release: 2022.1.4

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

.bumpversion.cfg

@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 2022.1.3
+current_version = 2022.1.4
 tag = True
 commit = True
 parse = (?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)\-?(?P<release>.*)

.github/workflows/release-publish.yml

@@ -30,14 +30,14 @@ jobs:
         with:
           push: ${{ github.event_name == 'release' }}
           tags: |
-            beryju/authentik:2022.1.3,
+            beryju/authentik:2022.1.4,
             beryju/authentik:latest,
-            ghcr.io/goauthentik/server:2022.1.3,
+            ghcr.io/goauthentik/server:2022.1.4,
             ghcr.io/goauthentik/server:latest
           platforms: linux/amd64,linux/arm64
           context: .
       - name: Building Docker Image (stable)
-        if: ${{ github.event_name == 'release' && !contains('2022.1.3', 'rc') }}
+        if: ${{ github.event_name == 'release' && !contains('2022.1.4', 'rc') }}
         run: |
           docker pull beryju/authentik:latest
           docker tag beryju/authentik:latest beryju/authentik:stable
@@ -78,14 +78,14 @@ jobs:
         with:
           push: ${{ github.event_name == 'release' }}
           tags: |
-            beryju/authentik-${{ matrix.type }}:2022.1.3,
+            beryju/authentik-${{ matrix.type }}:2022.1.4,
             beryju/authentik-${{ matrix.type }}:latest,
-            ghcr.io/goauthentik/${{ matrix.type }}:2022.1.3,
+            ghcr.io/goauthentik/${{ matrix.type }}:2022.1.4,
             ghcr.io/goauthentik/${{ matrix.type }}:latest
           file: ${{ matrix.type }}.Dockerfile
           platforms: linux/amd64,linux/arm64
       - name: Building Docker Image (stable)
-        if: ${{ github.event_name == 'release' && !contains('2022.1.3', 'rc') }}
+        if: ${{ github.event_name == 'release' && !contains('2022.1.4', 'rc') }}
         run: |
           docker pull beryju/authentik-${{ matrix.type }}:latest
           docker tag beryju/authentik-${{ matrix.type }}:latest beryju/authentik-${{ matrix.type }}:stable
@@ -170,7 +170,7 @@ jobs:
           SENTRY_PROJECT: authentik
           SENTRY_URL: https://sentry.beryju.org
         with:
-          version: authentik@2022.1.3
+          version: authentik@2022.1.4
           environment: beryjuorg-prod
           sourcemaps: './web/dist'
           url_prefix: '~/static/dist'

authentik/__init__.py

@@ -2,7 +2,7 @@
 from os import environ
 from typing import Optional
 
-__version__ = "2022.1.3"
+__version__ = "2022.1.4"
 ENV_GIT_HASH_KEY = "GIT_BUILD_HASH"
 
 

authentik/core/api/tokens.py

@@ -3,7 +3,7 @@ from typing import Any
 
 from django_filters.rest_framework import DjangoFilterBackend
 from drf_spectacular.utils import OpenApiResponse, extend_schema
-from guardian.shortcuts import get_anonymous_user
+from guardian.shortcuts import assign_perm, get_anonymous_user
 from rest_framework.decorators import action
 from rest_framework.exceptions import ValidationError
 from rest_framework.fields import CharField
@@ -95,10 +95,12 @@ class TokenViewSet(UsedByMixin, ModelViewSet):
 
     def perform_create(self, serializer: TokenSerializer):
         if not self.request.user.is_superuser:
-            return serializer.save(
+            instance = serializer.save(
                 user=self.request.user,
                 expiring=self.request.user.attributes.get(USER_ATTRIBUTE_TOKEN_EXPIRING, True),
             )
+            assign_perm("authentik_core.view_token_key", self.request.user, instance)
+            return instance
         return super().perform_create(serializer)
 
