release: 2021.7.3

web/admin: fix source form's userMatchingMode being swapped
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> # Conflicts: # web/src/pages/sources/oauth/OAuthSourceForm.ts # web/src/pages/sources/plex/PlexSourceForm.ts
2021-08-05 19:23:03 +02:00 · 2021-08-05 18:48:02 +02:00 · 2021-08-05 18:16:06 +02:00 · 2021-08-05 17:47:45 +02:00 · 2021-08-05 17:46:28 +02:00 · 2021-08-05 09:44:58 +02:00
27 changed files with 373 additions and 189 deletions
--- a/.bumpversion.cfg
+++ b/.bumpversion.cfg
@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 2021.7.2
+current_version = 2021.7.3
 tag = True
 commit = True
 parse = (?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)\-?(?P<release>.*)
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -33,14 +33,14 @@ jobs:
        with:
          push: ${{ github.event_name == 'release' }}
          tags: |
-            beryju/authentik:2021.7.2,
+            beryju/authentik:2021.7.3,
            beryju/authentik:latest,
-            ghcr.io/goauthentik/server:2021.7.2,
+            ghcr.io/goauthentik/server:2021.7.3,
            ghcr.io/goauthentik/server:latest
          platforms: linux/amd64,linux/arm64
          context: .
      - name: Building Docker Image (stable)
-        if: ${{ github.event_name == 'release' && !contains('2021.7.2', 'rc') }}
+        if: ${{ github.event_name == 'release' && !contains('2021.7.3', 'rc') }}
        run: |
          docker pull beryju/authentik:latest
          docker tag beryju/authentik:latest beryju/authentik:stable
@ -75,14 +75,14 @@ jobs:
        with:
          push: ${{ github.event_name == 'release' }}
          tags: |
-            beryju/authentik-proxy:2021.7.2,
+            beryju/authentik-proxy:2021.7.3,
            beryju/authentik-proxy:latest,
-            ghcr.io/goauthentik/proxy:2021.7.2,
+            ghcr.io/goauthentik/proxy:2021.7.3,
            ghcr.io/goauthentik/proxy:latest
          file: proxy.Dockerfile
          platforms: linux/amd64,linux/arm64
      - name: Building Docker Image (stable)
-        if: ${{ github.event_name == 'release' && !contains('2021.7.2', 'rc') }}
+        if: ${{ github.event_name == 'release' && !contains('2021.7.3', 'rc') }}
        run: |
          docker pull beryju/authentik-proxy:latest
          docker tag beryju/authentik-proxy:latest beryju/authentik-proxy:stable
@ -117,14 +117,14 @@ jobs:
        with:
          push: ${{ github.event_name == 'release' }}
          tags: |
-            beryju/authentik-ldap:2021.7.2,
+            beryju/authentik-ldap:2021.7.3,
            beryju/authentik-ldap:latest,
-            ghcr.io/goauthentik/ldap:2021.7.2,
+            ghcr.io/goauthentik/ldap:2021.7.3,
            ghcr.io/goauthentik/ldap:latest
          file: ldap.Dockerfile
          platforms: linux/amd64,linux/arm64
      - name: Building Docker Image (stable)
-        if: ${{ github.event_name == 'release' && !contains('2021.7.2', 'rc') }}
+        if: ${{ github.event_name == 'release' && !contains('2021.7.3', 'rc') }}
        run: |
          docker pull beryju/authentik-ldap:latest
          docker tag beryju/authentik-ldap:latest beryju/authentik-ldap:stable
@ -176,7 +176,7 @@ jobs:
          SENTRY_PROJECT: authentik
          SENTRY_URL: https://sentry.beryju.org
        with:
-          version: authentik@2021.7.2
+          version: authentik@2021.7.3
          environment: beryjuorg-prod
          sourcemaps: './web/dist'
          url_prefix: '~/static/dist'
--- a/.gitignore
+++ b/.gitignore
@ -200,4 +200,4 @@ media/
 *mmdb

 .idea/
-api/
+/api/
--- a/authentik/init.py
+++ b/authentik/init.py
@ -1,3 +1,3 @@
 """authentik"""
-__version__ = "2021.7.2"
+__version__ = "2021.7.3"
 ENV_GIT_HASH_KEY = "GIT_BUILD_HASH"
--- a/authentik/core/api/users.py
+++ b/authentik/core/api/users.py
@ -10,6 +10,7 @@ from drf_spectacular.utils import extend_schema, extend_schema_field
 from guardian.utils import get_anonymous_user
 from rest_framework.decorators import action
 from rest_framework.fields import CharField, JSONField, SerializerMethodField
+from rest_framework.permissions import IsAuthenticated
 from rest_framework.request import Request
 from rest_framework.response import Response
 from rest_framework.serializers import (
@ -62,12 +63,40 @@ class UserSerializer(ModelSerializer):
        ]


+class UserSelfSerializer(ModelSerializer):
+    """User Serializer for information a user can retrieve about themselves and
+    update about themselves"""
+
+    is_superuser = BooleanField(read_only=True)
+    avatar = CharField(read_only=True)
+    groups = ListSerializer(child=GroupSerializer(), read_only=True, source="ak_groups")
+    uid = CharField(read_only=True)
+
+    class Meta:
+
+        model = User
+        fields = [
+            "pk",
+            "username",
+            "name",
+            "is_active",
+            "is_superuser",
+            "groups",
+            "email",
+            "avatar",
+            "uid",
+        ]
+        extra_kwargs = {
+            "is_active": {"read_only": True},
+        }
+
+
 class SessionUserSerializer(PassiveSerializer):
    """Response for the /user/me endpoint, returns the currently active user (as `user` property)
    and, if this user is being impersonated, the original user in the `original` property."""

