_user_write(
-    sender, request: HttpRequest, user: User, data: dict[str, Any], **kwargs
+    sender, request: HttpRequest, user: User, data: Dict[str, Any], **kwargs
 ):
     """Log User write"""
     thread = EventNewThread(EventAction.USER_WRITE, request, **data)
@@ -81,13 +72,23 @@ def on_user_write(
 @receiver(user_login_failed)
 # pylint: disable=unused-argument
 def on_user_login_failed(
-    sender, credentials: dict[str, str], request: HttpRequest, **_
+    sender, credentials: Dict[str, str], request: HttpRequest, **_
 ):
     """Failed Login"""
     thread = EventNewThread(EventAction.LOGIN_FAILED, request, **credentials)
     thread.run()
 
 
+@receiver(invitation_created)
+# pylint: disable=unused-argument
+def on_invitation_created(sender, request: HttpRequest, invitation: Invitation, **_):
+    """Log Invitation creation"""
+    thread = EventNewThread(
+        EventAction.INVITE_CREATED, request, invitation_uuid=invitation.invite_uuid.hex
+    )
+    thread.run()
+
+
 @receiver(invitation_used)
 # pylint: disable=unused-argument
 def on_invitation_used(sender, request: HttpRequest, invitation: Invitation, **_):
@@ -104,10 +105,3 @@ def on_password_changed(sender, user: User, password: str, **_):
     """Log password change"""
     thread = EventNewThread(EventAction.PASSWORD_SET, None, user=user)
     thread.run()
-
-
-@receiver(post_save, sender=Event)
-# pylint: disable=unused-argument
-def event_post_save_notification(sender, instance: Event, **_):
-    """Start task to check if any policies trigger an notification on this event"""
-    event_notification_handler.delay(instance.event_uuid.hex)

authentik/audit/templates/audit/list.html

@@ -0,0 +1,90 @@
+{% extends "base/page.html" %}
+
+{% load i18n %}
+{% load authentik_utils %}
+
+{% block page_content %}
+<main role="main" class="pf-c-page__main" tabindex="-1" id="main-content">
+    <section class="pf-c-page__main-section pf-m-light">
+        <div class="pf-c-content">
+            <h1>
+                <i class="pf-icon pf-icon-catalog"></i>
+                {% trans 'Audit Log' %}
+            </h1>
+        </div>
+    </section>
+    <section class="pf-c-page__main-section pf-m-no-padding-mobile">
+        <div class="pf-c-card">
+            <div class="pf-c-toolbar">
+                <div class="pf-c-toolbar__content">
+                    {% include 'partials/toolbar_search.html' %}
+                    <button role="ak-refresh" class="pf-c-button pf-m-primary">
+                        {% trans 'Refresh' %}
+                    </button>
+                    {% include 'partials/pagination.html' %}
+                </div>
+            </div>
+            <table class="pf-c-table pf-m-compact pf-m-grid-xl" role="grid">
+                <thead>
+                    <tr role="row">
+                        <th role="columnheader" scope="col">{% trans 'Action' %}</th>
+                        <th role="columnheader" scope="col">{% trans 'Context' %}</th>
+                        <th role="columnheader" scope="col">{% trans 'User' %}</th>
+                        <th role="columnheader" scope="col">{% trans 'Creation Date' %}</th>
+                        <th role="columnheader" scope="col">{% trans 'Client IP' %}</th>
+                    </tr>
+                </thead>
+                <tbody role="rowgroup">
+                    {% for entry in object_list %}
+                    <tr role="row">
+                        <th role="columnheader">
+                            <div>
+                                <div>{{ entry.action }}</div>
+                                <small>{{ entry.app|default:'-' }}</small>
+                            </div>
+                        </th>
+                        <td role="cell">
+                            <div>
+                                <div>
+                                    <code>{{ entry.context }}</code>
+                                </div>
+                                {% if entry.user.on_behalf_of %}
+                                <small>
+                                    {% blocktrans with username=entry.user.on_behalf_of.username %}
+                                    On behalf of {{ username }}
+                                    {% endblocktrans %}
+                                </small>
+                                {% endif %}
+                            </div>
+                        </td>
+                        <td role="cell">
+                            <div>
+                                <div>{{ entry.user.username }}</div>
+                                <small>
+                                    {% blocktrans with pk=entry.user.pk %}
+                                    ID: {{ pk }}
+                                    {% endblocktrans %}
+                                </small>
+                            </div>
+                        </td>
+                        <td role="cell">
+                            <span>
+                                {{ entry.created }}
+                            </span>
+                        </td>
+                        <td role="cell">
+                            <span>
+                                {{ entry.client_ip }}
+                            </span>
+                        </td>
+                    </tr>
+                    {% endfor %}
+                </tbody>
+            </table>
+            <div class="pf-c-pagination pf-m-bottom">
+                {% include 'partials/pagination.html' %}
+            </div>
+        </div>
+    </section>
+</main>
+{% endblock %}