     @permission_required("authentik_core.view_token_key")

authentik/core/tests/test_token_api.py

@@ -30,6 +30,7 @@ class TestTokenAPI(APITestCase):
         self.assertEqual(token.user, self.user)
         self.assertEqual(token.intent, TokenIntents.INTENT_API)
         self.assertEqual(token.expiring, True)
+        self.assertTrue(self.user.has_perm("authentik_core.view_token_key", token))
 
     def test_token_create_invalid(self):
         """Test token creation endpoint (invalid data)"""

authentik/lib/expression/evaluator.py

@@ -32,6 +32,7 @@ class BaseEvaluator:
         self._globals = {
             "regex_match": BaseEvaluator.expr_regex_match,
             "regex_replace": BaseEvaluator.expr_regex_replace,
+            "list_flatten": BaseEvaluator.expr_flatten,
             "ak_is_group_member": BaseEvaluator.expr_is_group_member,
             "ak_user_by": BaseEvaluator.expr_user_by,
             "ak_logger": get_logger(),
@@ -40,6 +41,15 @@ class BaseEvaluator:
         self._context = {}
         self._filename = "BaseEvalautor"
 
+    @staticmethod
+    def expr_flatten(value: list[Any] | Any) -> Optional[Any]:
+        """Flatten `value` if its a list"""
+        if isinstance(value, list):
+            if len(value) < 1:
+                return None
+            return value[0]
+        return value
+
     @staticmethod
     def expr_regex_match(value: Any, regex: str) -> bool:
         """Expression Filter to run re.search"""

authentik/providers/proxy/controllers/docker.py

@@ -23,7 +23,7 @@ class ProxyDockerController(DockerController):
             proxy_provider: ProxyProvider
             external_host_name = urlparse(proxy_provider.external_host)
             hosts.append(f"`{external_host_name.netloc}`")
-        traefik_name = f"ak-outpost-{self.outpost.pk.hex}"
+        traefik_name = self.name
         labels = super()._get_labels()
         labels["traefik.enable"] = "true"
         labels[

authentik/root/settings.py

@@ -1,14 +1,4 @@
-"""
-Django settings for authentik project.
-
-Generated by 'django-admin startproject' using Django 2.1.3.
-
-For more information on this file, see
-https://docs.djangoproject.com/en/2.1/topics/settings/
-
-For the full list of settings and their values, see
-https://docs.djangoproject.com/en/2.1/ref/settings/
-"""
+"""root settings for authentik"""
 
 import importlib
 import logging
@@ -24,18 +14,16 @@ import structlog
 from celery.schedules import crontab
 from sentry_sdk import init as sentry_init
 from sentry_sdk.api import set_tag
-from sentry_sdk.integrations.boto3 import Boto3Integration
 from sentry_sdk.integrations.celery import CeleryIntegration
 from sentry_sdk.integrations.django import DjangoIntegration
 from sentry_sdk.integrations.redis import RedisIntegration
 from sentry_sdk.integrations.threading import ThreadingIntegration
 
-from authentik import ENV_GIT_HASH_KEY, __version__, get_build_hash, get_full_version
+from authentik import ENV_GIT_HASH_KEY, __version__, get_build_hash
 from authentik.core.middleware import structlog_add_request_id
 from authentik.lib.config import CONFIG
 from authentik.lib.logging import add_process_id
 from authentik.lib.sentry import before_send
-from authentik.lib.utils.http import get_http_session
 from authentik.lib.utils.reflection import get_env
 from authentik.stages.password import BACKEND_APP_PASSWORD, BACKEND_INBUILT, BACKEND_LDAP
 
@@ -408,7 +396,6 @@ if _ERROR_REPORTING:
             DjangoIntegration(transaction_style="function_name"),
             CeleryIntegration(),
             RedisIntegration(),
-            Boto3Integration(),
             ThreadingIntegration(propagate_hub=True),
         ],
         before_send=before_send,
@@ -425,29 +412,6 @@ if _ERROR_REPORTING:
         "Error reporting is enabled",
         env=CONFIG.y("error_reporting.environment", "customer"),
     )
-if not CONFIG.y_bool("disable_startup_analytics", False):
-    should_send = env not in ["dev", "ci"]
-    if should_send:
-        try:
-            get_http_session().post(
-                "https://goauthentik.io/api/event",
-                json={
-                    "domain": "authentik",
-                    "name": "pageview",
-                    "referrer": get_full_version(),
-                    "url": (
-                        f"http://localhost/{env}?utm_source={get_full_version()}&utm_medium={env}"
-                    ),
-                },
-                headers={
-                    "User-Agent": sha512(str(SECRET_KEY).encode("ascii")).hexdigest()[:16],
-                    "Content-Type": "application/json",
-                },
-                timeout=5,
-            )
-        # pylint: disable=bare-except
-        except:  # nosec
-            pass
 