-    user = UserSerializer()
-    original = UserSerializer(required=False)
+    user = UserSelfSerializer()
+    original = UserSelfSerializer(required=False)


 class UserMetricsSerializer(PassiveSerializer):
@ -158,12 +187,36 @@ class UserViewSet(UsedByMixin, ModelViewSet):
            data={"user": UserSerializer(request.user).data}
        )
        if SESSION_IMPERSONATE_USER in request._request.session:
-            serializer.initial_data["original"] = UserSerializer(
+            serializer.initial_data["original"] = UserSelfSerializer(
                request._request.session[SESSION_IMPERSONATE_ORIGINAL_USER]
            ).data
        serializer.is_valid()
        return Response(serializer.data)

+    @extend_schema(
+        request=UserSelfSerializer, responses={200: SessionUserSerializer(many=False)}
+    )
+    @action(
+        methods=["PUT"],
+        detail=False,
+        pagination_class=None,
+        filter_backends=[],
+        permission_classes=[IsAuthenticated],
+    )
+    def update_self(self, request: Request) -> Response:
+        """Allow users to change information on their own profile"""
+        data = UserSelfSerializer(
+            instance=User.objects.get(pk=request.user.pk), data=request.data
+        )
+        if not data.is_valid():
+            return Response(data.errors)
+        new_user = data.save()
+        # If we're impersonating, we need to update that user object
+        # since it caches the full object
+        if SESSION_IMPERSONATE_USER in request.session:
+            request.session[SESSION_IMPERSONATE_USER] = new_user
+        return self.me(request)
+
    @permission_required("authentik_core.view_user", ["authentik_events.view_event"])
    @extend_schema(responses={200: UserMetricsSerializer(many=False)})
    @action(detail=True, pagination_class=None, filter_backends=[])
--- a/authentik/providers/saml/processors/assertion.py
+++ b/authentik/providers/saml/processors/assertion.py
@ -163,7 +163,7 @@ class AssertionProcessor:
                    provider=self.provider,
                )
                if value is not None:
-                    name_id.text = value
+                    name_id.text = str(value)
                return name_id
            except PropertyMappingExpressionException as exc:
                Event.new(
--- a/authentik/providers/saml/processors/metadata_parser.py
+++ b/authentik/providers/saml/processors/metadata_parser.py
@ -134,10 +134,18 @@ class ServiceProviderMetadataParser:
        # For now we'll only look at the first descriptor.
        # Even if multiple descriptors exist, we can only configure one
        descriptor = sp_sso_descriptors[0]
+
+        auth_n_request_signed = False
+        if "AuthnRequestsSigned" in descriptor.attrib:
            auth_n_request_signed = (
                descriptor.attrib["AuthnRequestsSigned"].lower() == "true"
            )
-        assertion_signed = descriptor.attrib["WantAssertionsSigned"].lower() == "true"
+
+        assertion_signed = False
+        if "WantAssertionsSigned" in descriptor.attrib:
+            assertion_signed = (
+                descriptor.attrib["WantAssertionsSigned"].lower() == "true"
+            )

        acs_services = descriptor.findall(
            f"{{{NS_SAML_METADATA}}}AssertionConsumerService"
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -21,7 +21,7 @@ services:
    networks:
      - internal
  server:
-    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2021.7.2}
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2021.7.3}
    restart: unless-stopped
    command: server
    environment:
@ -44,7 +44,7 @@ services:
      - "0.0.0.0:9000:9000"
      - "0.0.0.0:9443:9443"
  worker:
-    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2021.7.2}
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2021.7.3}
    restart: unless-stopped
    command: worker
    networks:
--- a/internal/constants/constants.go
+++ b/internal/constants/constants.go
@ -17,4 +17,4 @@ func OutpostUserAgent() string {
 	return fmt.Sprintf("authentik-outpost@%s (%s)", VERSION, BUILD())
 }

-const VERSION = "2021.7.2"
+const VERSION = "2021.7.3"
--- a/internal/outpost/ldap/instance_bind.go
+++ b/internal/outpost/ldap/instance_bind.go
@ -75,7 +75,7 @@ func (pi *ProviderInstance) Bind(username string, req BindRequest) (ldap.LDAPRes
 	pi.boundUsersMutex.Lock()
 	cs := pi.SearchAccessCheck(userInfo.User)
 	pi.boundUsers[req.BindDN] = UserFlags{
-		UserInfo:  userInfo.User,
+		UserPk:    userInfo.User.Pk,
 		CanSearch: cs != nil,
 	}
 	if pi.boundUsers[req.BindDN].CanSearch {
@ -88,7 +88,7 @@ func (pi *ProviderInstance) Bind(username string, req BindRequest) (ldap.LDAPRes
 }

 // SearchAccessCheck Check if the current user is allowed to search
-func (pi *ProviderInstance) SearchAccessCheck(user api.User) *string {
+func (pi *ProviderInstance) SearchAccessCheck(user api.UserSelf) *string {
 	for _, group := range user.Groups {
 		for _, allowedGroup := range pi.searchAllowedGroups {
 			pi.log.WithField("userGroup", group.Pk).WithField("allowedGroup", allowedGroup).Trace("Checking search access")
--- a/internal/outpost/ldap/instance_search.go
+++ b/internal/outpost/ldap/instance_search.go
@ -11,9 +11,17 @@ import (
 	"goauthentik.io/api"
 )

-func (pi *ProviderInstance) SearchMe(user api.User) (ldap.ServerSearchResult, error) {
+func (pi *ProviderInstance) SearchMe(req SearchRequest, f UserFlags) (ldap.ServerSearchResult, error) {
+	if f.UserInfo == nil {
+		u, _, err := pi.s.ac.Client.CoreApi.CoreUsersRetrieve(req.ctx, f.UserInfo.Pk).Execute()
+		if err != nil {
+			req.log.WithError(err).Warning("Failed to get user info")
+			return ldap.ServerSearchResult{ResultCode: ldap.LDAPResultOperationsError}, fmt.Errorf("Failed to get userinfo")
+		}
+		f.UserInfo = &u
+	}
 	entries := make([]*ldap.Entry, 1)
-	entries[0] = pi.UserEntry(user)
+	entries[0] = pi.UserEntry(*f.UserInfo)
 	return ldap.ServerSearchResult{Entries: entries, Referrals: []string{}, Controls: []ldap.Control{}, ResultCode: ldap.LDAPResultSuccess}, nil
 }