authentik/audit/tests/test_event.py

@@ -1,37 +1,26 @@
-"""event tests"""
+"""audit event tests"""
 
 from django.contrib.contenttypes.models import ContentType
 from django.test import TestCase
 from guardian.shortcuts import get_anonymous_user
 
-from authentik.core.models import Group
-from authentik.events.models import Event
+from authentik.audit.models import Event
 from authentik.policies.dummy.models import DummyPolicy
 
 
-class TestEvents(TestCase):
-    """Test Event"""
+class TestAuditEvent(TestCase):
+    """Test Audit Event"""
 
     def test_new_with_model(self):
         """Create a new Event passing a model as kwarg"""
-        test_model = Group.objects.create(name="test")
-        event = Event.new("unittest", test={"model": test_model})
+        event = Event.new("unittest", test={"model": get_anonymous_user()})
         event.save()  # We save to ensure nothing is un-saveable
-        model_content_type = ContentType.objects.get_for_model(test_model)
+        model_content_type = ContentType.objects.get_for_model(get_anonymous_user())
         self.assertEqual(
             event.context.get("test").get("model").get("app"),
             model_content_type.app_label,
         )
 
-    def test_new_with_user(self):
-        """Create a new Event passing a user as kwarg"""
-        event = Event.new("unittest", test={"model": get_anonymous_user()})
-        event.save()  # We save to ensure nothing is un-saveable
-        self.assertEqual(
-            event.context.get("test").get("model").get("username"),
-            get_anonymous_user().username,
-        )
-
     def test_new_with_uuid_model(self):
         """Create a new Event passing a model (with UUID PK) as kwarg"""
         temp_model = DummyPolicy.objects.create(name="test", result=True)

authentik/audit/urls.py

@@ -0,0 +1,9 @@
+"""authentik audit urls"""
+from django.urls import path
+
+from authentik.audit.views import EventListView
+
+urlpatterns = [
+    # Audit Log
+    path("audit/", EventListView.as_view(), name="log"),
+]

authentik/audit/views.py

@@ -0,0 +1,30 @@
+"""authentik Event administration"""
+from django.contrib.auth.mixins import LoginRequiredMixin
+from django.views.generic import ListView
+from guardian.mixins import PermissionListMixin
+
+from authentik.admin.views.utils import SearchListMixin, UserPaginateListMixin
+from authentik.audit.models import Event
+
+
+class EventListView(
+    PermissionListMixin,
+    LoginRequiredMixin,
+    SearchListMixin,
+    UserPaginateListMixin,
+    ListView,
+):
+    """Show list of all invitations"""
+
+    model = Event
+    template_name = "audit/list.html"
+    permission_required = "authentik_audit.view_event"
+    ordering = "-created"
+
+    search_fields = [
+        "user",
+        "action",
+        "app",
+        "context",
+        "client_ip",
+    ]

authentik/core/admin.py

@@ -4,6 +4,9 @@ from django.apps import AppConfig, apps
 from django.contrib import admin
 from django.contrib.admin.sites import AlreadyRegistered
 from guardian.admin import GuardedModelAdmin
+from structlog import get_logger
+
+LOGGER = get_logger()
 