 # Static files (CSS, JavaScript, Images)
 # https://docs.djangoproject.com/en/2.1/howto/static-files/

authentik/sources/ldap/managed.py

@@ -35,21 +35,21 @@ class LDAPProviderManager(ObjectManager):
                 "goauthentik.io/sources/ldap/ms-userprincipalname",
                 name="authentik default Active Directory Mapping: userPrincipalName",
                 object_field="attributes.upn",
-                expression="return ldap.get('userPrincipalName')",
+                expression="return list_flatten(ldap.get('userPrincipalName'))",
             ),
             EnsureExists(
                 LDAPPropertyMapping,
                 "goauthentik.io/sources/ldap/ms-givenName",
                 name="authentik default Active Directory Mapping: givenName",
                 object_field="attributes.givenName",
-                expression="return ldap.get('givenName')",
+                expression="return list_flatten(ldap.get('givenName'))",
             ),
             EnsureExists(
                 LDAPPropertyMapping,
                 "goauthentik.io/sources/ldap/ms-sn",
                 name="authentik default Active Directory Mapping: sn",
                 object_field="attributes.sn",
-                expression="return ldap.get('sn')",
+                expression="return list_flatten(ldap.get('sn'))",
             ),
             # OpenLDAP specific mappings
             EnsureExists(

docker-compose.yml

@@ -17,7 +17,7 @@ services:
     image: redis:alpine
     restart: unless-stopped
   server:
-    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.1.3}
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.1.4}
     restart: unless-stopped
     command: server
     environment:
@@ -38,7 +38,7 @@ services:
       - "0.0.0.0:${AUTHENTIK_PORT_HTTP:-9000}:9000"
       - "0.0.0.0:${AUTHENTIK_PORT_HTTPS:-9443}:9443"
   worker:
-    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.1.3}
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.1.4}
     restart: unless-stopped
     command: worker
     environment:

go.mod

@@ -9,7 +9,7 @@ require (
 	github.com/garyburd/redigo v1.6.2 // indirect
 	github.com/getsentry/sentry-go v0.12.0
 	github.com/go-ldap/ldap/v3 v3.4.1
-	github.com/go-openapi/runtime v0.21.1
+	github.com/go-openapi/runtime v0.22.0
 	github.com/go-openapi/strfmt v0.21.1
 	github.com/golang-jwt/jwt v3.2.2+incompatible
 	github.com/google/uuid v1.3.0
@@ -25,10 +25,10 @@ require (
 	github.com/pires/go-proxyproto v0.6.1
 	github.com/pkg/errors v0.9.1
 	github.com/pquerna/cachecontrol v0.0.0-20201205024021-ac21108117ac // indirect
-	github.com/prometheus/client_golang v1.12.0
-	github.com/quasoft/memstore v0.0.0-20191010062613-2bce066d2b0b // indirect
+	github.com/prometheus/client_golang v1.12.1
+	github.com/quasoft/memstore v0.0.0-20191010062613-2bce066d2b0b
 	github.com/sirupsen/logrus v1.8.1
-	github.com/stretchr/testify v1.7.0 // indirect
+	github.com/stretchr/testify v1.7.0
 	goauthentik.io/api v0.2021125.1
 	golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c
 	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c