@ -42,7 +50,7 @@ func (pi *ProviderInstance) Search(req SearchRequest) (ldap.ServerSearchResult,
 	}
 	if !flags.CanSearch {
 		pi.log.Debug("User can't search, showing info about user")
-		return pi.SearchMe(flags.UserInfo)
+		return pi.SearchMe(req, flags)
 	}
 	accsp.Finish()

--- a/internal/outpost/ldap/ldap.go
+++ b/internal/outpost/ldap/ldap.go
@ -39,7 +39,8 @@ type ProviderInstance struct {
 }

 type UserFlags struct {
-	UserInfo  api.User
+	UserInfo  *api.User
+	UserPk    int32
 	CanSearch bool
 }

--- a/lifecycle/gunicorn.conf.py
+++ b/lifecycle/gunicorn.conf.py
@ -51,7 +51,8 @@ logconfig_dict = {
 if SERVICE_HOST_ENV_NAME in os.environ:
    workers = 2
 else:
-    workers = int(os.environ.get("WORKERS", cpu_count() * 2 + 1))
+    default_workers = max(cpu_count() * 0.25, 1) + 1  # Minimum of 2 workers
+    workers = int(os.environ.get("WORKERS", default_workers))
 threads = 4

 warnings.simplefilter("once")
--- a/schema.yml
+++ b/schema.yml
@ -1,7 +1,7 @@
 openapi: 3.0.3
 info:
  title: authentik
-  version: 2021.7.2
+  version: 2021.7.3
  description: Making authentication simple.
  contact:
    email: hello@beryju.org
@ -3185,6 +3185,38 @@ paths:
          $ref: '#/components/schemas/ValidationError'
        '403':
          $ref: '#/components/schemas/GenericError'
+  /api/v2beta/core/users/update_self/:
+    put:
+      operationId: core_users_update_self_update
+      description: Allow users to change information on their own profile
+      tags:
+      - core
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/UserSelfRequest'
+          application/x-www-form-urlencoded:
+            schema:
+              $ref: '#/components/schemas/UserSelfRequest'
+          multipart/form-data:
+            schema:
+              $ref: '#/components/schemas/UserSelfRequest'
+        required: true
+      security:
+      - authentik: []
+      - cookieAuth: []
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SessionUser'
+          description: ''
+        '400':
+          $ref: '#/components/schemas/ValidationError'
+        '403':
+          $ref: '#/components/schemas/GenericError'
  /api/v2beta/crypto/certificatekeypairs/:
    get:
      operationId: crypto_certificatekeypairs_list
@ -27577,9 +27609,9 @@ components:
        and, if this user is being impersonated, the original user in the `original` property.
      properties:
        user:
-          $ref: '#/components/schemas/User'
+          $ref: '#/components/schemas/UserSelf'
        original:
-          $ref: '#/components/schemas/User'
+          $ref: '#/components/schemas/UserSelf'
      required:
      - user
    SetIconRequest:
@ -28478,6 +28510,82 @@ components:
      required:
      - name
      - username
+    UserSelf:
+      type: object
+      description: |-
+        User Serializer for information a user can retrieve about themselves and
+        update about themselves
+      properties:
+        pk:
+          type: integer
+          readOnly: true
+          title: ID
+        username:
+          type: string
+          description: Required. 150 characters or fewer. Letters, digits and @/./+/-/_
+            only.
+          pattern: ^[\w.@+-]+$
+          maxLength: 150
+        name:
+          type: string
+          description: User's display name.
+        is_active:
+          type: boolean
+          readOnly: true
+          title: Active
+          description: Designates whether this user should be treated as active. Unselect
+            this instead of deleting accounts.
+        is_superuser:
+          type: boolean
+          readOnly: true
+        groups:
+          type: array
+          items:
+            $ref: '#/components/schemas/Group'
+          readOnly: true
+        email:
+          type: string
+          format: email
+          title: Email address
+          maxLength: 254
+        avatar:
+          type: string
+          readOnly: true
+        uid:
+          type: string
+          readOnly: true
+      required:
+      - avatar
+      - groups
+      - is_active
+      - is_superuser
+      - name
+      - pk
+      - uid
+      - username
+    UserSelfRequest:
+      type: object
+      description: |-
+        User Serializer for information a user can retrieve about themselves and
+        update about themselves
+      properties:
+        username:
+          type: string
+          description: Required. 150 characters or fewer. Letters, digits and @/./+/-/_
+            only.
+          pattern: ^[\w.@+-]+$
+          maxLength: 150
+        name:
+          type: string
+          description: User's display name.
+        email:
+          type: string
+          format: email
+          title: Email address
+          maxLength: 254
+      required:
+      - name
+      - username
    UserSetting:
      type: object
      description: Serializer for User settings for stages and sources
--- a/web/src/constants.ts
+++ b/web/src/constants.ts
@ -3,7 +3,7 @@ export const SUCCESS_CLASS = "pf-m-success";
 export const ERROR_CLASS = "pf-m-danger";
 export const PROGRESS_CLASS = "pf-m-in-progress";
 export const CURRENT_CLASS = "pf-m-current";
-export const VERSION = "2021.7.2";
+export const VERSION = "2021.7.3";
 export const PAGE_SIZE = 20;
 export const TITLE_DEFAULT = "authentik";
 export const ROUTE_SEPARATOR = ";";
--- a/web/src/elements/forms/ModelForm.ts
+++ b/web/src/elements/forms/ModelForm.ts
@ -3,19 +3,21 @@ import { EVENT_REFRESH } from "../../constants";
 import { Form } from "./Form";

 export abstract class ModelForm<T, PKT extends string | number> extends Form<T> {
+    viewportCheck = true;

    abstract loadInstance(pk: PKT): Promise<T>;

    @property({attribute: false})
    set instancePk(value: PKT) {
        this._instancePk = value;
-        if (this.isInViewport) {
-            this.loadInstance(value).then(instance => {
+        if (this.viewportCheck && !this.isInViewport) {
+            return;
+        }
+        this.loadInstance(value).then((instance) => {
            this.instance = instance;
            this.requestUpdate();
        });
    }
-    }

    private _instancePk?: PKT;

--- a/web/src/locales/en.po
+++ b/web/src/locales/en.po
@ -1077,7 +1077,7 @@ msgstr "Delete Refresh Code"
 msgid "Delete Session"
 msgstr "Delete Session"