 
 def admin_autoregister(app: AppConfig):
@@ -17,4 +20,5 @@ def admin_autoregister(app: AppConfig):
 
 for _app in apps.get_app_configs():
     if _app.label.startswith("authentik_"):
+        LOGGER.debug("Registering application for dj-admin", application=_app.label)
         admin_autoregister(_app)

authentik/core/api/applications.py

@@ -1,5 +1,4 @@
 """Application API Views"""
-from django.core.cache import cache
 from django.db.models import QuerySet
 from django.http.response import Http404
 from guardian.shortcuts import get_objects_for_user
@@ -11,21 +10,13 @@ from rest_framework.response import Response
 from rest_framework.serializers import ModelSerializer
 from rest_framework.viewsets import ModelViewSet
 from rest_framework_guardian.filters import ObjectPermissionsFilter
-from structlog.stdlib import get_logger
 
 from authentik.admin.api.metrics import get_events_per_1h
+from authentik.audit.models import EventAction
 from authentik.core.api.providers import ProviderSerializer
 from authentik.core.models import Application
-from authentik.events.models import EventAction
 from authentik.policies.engine import PolicyEngine
 
-LOGGER = get_logger()
-
-
-def user_app_cache_key(user_pk: str) -> str:
-    """Cache key where application list for user is saved"""
-    return f"user_app_cache_{user_pk}"
-
 
 class ApplicationSerializer(ModelSerializer):
     """Application Serializer"""
@@ -59,15 +50,7 @@ class ApplicationViewSet(ModelViewSet):
 
     queryset = Application.objects.all()
     serializer_class = ApplicationSerializer
-    search_fields = [
-        "name",
-        "slug",
-        "meta_launch_url",
-        "meta_description",
-        "meta_publisher",
-    ]
     lookup_field = "slug"
-    ordering = ["name"]
 
     def _filter_queryset_for_list(self, queryset: QuerySet) -> QuerySet:
         """Custom filter_queryset method which ignores guardian, but still supports sorting"""
@@ -77,35 +60,16 @@ class ApplicationViewSet(ModelViewSet):
             queryset = backend().filter_queryset(self.request, queryset, self)
         return queryset
 
-    def _get_allowed_applications(self, queryset: QuerySet) -> list[Application]:
-        applications = []
-        for application in queryset:
-            engine = PolicyEngine(application, self.request.user, self.request)
-            engine.build()
-            if engine.passing:
-                applications.append(application)
-        return applications
-
     def list(self, request: Request) -> Response:
         """Custom list method that checks Policy based access instead of guardian"""
         queryset = self._filter_queryset_for_list(self.get_queryset())
         self.paginate_queryset(queryset)
-
-        should_cache = request.GET.get("search", "") == ""
-
         allowed_applications = []
-        if not should_cache:
-            allowed_applications = self._get_allowed_applications(queryset)
-        if should_cache:
-            LOGGER.debug("Caching allowed application list")
-            allowed_applications = cache.get(user_app_cache_key(self.request.user.pk))
-            if not allowed_applications:
-                allowed_applications = self._get_allowed_applications(queryset)
-                cache.set(
-                    user_app_cache_key(self.request.user.pk),
-                    allowed_applications,
-                    timeout=86400,
-                )
+        for application in queryset.order_by("name"):
+            engine = PolicyEngine(application, self.request.user, self.request)
+            engine.build()
+            if engine.passing:
+                allowed_applications.append(application)
         serializer = self.get_serializer(allowed_applications, many=True)
         return self.get_paginated_response(serializer.data)
 