go.sum

@@ -183,8 +183,8 @@ github.com/go-openapi/runtime v0.19.4/go.mod h1:X277bwSUBxVlCYR3r7xgZZGKVvBd/29g
 github.com/go-openapi/runtime v0.19.15/go.mod h1:dhGWCTKRXlAfGnQG0ONViOZpjfg0m2gUt9nTQPQZuoo=
 github.com/go-openapi/runtime v0.19.16/go.mod h1:5P9104EJgYcizotuXhEuUrzVc+j1RiSjahULvYmlv98=
 github.com/go-openapi/runtime v0.19.24/go.mod h1:Lm9YGCeecBnUUkFTxPC4s1+lwrkJ0pthx8YvyjCfkgk=
-github.com/go-openapi/runtime v0.21.1 h1:/KIG00BzA2x2HRStX2tnhbqbQdPcFlkgsYCiNY20FZs=
-github.com/go-openapi/runtime v0.21.1/go.mod h1:aQg+kaIQEn+A2CRSY1TxbM8+sT9g2V3aLc1FbIAnbbs=
+github.com/go-openapi/runtime v0.22.0 h1:vY2D0u807kkcwidaj0YJuq4zyAWQnjLNDpJcVBrUFNs=
+github.com/go-openapi/runtime v0.22.0/go.mod h1:aQg+kaIQEn+A2CRSY1TxbM8+sT9g2V3aLc1FbIAnbbs=
 github.com/go-openapi/spec v0.17.0/go.mod h1:XkF/MOi14NmjsfZ8VtAKf8pIlbZzyoTvZsdfssdxcBI=
 github.com/go-openapi/spec v0.18.0/go.mod h1:XkF/MOi14NmjsfZ8VtAKf8pIlbZzyoTvZsdfssdxcBI=
 github.com/go-openapi/spec v0.19.2/go.mod h1:sCxk3jxKgioEJikev4fgkNmwS+3kuYdJtcsZsD5zxMY=
@@ -471,8 +471,8 @@ github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXP
 github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
 github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
 github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
-github.com/prometheus/client_golang v1.12.0 h1:C+UIj/QWtmqY13Arb8kwMt5j34/0Z2iKamrJ+ryC0Gg=
-github.com/prometheus/client_golang v1.12.0/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY=
+github.com/prometheus/client_golang v1.12.1 h1:ZiaPsmm9uiBeaSMRznKsCDNtPCS0T3JVDGF+06gjBzk=
+github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY=
 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
@@ -517,7 +517,6 @@ github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnIn
 github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.2.0 h1:Hbg2NidpLE8veEBkEZTL3CvlkUIVzuU9jDplZO54c48=
 github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=

internal/constants/constants.go

@@ -25,4 +25,4 @@ func OutpostUserAgent() string {
 	return fmt.Sprintf("authentik-outpost@%s", FullVersion())
 }
 
-const VERSION = "2022.1.3"
+const VERSION = "2022.1.4"

internal/outpost/proxyv2/application/application.go

@@ -46,6 +46,7 @@ type Application struct {
 
 	log *log.Entry
 	mux *mux.Router
+	ak  *ak.APIController
 
 	errorTemplates *template.Template
 }
@@ -93,6 +94,7 @@ func NewApplication(p api.ProxyOutpostConfig, c *http.Client, cs *ak.CryptoStore
 		httpClient:     c,
 		mux:            mux,
 		errorTemplates: templates.GetTemplates(),
+		ak:             ak,
 	}
 	a.sessions = a.getStore(p)
 	mux.Use(web.NewLoggingHandler(muxLogger, func(l *log.Entry, r *http.Request) *log.Entry {

internal/outpost/proxyv2/application/claims.go

@@ -1,7 +1,8 @@
 package application
 
 type ProxyClaims struct {
-	UserAttributes map[string]interface{} `json:"user_attributes"`
+	UserAttributes  map[string]interface{} `json:"user_attributes"`
+	BackendOverride string                 `json:"backend_override"`
 }
 
 type Claims struct {

internal/outpost/proxyv2/application/mode_common.go

@@ -1,6 +1,7 @@
 package application
 
 import (
+	"context"
 	"encoding/base64"
 	"errors"
 	"fmt"
@@ -59,7 +60,7 @@ func (a *Application) addHeaders(headers http.Header, c *Claims) {
 }
 
 // getTraefikForwardUrl See https://doc.traefik.io/traefik/middlewares/forwardauth/
-func (a *Application) getTraefikForwardUrl(r *http.Request) *url.URL {
+func (a *Application) getTraefikForwardUrl(r *http.Request) (*url.URL, error) {
 	u, err := url.Parse(fmt.Sprintf(
 		"%s://%s%s",
 		r.Header.Get("X-Forwarded-Proto"),
@@ -67,27 +68,51 @@ func (a *Application) getTraefikForwardUrl(r *http.Request) *url.URL {
 		r.Header.Get("X-Forwarded-Uri"),
 	))
 	if err != nil {
-		a.log.WithError(err).Warning("Failed to parse URL from traefik")
-		return r.URL
+		return nil, err
 	}
 	a.log.WithField("url", u.String()).Trace("traefik forwarded url")
-	return u
+	return u, nil
 }
 