-#: src/pages/user-settings/UserDetailsPage.ts
+#: src/pages/user-settings/UserSelfForm.ts
 msgid "Delete account"
 msgstr "Delete account"

@ -1297,7 +1297,7 @@ msgstr "Either no applications are defined, or you don't have access to any."
 #: src/flows/stages/identification/IdentificationStage.ts
 #: src/pages/events/TransportForm.ts
 #: src/pages/stages/identification/IdentificationStageForm.ts
-#: src/pages/user-settings/UserDetailsPage.ts
+#: src/pages/user-settings/UserSelfForm.ts
 #: src/pages/users/UserForm.ts
 #: src/pages/users/UserViewPage.ts
 msgid "Email"
@ -1434,7 +1434,6 @@ msgstr "Everything is ok."
 msgid "Exception"
 msgstr "Exception"

-#: src/pages/flows/FlowListPage.ts
 #: src/pages/flows/FlowViewPage.ts
 msgid "Execute"
 msgstr "Execute"
@ -1487,7 +1486,6 @@ msgstr "Expiry date"
 msgid "Explicit Consent"
 msgstr "Explicit Consent"

-#: src/pages/flows/FlowListPage.ts
 #: src/pages/flows/FlowViewPage.ts
 msgid "Export"
 msgstr "Export"
@ -2113,7 +2111,7 @@ msgstr "Load servers"
 #: src/flows/stages/prompt/PromptStage.ts
 #: src/pages/applications/ApplicationViewPage.ts
 #: src/pages/applications/ApplicationViewPage.ts
-#: src/pages/user-settings/UserDetailsPage.ts
+#: src/pages/user-settings/UserSelfForm.ts
 #: src/utils.ts
 msgid "Loading"
 msgstr "Loading"
@ -2402,7 +2400,7 @@ msgstr "My Applications"
 #: src/pages/stages/user_login/UserLoginStageForm.ts
 #: src/pages/stages/user_logout/UserLogoutStageForm.ts
 #: src/pages/stages/user_write/UserWriteStageForm.ts
-#: src/pages/user-settings/UserDetailsPage.ts
+#: src/pages/user-settings/UserSelfForm.ts
 #: src/pages/users/UserForm.ts
 #: src/pages/users/UserListPage.ts
 #: src/pages/users/UserViewPage.ts
@ -3118,7 +3116,7 @@ msgstr "Request token URL"
 msgid "Required"
 msgstr "Required"

-#: src/pages/user-settings/UserDetailsPage.ts
+#: src/pages/user-settings/UserSelfForm.ts
 #: src/pages/users/UserForm.ts
 msgid "Required. 150 characters or fewer. Letters, digits and @/./+/-/_ only."
 msgstr "Required. 150 characters or fewer. Letters, digits and @/./+/-/_ only."
@ -3765,7 +3763,7 @@ msgstr "Successfully updated binding."
 msgid "Successfully updated certificate-key pair."
 msgstr "Successfully updated certificate-key pair."

-#: src/pages/user-settings/UserDetailsPage.ts
+#: src/pages/user-settings/UserSelfForm.ts
 msgid "Successfully updated details."
 msgstr "Successfully updated details."

@ -4297,7 +4295,7 @@ msgstr "Up-to-date!"
 #: src/pages/stages/StageListPage.ts
 #: src/pages/stages/prompt/PromptListPage.ts
 #: src/pages/tenants/TenantListPage.ts
-#: src/pages/user-settings/UserDetailsPage.ts
+#: src/pages/user-settings/UserSelfForm.ts
 #: src/pages/user-settings/settings/UserSettingsAuthenticatorWebAuthn.ts
 #: src/pages/user-settings/settings/UserSettingsAuthenticatorWebAuthn.ts
 #: src/pages/user-settings/settings/UserSettingsAuthenticatorWebAuthn.ts
@ -4400,7 +4398,7 @@ msgstr "Update User"
 msgid "Update available"
 msgstr "Update available"

-#: src/pages/user-settings/UserDetailsPage.ts
+#: src/pages/user-settings/UserSettingsPage.ts
 msgid "Update details"
 msgstr "Update details"

@ -4533,7 +4531,7 @@ msgstr "User {0}"
 msgid "User's avatar"
 msgstr "User's avatar"

-#: src/pages/user-settings/UserDetailsPage.ts
+#: src/pages/user-settings/UserSelfForm.ts
 #: src/pages/users/UserForm.ts
 msgid "User's display name."
 msgstr "User's display name."
@ -4553,7 +4551,7 @@ msgstr "Userinfo URL"
 #: src/flows/stages/identification/IdentificationStage.ts
 #: src/pages/policies/reputation/UserReputationListPage.ts
 #: src/pages/stages/identification/IdentificationStageForm.ts
-#: src/pages/user-settings/UserDetailsPage.ts
+#: src/pages/user-settings/UserSelfForm.ts
 #: src/pages/users/UserForm.ts
 #: src/pages/users/UserViewPage.ts
 msgid "Username"
--- a/web/src/locales/pseudo-LOCALE.po
+++ b/web/src/locales/pseudo-LOCALE.po
@ -1071,7 +1071,7 @@ msgstr ""
 msgid "Delete Session"
 msgstr ""

-#: src/pages/user-settings/UserDetailsPage.ts
+#: src/pages/user-settings/UserSelfForm.ts
 msgid "Delete account"
 msgstr ""

@ -1289,7 +1289,7 @@ msgstr ""
 #: src/flows/stages/identification/IdentificationStage.ts
 #: src/pages/events/TransportForm.ts
 #: src/pages/stages/identification/IdentificationStageForm.ts
-#: src/pages/user-settings/UserDetailsPage.ts
+#: src/pages/user-settings/UserSelfForm.ts
 #: src/pages/users/UserForm.ts
 #: src/pages/users/UserViewPage.ts
 msgid "Email"
@ -1426,7 +1426,6 @@ msgstr ""
 msgid "Exception"
 msgstr ""