@@ -116,7 +80,7 @@ class ApplicationViewSet(ModelViewSet):
             get_objects_for_user(request.user, "authentik_core.view_application"),
             slug=slug,
         )
-        if not request.user.has_perm("authentik_events.view_event"):
+        if not request.user.has_perm("authentik_audit.view_event"):
             raise Http404
         return Response(
             get_events_per_1h(

authentik/core/api/groups.py

@@ -19,5 +19,3 @@ class GroupViewSet(ModelViewSet):
 
     queryset = Group.objects.all()
     serializer_class = GroupSerializer
-    search_fields = ["name", "is_superuser"]
-    filterset_fields = ["name", "is_superuser"]

authentik/core/api/propertymappings.py

@@ -1,72 +1,30 @@
 """PropertyMapping API Views"""
-from django.urls import reverse
-from drf_yasg2.utils import swagger_auto_schema
-from rest_framework.decorators import action
-from rest_framework.request import Request
-from rest_framework.response import Response
 from rest_framework.serializers import ModelSerializer, SerializerMethodField
 from rest_framework.viewsets import ReadOnlyModelViewSet
 
-from authentik.core.api.utils import MetaNameSerializer, TypeCreateSerializer
 from authentik.core.models import PropertyMapping
-from authentik.lib.templatetags.authentik_utils import verbose_name
-from authentik.lib.utils.reflection import all_subclasses
 
 
-class PropertyMappingSerializer(ModelSerializer, MetaNameSerializer):
+class PropertyMappingSerializer(ModelSerializer):
     """PropertyMapping Serializer"""
 
-    object_type = SerializerMethodField(method_name="get_type")
+    __type__ = SerializerMethodField(method_name="get_type")
 
     def get_type(self, obj):
         """Get object type so that we know which API Endpoint to use to get the full object"""
         return obj._meta.object_name.lower().replace("propertymapping", "")
 
-    def to_representation(self, instance: PropertyMapping):
-        # pyright: reportGeneralTypeIssues=false
-        if instance.__class__ == PropertyMapping:
-            return super().to_representation(instance)
-        return instance.serializer(instance=instance).data
-
     class Meta:
 
         model = PropertyMapping
-        fields = [
-            "pk",
-            "name",
-            "expression",
-            "object_type",
-            "verbose_name",
-            "verbose_name_plural",
-        ]
+        fields = ["pk", "name", "expression", "__type__"]
 
 
 class PropertyMappingViewSet(ReadOnlyModelViewSet):
     """PropertyMapping Viewset"""
 
-    queryset = PropertyMapping.objects.none()
+    queryset = PropertyMapping.objects.all()
     serializer_class = PropertyMappingSerializer
-    search_fields = [
-        "name",
-    ]
-    filterset_fields = {"managed": ["isnull"]}
-    ordering = ["name"]
 
     def get_queryset(self):
         return PropertyMapping.objects.select_subclasses()
-
-    @swagger_auto_schema(responses={200: TypeCreateSerializer(many=True)})
-    @action(detail=False)
-    def types(self, request: Request) -> Response:
-        """Get all creatable property-mapping types"""
-        data = []
-        for subclass in all_subclasses(self.queryset.model):
-            data.append(
-                {
-                    "name": verbose_name(subclass),
-                    "description": subclass.__doc__,
-                    "link": reverse("authentik_admin:property-mapping-create")
-                    + f"?type={subclass.__name__}",
-                }
-            )
-        return Response(TypeCreateSerializer(data, many=True).data)

authentik/core/api/providers.py

@@ -1,32 +1,25 @@
 """Provider API Views"""
-from django.urls import reverse
-from django.utils.translation import gettext_lazy as _
-from drf_yasg2.utils import swagger_auto_schema
-from rest_framework.decorators import action
-from rest_framework.fields import ReadOnlyField
-from rest_framework.request import Request
-from rest_framework.response import Response
 from rest_framework.serializers import ModelSerializer, SerializerMethodField
 from rest_framework.viewsets import ModelViewSet
 
-from authentik.core.api.utils import MetaNameSerializer, TypeCreateSerializer
 from authentik.core.models import Provider
-from authentik.lib.templatetags.authentik_utils import verbose_name
-from authentik.lib.utils.reflection import all_subclasses
 
 
-class ProviderSerializer(ModelSerializer, MetaNameSerializer):
+class ProviderSerializer(ModelSerializer):
     """Provider Serializer"""
 