 // getNginxForwardUrl See https://github.com/kubernetes/ingress-nginx/blob/main/rootfs/etc/nginx/template/nginx.tmpl
-func (a *Application) getNginxForwardUrl(r *http.Request) *url.URL {
+func (a *Application) getNginxForwardUrl(r *http.Request) (*url.URL, error) {
+	ou := r.Header.Get("X-Original-URI")
+	if ou != "" {
+		// Turn this full URL into a relative URL
+		u := &url.URL{
+			Host:   "",
+			Scheme: "",
+			Path:   ou,
+		}
+		a.log.WithField("url", u.String()).Info("building forward URL from X-Original-URI")
+		return u, nil
+	}
 	h := r.Header.Get("X-Original-URL")
 	if len(h) < 1 {
-		a.log.WithError(errors.New("blank URL")).Warning("blank URL")
-		return r.URL
+		return nil, errors.New("no forward URL found")
 	}
 	u, err := url.Parse(h)
 	if err != nil {
 		a.log.WithError(err).Warning("failed to parse URL from nginx")
-		return r.URL
+		return nil, err
 	}
 	a.log.WithField("url", u.String()).Trace("nginx forwarded url")
-	return u
+	return u, nil
+}
+
+func (a *Application) ReportMisconfiguration(r *http.Request, msg string, fields map[string]interface{}) {
+	fields["message"] = msg
+	a.log.WithFields(fields).Error("Reporting configuration error")
+	req := api.EventRequest{
+		Action:   api.EVENTACTIONS_CONFIGURATION_ERROR,
+		App:      "authentik.providers.proxy", // must match python apps.py name
+		ClientIp: *api.NewNullableString(api.PtrString(r.RemoteAddr)),
+		Context:  &fields,
+	}
+	_, _, err := a.ak.Client.EventsApi.EventsEventsCreate(context.Background()).EventRequest(req).Execute()
+	if err != nil {
+		a.log.WithError(err).Warning("failed to report configuration error")
+	}
 }
 
 func (a *Application) IsAllowlisted(u *url.URL) bool {

internal/outpost/proxyv2/application/mode_forward.go

@@ -26,7 +26,19 @@ func (a *Application) configureForward() error {
 
 func (a *Application) forwardHandleTraefik(rw http.ResponseWriter, r *http.Request) {
 	a.log.WithField("header", r.Header).Trace("tracing headers for debug")
-	fwd := a.getTraefikForwardUrl(r)
+	// First check if we've got everything we need
+	fwd, err := a.getTraefikForwardUrl(r)
+	if err != nil {
+		a.ReportMisconfiguration(r, fmt.Sprintf("Outpost %s (Provider %s) failed to detect a forward URL from Traefik", a.outpostName, a.proxyConfig.Name), map[string]interface{}{
+			"provider": a.proxyConfig.Name,
+			"outpost":  a.outpostName,
+			"url":      r.URL.String(),
+			"headers":  cleanseHeaders(r.Header),
+		})
+		http.Error(rw, "configuration error", http.StatusInternalServerError)
+		return
+	}
+
 	claims, err := a.getClaims(r)
 	if claims != nil && err == nil {
 		a.addHeaders(rw.Header(), claims)
@@ -75,7 +87,18 @@ func (a *Application) forwardHandleTraefik(rw http.ResponseWriter, r *http.Reque
 
 func (a *Application) forwardHandleNginx(rw http.ResponseWriter, r *http.Request) {
 	a.log.WithField("header", r.Header).Trace("tracing headers for debug")
-	fwd := a.getNginxForwardUrl(r)
+	fwd, err := a.getNginxForwardUrl(r)
+	if err != nil {
+		a.ReportMisconfiguration(r, fmt.Sprintf("Outpost %s (Provider %s) failed to detect a forward URL from nginx", a.outpostName, a.proxyConfig.Name), map[string]interface{}{
+			"provider": a.proxyConfig.Name,
+			"outpost":  a.outpostName,
+			"url":      r.URL.String(),
+			"headers":  cleanseHeaders(r.Header),
+		})
+		http.Error(rw, "configuration error", http.StatusInternalServerError)
+		return
+	}
+
 	claims, err := a.getClaims(r)
 	if claims != nil && err == nil {
 		a.addHeaders(rw.Header(), claims)

internal/outpost/proxyv2/application/mode_forward_nginx_test.go

@@ -17,7 +17,7 @@ func TestForwardHandleNginx_Single_Blank(t *testing.T) {
 	rr := httptest.NewRecorder()
 	a.forwardHandleNginx(rr, req)
 