-#: src/pages/flows/FlowListPage.ts
 #: src/pages/flows/FlowViewPage.ts
 msgid "Execute"
 msgstr ""
@ -1479,7 +1478,6 @@ msgstr ""
 msgid "Explicit Consent"
 msgstr ""

-#: src/pages/flows/FlowListPage.ts
 #: src/pages/flows/FlowViewPage.ts
 msgid "Export"
 msgstr ""
@ -2105,7 +2103,7 @@ msgstr ""
 #: src/flows/stages/prompt/PromptStage.ts
 #: src/pages/applications/ApplicationViewPage.ts
 #: src/pages/applications/ApplicationViewPage.ts
-#: src/pages/user-settings/UserDetailsPage.ts
+#: src/pages/user-settings/UserSelfForm.ts
 #: src/utils.ts
 msgid "Loading"
 msgstr ""
@ -2394,7 +2392,7 @@ msgstr ""
 #: src/pages/stages/user_login/UserLoginStageForm.ts
 #: src/pages/stages/user_logout/UserLogoutStageForm.ts
 #: src/pages/stages/user_write/UserWriteStageForm.ts
-#: src/pages/user-settings/UserDetailsPage.ts
+#: src/pages/user-settings/UserSelfForm.ts
 #: src/pages/users/UserForm.ts
 #: src/pages/users/UserListPage.ts
 #: src/pages/users/UserViewPage.ts
@ -3110,7 +3108,7 @@ msgstr ""
 msgid "Required"
 msgstr ""

-#: src/pages/user-settings/UserDetailsPage.ts
+#: src/pages/user-settings/UserSelfForm.ts
 #: src/pages/users/UserForm.ts
 msgid "Required. 150 characters or fewer. Letters, digits and @/./+/-/_ only."
 msgstr ""
@ -3757,7 +3755,7 @@ msgstr ""
 msgid "Successfully updated certificate-key pair."
 msgstr ""

-#: src/pages/user-settings/UserDetailsPage.ts
+#: src/pages/user-settings/UserSelfForm.ts
 msgid "Successfully updated details."
 msgstr ""

@ -4282,7 +4280,7 @@ msgstr ""
 #: src/pages/stages/StageListPage.ts
 #: src/pages/stages/prompt/PromptListPage.ts
 #: src/pages/tenants/TenantListPage.ts
-#: src/pages/user-settings/UserDetailsPage.ts
+#: src/pages/user-settings/UserSelfForm.ts
 #: src/pages/user-settings/settings/UserSettingsAuthenticatorWebAuthn.ts
 #: src/pages/user-settings/settings/UserSettingsAuthenticatorWebAuthn.ts
 #: src/pages/user-settings/settings/UserSettingsAuthenticatorWebAuthn.ts
@ -4385,7 +4383,7 @@ msgstr ""
 msgid "Update available"
 msgstr ""

-#: src/pages/user-settings/UserDetailsPage.ts
+#: src/pages/user-settings/UserSettingsPage.ts
 msgid "Update details"
 msgstr ""

@ -4518,7 +4516,7 @@ msgstr ""
 msgid "User's avatar"
 msgstr ""