-    assigned_application_slug = ReadOnlyField(source="application.slug")
-    assigned_application_name = ReadOnlyField(source="application.name")
+    __type__ = SerializerMethodField(method_name="get_type")
 
-    object_type = SerializerMethodField()
-
-    def get_object_type(self, obj):
+    def get_type(self, obj):
         """Get object type so that we know which API Endpoint to use to get the full object"""
         return obj._meta.object_name.lower().replace("provider", "")
 
+    def to_representation(self, instance: Provider):
+        # pyright: reportGeneralTypeIssues=false
+        if instance.__class__ == Provider:
+            return super().to_representation(instance)
+        return instance.serializer(instance=instance).data
+
     class Meta:
 
         model = Provider
@@ -36,49 +29,18 @@ class ProviderSerializer(ModelSerializer, MetaNameSerializer):
             "application",
             "authorization_flow",
             "property_mappings",
-            "object_type",
-            "assigned_application_slug",
-            "assigned_application_name",
-            "verbose_name",
-            "verbose_name_plural",
+            "__type__",
         ]
 
 
 class ProviderViewSet(ModelViewSet):
     """Provider Viewset"""
 
-    queryset = Provider.objects.none()
+    queryset = Provider.objects.all()
     serializer_class = ProviderSerializer
     filterset_fields = {
         "application": ["isnull"],
     }
-    search_fields = [
-        "name",
-        "application__name",
-    ]
 
     def get_queryset(self):
         return Provider.objects.select_subclasses()
-
-    @swagger_auto_schema(responses={200: TypeCreateSerializer(many=True)})
-    @action(detail=False)
-    def types(self, request: Request) -> Response:
-        """Get all creatable provider types"""
-        data = []
-        for subclass in all_subclasses(self.queryset.model):
-            data.append(
-                {
-                    "name": verbose_name(subclass),
-                    "description": subclass.__doc__,
-                    "link": reverse("authentik_admin:provider-create")
-                    + f"?type={subclass.__name__}",
-                }
-            )
-        data.append(
-            {
-                "name": _("SAML Provider from Metadata"),
-                "description": _("Create a SAML Provider by importing its Metadata."),
-                "link": reverse("authentik_admin:provider-saml-from-metadata"),
-            }
-        )
-        return Response(TypeCreateSerializer(data, many=True).data)

authentik/core/api/sources.py

@@ -1,65 +1,38 @@
 """Source API Views"""
-from django.urls import reverse
-from drf_yasg2.utils import swagger_auto_schema
-from rest_framework.decorators import action
-from rest_framework.request import Request
-from rest_framework.response import Response
 from rest_framework.serializers import ModelSerializer, SerializerMethodField
 from rest_framework.viewsets import ReadOnlyModelViewSet
 
-from authentik.core.api.utils import MetaNameSerializer, TypeCreateSerializer
+from authentik.admin.forms.source import SOURCE_SERIALIZER_FIELDS
 from authentik.core.models import Source
-from authentik.lib.templatetags.authentik_utils import verbose_name
-from authentik.lib.utils.reflection import all_subclasses
 
 
-class SourceSerializer(ModelSerializer, MetaNameSerializer):
+class SourceSerializer(ModelSerializer):
     """Source Serializer"""
 
-    object_type = SerializerMethodField()
+    __type__ = SerializerMethodField(method_name="get_type")
 
-    def get_object_type(self, obj):
+    def get_type(self, obj):
         """Get object type so that we know which API Endpoint to use to get the full object"""
         return obj._meta.object_name.lower().replace("source", "")
 
+    def to_representation(self, instance: Source):
+        # pyright: reportGeneralTypeIssues=false
+        if instance.__class__ == Source:
+            return super().to_representation(instance)
+        return instance.serializer(instance=instance).data
+
     class Meta:
 
         model = Source
-        fields = [
-            "pk",
-            "name",
-            "slug",
-            "enabled",
-            "authentication_flow",
-            "enrollment_flow",
-            "object_type",
-            "verbose_name",
-            "verbose_name_plural",
-        ]
+        fields = SOURCE_SERIALIZER_FIELDS + ["__type__"]
 
 
 class SourceViewSet(ReadOnlyModelViewSet):
     """Source Viewset"""
 