-#: src/pages/user-settings/UserDetailsPage.ts
+#: src/pages/user-settings/UserSelfForm.ts
 #: src/pages/users/UserForm.ts
 msgid "User's display name."
 msgstr ""
@ -4538,7 +4536,7 @@ msgstr ""
 #: src/flows/stages/identification/IdentificationStage.ts
 #: src/pages/policies/reputation/UserReputationListPage.ts
 #: src/pages/stages/identification/IdentificationStageForm.ts
-#: src/pages/user-settings/UserDetailsPage.ts
+#: src/pages/user-settings/UserSelfForm.ts
 #: src/pages/users/UserForm.ts
 #: src/pages/users/UserViewPage.ts
 msgid "Username"
--- a/web/src/pages/sources/oauth/OAuthSourceForm.ts
+++ b/web/src/pages/sources/oauth/OAuthSourceForm.ts
@ -124,16 +124,16 @@ export class OAuthSourceForm extends ModelForm<OAuthSource, string> {
                    <option value=${UserMatchingModeEnum.Identifier} ?selected=${this.instance?.userMatchingMode === UserMatchingModeEnum.Identifier}>
                        ${t`Link users on unique identifier`}
                    </option>
-                    <option value=${UserMatchingModeEnum.UsernameLink} ?selected=${this.instance?.userMatchingMode === UserMatchingModeEnum.UsernameLink}>
+                    <option value=${UserMatchingModeEnum.EmailLink} ?selected=${this.instance?.userMatchingMode === UserMatchingModeEnum.EmailLink}>
                        ${t`Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses`}
                    </option>
-                    <option value=${UserMatchingModeEnum.UsernameDeny} ?selected=${this.instance?.userMatchingMode === UserMatchingModeEnum.UsernameDeny}>
+                    <option value=${UserMatchingModeEnum.EmailDeny} ?selected=${this.instance?.userMatchingMode === UserMatchingModeEnum.EmailDeny}>
                        ${t`Use the user's email address, but deny enrollment when the email address already exists.`}
                    </option>
-                    <option value=${UserMatchingModeEnum.EmailLink} ?selected=${this.instance?.userMatchingMode === UserMatchingModeEnum.EmailLink}>
+                    <option value=${UserMatchingModeEnum.UsernameLink} ?selected=${this.instance?.userMatchingMode === UserMatchingModeEnum.UsernameLink}>
                        ${t`Link to a user with identical username address. Can have security implications when a username is used with another source.`}
                    </option>
-                    <option value=${UserMatchingModeEnum.EmailDeny} ?selected=${this.instance?.userMatchingMode === UserMatchingModeEnum.EmailDeny}>
+                    <option value=${UserMatchingModeEnum.UsernameDeny} ?selected=${this.instance?.userMatchingMode === UserMatchingModeEnum.UsernameDeny}>
                        ${t`Use the user's username, but deny enrollment when the username already exists.`}
                    </option>
                </select>
--- a/web/src/pages/sources/plex/PlexSourceForm.ts
+++ b/web/src/pages/sources/plex/PlexSourceForm.ts
@ -146,16 +146,16 @@ export class PlexSourceForm extends ModelForm<PlexSource, string> {
                    <option value=${UserMatchingModeEnum.Identifier} ?selected=${this.instance?.userMatchingMode === UserMatchingModeEnum.Identifier}>
                        ${t`Link users on unique identifier`}
                    </option>
-                    <option value=${UserMatchingModeEnum.UsernameLink} ?selected=${this.instance?.userMatchingMode === UserMatchingModeEnum.UsernameLink}>
+                    <option value=${UserMatchingModeEnum.EmailLink} ?selected=${this.instance?.userMatchingMode === UserMatchingModeEnum.EmailLink}>
                        ${t`Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses`}
                    </option>
-                    <option value=${UserMatchingModeEnum.UsernameDeny} ?selected=${this.instance?.userMatchingMode === UserMatchingModeEnum.UsernameDeny}>
+                    <option value=${UserMatchingModeEnum.EmailDeny} ?selected=${this.instance?.userMatchingMode === UserMatchingModeEnum.EmailDeny}>
                        ${t`Use the user's email address, but deny enrollment when the email address already exists.`}
                    </option>
-                    <option value=${UserMatchingModeEnum.EmailLink} ?selected=${this.instance?.userMatchingMode === UserMatchingModeEnum.EmailLink}>
+                    <option value=${UserMatchingModeEnum.UsernameLink} ?selected=${this.instance?.userMatchingMode === UserMatchingModeEnum.UsernameLink}>
                        ${t`Link to a user with identical username address. Can have security implications when a username is used with another source.`}
                    </option>
-                    <option value=${UserMatchingModeEnum.EmailDeny} ?selected=${this.instance?.userMatchingMode === UserMatchingModeEnum.EmailDeny}>
+                    <option value=${UserMatchingModeEnum.UsernameDeny} ?selected=${this.instance?.userMatchingMode === UserMatchingModeEnum.UsernameDeny}>
                        ${t`Use the user's username, but deny enrollment when the username already exists.`}
                    </option>
                </select>
--- a/web/src/pages/user-settings/UserDetailsPage.ts
+++ b/web/src/pages/user-settings/UserDetailsPage.ts
@ -1,101 +0,0 @@
-import { t } from "@lingui/macro";
-import { CSSResult, customElement, html, LitElement, property, TemplateResult } from "lit-element";
-import PFCard from "@patternfly/patternfly/components/Card/card.css";
-import AKGlobal from "../../authentik.css";
-import PFButton from "@patternfly/patternfly/components/Button/button.css";
-import PFBase from "@patternfly/patternfly/patternfly-base.css";
-import PFForm from "@patternfly/patternfly/components/Form/form.css";
-import PFFormControl from "@patternfly/patternfly/components/FormControl/form-control.css";
-import { CoreApi, User } from "authentik-api";
-import { me } from "../../api/Users";
-import { ifDefined } from "lit-html/directives/if-defined";
-import { DEFAULT_CONFIG, tenant } from "../../api/Config";
-import "../../elements/forms/FormElement";
-import "../../elements/EmptyState";
-import "../../elements/forms/Form";
-import "../../elements/forms/HorizontalFormElement";
-import { until } from "lit-html/directives/until";
-
-@customElement("ak-user-details")
-export class UserDetailsPage extends LitElement {
-
-    static get styles(): CSSResult[] {
-        return [PFBase, PFCard, PFForm, PFFormControl, PFButton, AKGlobal];
-    }
-
-    @property({attribute: false})
-    user?: User;
-
-    firstUpdated(): void {
-        me().then((user) => {
-            this.user = user.user;
-        });
-    }
-
-    render(): TemplateResult {
-        if (!this.user) {
-            return html`<ak-empty-state
-                ?loading="${true}"
-                header=${t`Loading`}>
-            </ak-empty-state>`;
-        }
-        return html`<div class="pf-c-card">
-            <div class="pf-c-card__title">
-                ${t`Update details`}
-            </div>
-            <div class="pf-c-card__body">
-                <ak-form
-                    successMessage=${t`Successfully updated details.`}
-                    .send=${(data: unknown) => {
-                        return new CoreApi(DEFAULT_CONFIG).coreUsersUpdate({
-                            id: this.user?.pk || 0,
-                            userRequest: data as User
-                        });
-                    }}>
-                    <form class="pf-c-form pf-m-horizontal">
-                        <ak-form-element-horizontal
-                            label=${t`Username`}
-                            ?required=${true}
-                            name="username">
-                            <input type="text" value="${ifDefined(this.user?.username)}" class="pf-c-form-control" required>
-                            <p class="pf-c-form__helper-text">${t`Required. 150 characters or fewer. Letters, digits and @/./+/-/_ only.`}</p>
-                        </ak-form-element-horizontal>
-                        <ak-form-element-horizontal
-                            label=${t`Name`}
-                            ?required=${true}
-                            name="name">
-                            <input type="text" value="${ifDefined(this.user?.name)}" class="pf-c-form-control" required>
-                            <p class="pf-c-form__helper-text">${t`User's display name.`}</p>
-                        </ak-form-element-horizontal>
-                        <ak-form-element-horizontal
-                            label=${t`Email`}
-                            ?required=${true}
-                            name="email">
-                            <input type="email" value="${ifDefined(this.user?.email)}" class="pf-c-form-control" required>
-                        </ak-form-element-horizontal>
-
-                        <div class="pf-c-form__group pf-m-action">
-                            <div class="pf-c-form__horizontal-group">
-                                <div class="pf-c-form__actions">
-                                    <button class="pf-c-button pf-m-primary">
-                                        ${t`Update`}
-                                    </button>
-                                    ${until(tenant().then(tenant => {
-                                        if (tenant.flowUnenrollment) {
-                                            return html`<a class="pf-c-button pf-m-danger"
-                                                href="/if/flow/${tenant.flowUnenrollment}">
-                                                ${t`Delete account`}
-                                            </a>`;
-                                        }
-                                        return html``;
-                                    }))}
-                                </div>
-                            </div>
-                        </div>
-                    </form>
-                </ak-form>
-            </div>
-        </div>`;
-    }
-
-}
--- a/web/src/pages/user-settings/UserSelfForm.ts
+++ b/web/src/pages/user-settings/UserSelfForm.ts
@ -0,0 +1,100 @@
+import { t } from "@lingui/macro";
+import { customElement, html, TemplateResult } from "lit-element";
+import { CoreApi, UserSelf } from "authentik-api";
+import { ifDefined } from "lit-html/directives/if-defined";
+import { DEFAULT_CONFIG, tenant } from "../../api/Config";
+import "../../elements/forms/FormElement";
+import "../../elements/EmptyState";
+import "../../elements/forms/Form";
+import "../../elements/forms/HorizontalFormElement";
+import { until } from "lit-html/directives/until";
+import { ModelForm } from "../../elements/forms/ModelForm";
+
+@customElement("ak-user-self-form")
+export class UserSelfForm extends ModelForm<UserSelf, number> {
+    viewportCheck = false;
+
+    // eslint-disable-next-line @typescript-eslint/no-unused-vars
+    loadInstance(pk: number): Promise<UserSelf> {
+        return new CoreApi(DEFAULT_CONFIG).coreUsersMeRetrieve().then((su) => {
+            return su.user;
+        });
+    }
+
+    getSuccessMessage(): string {
+        return t`Successfully updated details.`;
+    }
+
+    send = (data: UserSelf): Promise<UserSelf> => {
+        return new CoreApi(DEFAULT_CONFIG)
+            .coreUsersUpdateSelfUpdate({
+                userSelfRequest: data,
+            })
+            .then((su) => {
+                return su.user;
+            });
+    };
+
+    renderForm(): TemplateResult {
+        if (!this.instance) {
+            return html`<ak-empty-state ?loading="${true}" header=${t`Loading`}> </ak-empty-state>`;
+        }
+        return html`<form class="pf-c-form pf-m-horizontal">
+            <ak-form-element-horizontal label=${t`Username`} ?required=${true} name="username">
+                <input
+                    type="text"
+                    value="${ifDefined(this.instance?.username)}"
+                    class="pf-c-form-control"
+                    required
+                />
+                <p class="pf-c-form__helper-text">
+                    ${t`Required. 150 characters or fewer. Letters, digits and @/./+/-/_ only.`}
+                </p>
+            </ak-form-element-horizontal>
+            <ak-form-element-horizontal label=${t`Name`} ?required=${true} name="name">
+                <input
+                    type="text"
+                    value="${ifDefined(this.instance?.name)}"
+                    class="pf-c-form-control"
+                    required
+                />
+                <p class="pf-c-form__helper-text">${t`User's display name.`}</p>
+            </ak-form-element-horizontal>
+            <ak-form-element-horizontal label=${t`Email`} name="email">
+                <input
+                    type="email"
+                    value="${ifDefined(this.instance?.email)}"
+                    class="pf-c-form-control"
+                />
+            </ak-form-element-horizontal>
+
+            <div class="pf-c-form__group pf-m-action">
+                <div class="pf-c-form__horizontal-group">
+                    <div class="pf-c-form__actions">
+                        <button
+                            @click=${(ev: Event) => {
+                                return this.submit(ev);
+                            }}
+                            class="pf-c-button pf-m-primary"
+                        >
+                            ${t`Update`}
+                        </button>
+                        ${until(
+                            tenant().then((tenant) => {
+                                if (tenant.flowUnenrollment) {
+                                    return html`<a
+                                        class="pf-c-button pf-m-danger"
+                                        href="/if/flow/${tenant.flowUnenrollment}"
+                                    >
+                                        ${t`Delete account`}
+                                    </a>`;
+                                }
+                                return html``;
+                            }),
+                        )}
+                    </div>
+                </div>
+            </div>
+        </form>`;
+    }
+}
--- a/web/src/pages/user-settings/UserSettingsPage.ts
+++ b/web/src/pages/user-settings/UserSettingsPage.ts
@ -20,7 +20,7 @@ import { ifDefined } from "lit-html/directives/if-defined";
 import "../../elements/Tabs";
 import "../../elements/PageHeader";
 import "./tokens/UserTokenList";
-import "./UserDetailsPage";
+import "./UserSelfForm";
 import "./settings/UserSettingsAuthenticatorDuo";
 import "./settings/UserSettingsAuthenticatorStatic";
 import "./settings/UserSettingsAuthenticatorTOTP";
@ -95,8 +95,17 @@ export class UserSettingsPage extends LitElement {
                    description=${t`Configure settings relevant to your user profile.`}>
                </ak-page-header>
                <ak-tabs ?vertical="${true}" style="height: 100%;">
-                    <section slot="page-details" data-tab-title="${t`User details`}" class="pf-c-page__main-section pf-m-no-padding-mobile">
-                        <ak-user-details></ak-user-details>
+                    <section
+                        slot="page-details"
+                        data-tab-title="${t`User details`}"
+                        class="pf-c-page__main-section pf-m-no-padding-mobile"
+                    >
+                        <div class="pf-c-card">
+                            <div class="pf-c-card__title">${t`Update details`}</div>
+                            <div class="pf-c-card__body">
+                                <ak-user-self-form .instancePk=${1}></ak-user-self-form>
+                            </div>
+                        </div>
                    </section>
                    <section slot="page-tokens" data-tab-title="${t`Tokens`}" class="pf-c-page__main-section pf-m-no-padding-mobile">
                        <ak-user-token-list></ak-user-token-list>
--- a/web/src/pages/users/UserForm.ts
+++ b/web/src/pages/users/UserForm.ts
@ -58,9 +58,8 @@ export class UserForm extends ModelForm<User, number> {
            </ak-form-element-horizontal>
            <ak-form-element-horizontal
                label=${t`Email`}
-                ?required=${true}
                name="email">
-                <input type="email" autocomplete="off" value="${ifDefined(this.instance?.email)}" class="pf-c-form-control" required>
+                <input type="email" autocomplete="off" value="${ifDefined(this.instance?.email)}" class="pf-c-form-control">
            </ak-form-element-horizontal>
            <ak-form-element-horizontal
                name="isActive">
--- a/website/docs/installation/docker-compose.md
+++ b/website/docs/installation/docker-compose.md
@ -12,11 +12,11 @@ This installation method is for test-setups and small-scale productive setups.