-    queryset = Source.objects.none()
+    queryset = Source.objects.all()
     serializer_class = SourceSerializer
     lookup_field = "slug"
 
     def get_queryset(self):
         return Source.objects.select_subclasses()
-
-    @swagger_auto_schema(responses={200: TypeCreateSerializer(many=True)})
-    @action(detail=False)
-    def types(self, request: Request) -> Response:
-        """Get all creatable source types"""
-        data = []
-        for subclass in all_subclasses(self.queryset.model):
-            data.append(
-                {
-                    "name": verbose_name(subclass),
-                    "description": subclass.__doc__,
-                    "link": reverse("authentik_admin:source-create")
-                    + f"?type={subclass.__name__}",
-                }
-            )
-        return Response(TypeCreateSerializer(data, many=True).data)

authentik/core/api/tokens.py

@@ -1,49 +1,22 @@
 """Tokens API Viewset"""
-from django.db.models.base import Model
 from django.http.response import Http404
-from drf_yasg2.utils import swagger_auto_schema
 from rest_framework.decorators import action
-from rest_framework.fields import CharField
 from rest_framework.request import Request
 from rest_framework.response import Response
-from rest_framework.serializers import ModelSerializer, Serializer
+from rest_framework.serializers import ModelSerializer
 from rest_framework.viewsets import ModelViewSet
 
-from authentik.core.api.users import UserSerializer
+from authentik.audit.models import Event, EventAction
 from authentik.core.models import Token
-from authentik.events.models import Event, EventAction
 
 
 class TokenSerializer(ModelSerializer):
     """Token Serializer"""
 
-    user = UserSerializer()
-
     class Meta:
 
         model = Token
-        fields = [
-            "pk",
-            "identifier",
-            "intent",
-            "user",
-            "description",
-            "expires",
-            "expiring",
-        ]
-        depth = 2
-
-
-class TokenViewSerializer(Serializer):
-    """Show token's current key"""
-
-    key = CharField(read_only=True)
-
-    def create(self, validated_data: dict) -> Model:
-        raise NotImplementedError
-
-    def update(self, instance: Model, validated_data: dict) -> Model:
-        raise NotImplementedError
+        fields = ["pk", "identifier", "intent", "user", "description"]
 
 
 class TokenViewSet(ModelViewSet):
@@ -52,29 +25,13 @@ class TokenViewSet(ModelViewSet):
     lookup_field = "identifier"
     queryset = Token.filter_not_expired()
     serializer_class = TokenSerializer
-    search_fields = [
-        "identifier",
-        "intent",
-        "user__username",
-        "description",
-    ]
-    filterset_fields = [
-        "identifier",
-        "intent",
-        "user__username",
-        "description",
-    ]
-    ordering = ["expires"]
 
-    @swagger_auto_schema(responses={200: TokenViewSerializer(many=False)})
     @action(detail=True)
-    # pylint: disable=unused-argument
     def view_key(self, request: Request, identifier: str) -> Response:
         """Return token key and log access"""
-        token: Token = self.get_object()
-        if token.is_expired:
+        tokens = Token.filter_not_expired(identifier=identifier)
+        if not tokens.exists():
             raise Http404
-        Event.new(EventAction.SECRET_VIEW, secret=token).from_http(  # noqa # nosec
-            request
-        )
-        return Response(TokenViewSerializer({"key": token.key}).data)
+        token = tokens.first()
+        Event.new(EventAction.TOKEN_VIEW, token=token).from_http(request)
+        return Response({"key": token.key})