 ## Preparation

-Download the latest `docker-compose.yml` from [here](https://raw.githubusercontent.com/goauthentik/authentik/version/2021.7.2/docker-compose.yml). Place it in a directory of your choice.
+Download the latest `docker-compose.yml` from [here](https://raw.githubusercontent.com/goauthentik/authentik/version/2021.7.3/docker-compose.yml). Place it in a directory of your choice.

 To optionally enable error-reporting, run `echo AUTHENTIK_ERROR_REPORTING__ENABLED=true >> .env`

-To optionally deploy a different version run `echo AUTHENTIK_TAG=2021.7.2 >> .env`
+To optionally deploy a different version run `echo AUTHENTIK_TAG=2021.7.3 >> .env`

 If this is a fresh authentik install run the following commands to generate a password:

--- a/website/docs/outposts/manual-deploy-docker-compose.md
+++ b/website/docs/outposts/manual-deploy-docker-compose.md
@ -11,7 +11,7 @@ version: "3.5"

 services:
  authentik_proxy:
-    image: ghcr.io/goauthentik/proxy:2021.7.2
+    image: ghcr.io/goauthentik/proxy:2021.7.3
    ports:
      - 4180:4180
      - 4443:4443
@ -21,7 +21,7 @@ services:
      AUTHENTIK_TOKEN: token-generated-by-authentik
  # Or, for the LDAP Outpost
  authentik_proxy:
-    image: ghcr.io/goauthentik/ldap:2021.7.2
+    image: ghcr.io/goauthentik/ldap:2021.7.3
    ports:
      - 389:3389
    environment:
--- a/website/docs/outposts/manual-deploy-kubernetes.md
+++ b/website/docs/outposts/manual-deploy-kubernetes.md
@ -14,7 +14,7 @@ metadata:
    app.kubernetes.io/instance: __OUTPOST_NAME__
    app.kubernetes.io/managed-by: goauthentik.io
    app.kubernetes.io/name: authentik-proxy
-    app.kubernetes.io/version: 2021.7.2
+    app.kubernetes.io/version: 2021.7.3
  name: authentik-outpost-api
 stringData:
  authentik_host: "__AUTHENTIK_URL__"
@ -29,7 +29,7 @@ metadata:
    app.kubernetes.io/instance: __OUTPOST_NAME__
    app.kubernetes.io/managed-by: goauthentik.io
    app.kubernetes.io/name: authentik-proxy
-    app.kubernetes.io/version: 2021.7.2
+    app.kubernetes.io/version: 2021.7.3
  name: authentik-outpost
 spec:
  ports:
@ -54,7 +54,7 @@ metadata:
    app.kubernetes.io/instance: __OUTPOST_NAME__
    app.kubernetes.io/managed-by: goauthentik.io
    app.kubernetes.io/name: authentik-proxy
-    app.kubernetes.io/version: 2021.7.2
+    app.kubernetes.io/version: 2021.7.3
  name: authentik-outpost
 spec:
  selector:
@ -62,14 +62,14 @@ spec:
      app.kubernetes.io/instance: __OUTPOST_NAME__
      app.kubernetes.io/managed-by: goauthentik.io
      app.kubernetes.io/name: authentik-proxy
-      app.kubernetes.io/version: 2021.7.2
+      app.kubernetes.io/version: 2021.7.3
  template:
    metadata:
      labels:
        app.kubernetes.io/instance: __OUTPOST_NAME__
        app.kubernetes.io/managed-by: goauthentik.io
        app.kubernetes.io/name: authentik-proxy
-        app.kubernetes.io/version: 2021.7.2
+        app.kubernetes.io/version: 2021.7.3
    spec:
      containers:
        - env:
@ -88,7 +88,7 @@ spec:
              secretKeyRef:
                key: authentik_host_insecure
                name: authentik-outpost-api
-        image: ghcr.io/goauthentik/proxy:2021.7.2
+        image: ghcr.io/goauthentik/proxy:2021.7.3
        name: proxy
        ports:
          - containerPort: 4180
@ -110,7 +110,7 @@ metadata:
    app.kubernetes.io/instance: __OUTPOST_NAME__
    app.kubernetes.io/managed-by: goauthentik.io
    app.kubernetes.io/name: authentik-proxy
-    app.kubernetes.io/version: 2021.7.2
+    app.kubernetes.io/version: 2021.7.3
  name: authentik-outpost
 spec:
  rules:
Author	SHA1	Message	Date
Jens Langhammer	18211a2033	release: 2021.7.3	2021-08-05 19:23:03 +02:00
Jens Langhammer	b4cfc56e5e	web/admin: fix source form's userMatchingMode being swapped Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> # Conflicts: # web/src/pages/sources/oauth/OAuthSourceForm.ts # web/src/pages/sources/plex/PlexSourceForm.ts	2021-08-05 18:48:02 +02:00
Jens Langhammer	8e797fa76b	outpost/ldap: fix errors with new UserSelf serializer Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-08-05 18:16:06 +02:00
Jens Langhammer	1b91543add	core: add UserSelfSerializer and separate method for users to update themselves with limited fields rework user settings page to better use form closes #1227 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> # Conflicts: # authentik/core/api/users.py # web/src/elements/forms/ModelForm.ts # web/src/pages/user-settings/UserDetailsPage.ts # web/src/pages/user-settings/UserSettingsPage.ts	2021-08-05 17:47:45 +02:00
Jens Langhammer	1cd59be8dc	web/admin: fix email being required Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> # Conflicts: # web/src/pages/user-settings/UserDetailsPage.ts # web/src/pages/users/UserForm.ts	2021-08-05 17:46:28 +02:00
Jens Langhammer	66bb68a747	lifecycle: decrease default worker count on compose Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-08-05 09:44:58 +02:00
Jens Langhammer	aa4f7fb2b6	providers/saml: fix error when PropertyMapping return value isn't string Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-08-04 00:22:07 +02:00
Jens Langhammer	4f1c11c5ef	providers/saml: add WantAssertionsSigned Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> # Conflicts: # authentik/providers/saml/processors/metadata_parser.py	2021-08-04 00:21:54 +02:00