authentik/core/api/users.py

@@ -2,44 +2,40 @@
 from drf_yasg2.utils import swagger_auto_schema
 from guardian.utils import get_anonymous_user
 from rest_framework.decorators import action
-from rest_framework.fields import CharField
 from rest_framework.request import Request
 from rest_framework.response import Response
-from rest_framework.serializers import BooleanField, ModelSerializer
+from rest_framework.serializers import (
+    BooleanField,
+    ModelSerializer,
+    SerializerMethodField,
+)
 from rest_framework.viewsets import ModelViewSet
 
 from authentik.core.models import User
+from authentik.lib.templatetags.authentik_utils import avatar
 
 
 class UserSerializer(ModelSerializer):
     """User Serializer"""
 
     is_superuser = BooleanField(read_only=True)
-    avatar = CharField(read_only=True)
+    avatar = SerializerMethodField()
+
+    def get_avatar(self, user: User) -> str:
+        """Add user's avatar as URL"""
+        return avatar(user)
 
     class Meta:
 
         model = User
-        fields = [
-            "pk",
-            "username",
-            "name",
-            "is_active",
-            "last_login",
-            "is_superuser",
-            "email",
-            "avatar",
-            "attributes",
-        ]
+        fields = ["pk", "username", "name", "is_superuser", "email", "avatar"]
 
 
 class UserViewSet(ModelViewSet):
     """User Viewset"""
 
-    queryset = User.objects.none()
+    queryset = User.objects.all().exclude(pk=get_anonymous_user().pk)
     serializer_class = UserSerializer
-    search_fields = ["username", "name", "is_active"]
-    filterset_fields = ["username", "name", "is_active"]
 
     def get_queryset(self):
         return User.objects.all().exclude(pk=get_anonymous_user().pk)

authentik/core/api/utils.py

@@ -1,51 +0,0 @@
-"""API Utilities"""
-from django.db.models import Model
-from rest_framework.fields import CharField, IntegerField
-from rest_framework.serializers import Serializer, SerializerMethodField
-
-
-class MetaNameSerializer(Serializer):
-    """Add verbose names to response"""
-
-    verbose_name = SerializerMethodField()
-    verbose_name_plural = SerializerMethodField()
-
-    def create(self, validated_data: dict) -> Model:
-        raise NotImplementedError
-
-    def update(self, instance: Model, validated_data: dict) -> Model:
-        raise NotImplementedError
-
-    def get_verbose_name(self, obj: Model) -> str:
-        """Return object's verbose_name"""
-        return obj._meta.verbose_name
-
-    def get_verbose_name_plural(self, obj: Model) -> str:
-        """Return object's plural verbose_name"""
-        return obj._meta.verbose_name_plural
-
-
-class TypeCreateSerializer(Serializer):
-    """Types of an object that can be created"""
-
-    name = CharField(read_only=True)
-    description = CharField(read_only=True)
-    link = CharField(read_only=True)
-
-    def create(self, validated_data: dict) -> Model:
-        raise NotImplementedError
-
-    def update(self, instance: Model, validated_data: dict) -> Model:
-        raise NotImplementedError
-
-
-class CacheSerializer(Serializer):
-    """Generic cache stats for an object"""
-
-    count = IntegerField(read_only=True)
-
-    def create(self, validated_data: dict) -> Model:
-        raise NotImplementedError
-
-    def update(self, instance: Model, validated_data: dict) -> Model:
-        raise NotImplementedError

authentik/core/apps.py

@@ -1,6 +1,4 @@
 """authentik core app config"""
-from importlib import import_module
-
 from django.apps import AppConfig
 
 
@@ -11,6 +9,3 @@ class AuthentikCoreConfig(AppConfig):
     label = "authentik_core"
     verbose_name = "authentik Core"
     mountpoint = ""
-
-    def ready(self):
-        import_module("authentik.core.signals")

authentik/core/channels.py

@@ -1,7 +1,7 @@
 """Channels base classes"""
 from channels.exceptions import DenyConnection
 from channels.generic.websocket import JsonWebsocketConsumer
-from structlog.stdlib import get_logger
+from structlog import get_logger
 
 from authentik.api.auth import token_from_header
 from authentik.core.models import User