-	assert.Equal(t, http.StatusUnauthorized, rr.Code)
+	assert.Equal(t, http.StatusInternalServerError, rr.Code)
 }
 
 func TestForwardHandleNginx_Single_Skip(t *testing.T) {
@@ -45,9 +45,24 @@ func TestForwardHandleNginx_Single_Headers(t *testing.T) {
 	assert.Equal(t, "http://test.goauthentik.io/app", s.Values[constants.SessionRedirect])
 }
 
+func TestForwardHandleNginx_Single_URI(t *testing.T) {
+	a := newTestApplication()
+	req, _ := http.NewRequest("GET", "https://foo.bar/akprox/auth/nginx", nil)
+	req.Header.Set("X-Original-URI", "/app")
+
+	rr := httptest.NewRecorder()
+	a.forwardHandleNginx(rr, req)
+
+	assert.Equal(t, rr.Code, http.StatusUnauthorized)
+
+	s, _ := a.sessions.Get(req, constants.SeesionName)
+	assert.Equal(t, "/app", s.Values[constants.SessionRedirect])
+}
+
 func TestForwardHandleNginx_Single_Claims(t *testing.T) {
 	a := newTestApplication()
 	req, _ := http.NewRequest("GET", "/akprox/auth/nginx", nil)
+	req.Header.Set("X-Original-URI", "/")
 
 	rr := httptest.NewRecorder()
 	a.forwardHandleNginx(rr, req)
@@ -98,10 +113,7 @@ func TestForwardHandleNginx_Domain_Blank(t *testing.T) {
 	rr := httptest.NewRecorder()
 	a.forwardHandleNginx(rr, req)
 
-	assert.Equal(t, http.StatusUnauthorized, rr.Code)
-
-	s, _ := a.sessions.Get(req, constants.SeesionName)
-	assert.Equal(t, "/akprox/auth/nginx", s.Values[constants.SessionRedirect])
+	assert.Equal(t, http.StatusInternalServerError, rr.Code)
 }
 
 func TestForwardHandleNginx_Domain_Header(t *testing.T) {

internal/outpost/proxyv2/application/mode_forward_traefik_test.go

@@ -17,13 +17,7 @@ func TestForwardHandleTraefik_Single_Blank(t *testing.T) {
 	rr := httptest.NewRecorder()
 	a.forwardHandleTraefik(rr, req)
 
-	assert.Equal(t, http.StatusTemporaryRedirect, rr.Code)
-	loc, _ := rr.Result().Location()
-	assert.Equal(t, "/akprox/start", loc.String())
-
-	s, _ := a.sessions.Get(req, constants.SeesionName)
-	// Since we're not setting the traefik specific headers, expect it to redirect to the auth URL
-	assert.Equal(t, "/akprox/auth/traefik", s.Values[constants.SessionRedirect])
+	assert.Equal(t, http.StatusInternalServerError, rr.Code)
 }
 
 func TestForwardHandleTraefik_Single_Skip(t *testing.T) {
@@ -60,6 +54,9 @@ func TestForwardHandleTraefik_Single_Headers(t *testing.T) {
 func TestForwardHandleTraefik_Single_Claims(t *testing.T) {
 	a := newTestApplication()
 	req, _ := http.NewRequest("GET", "/akprox/auth/traefik", nil)
+	req.Header.Set("X-Forwarded-Proto", "http")
+	req.Header.Set("X-Forwarded-Host", "test.goauthentik.io")
+	req.Header.Set("X-Forwarded-Uri", "/app")
 
 	rr := httptest.NewRecorder()
 	a.forwardHandleTraefik(rr, req)
@@ -110,13 +107,7 @@ func TestForwardHandleTraefik_Domain_Blank(t *testing.T) {
 	rr := httptest.NewRecorder()
 	a.forwardHandleTraefik(rr, req)
 
-	assert.Equal(t, http.StatusTemporaryRedirect, rr.Code)
-	loc, _ := rr.Result().Location()
-	assert.Equal(t, "/akprox/start", loc.String())
-
-	s, _ := a.sessions.Get(req, constants.SeesionName)
-	// Since we're not setting the traefik specific headers, expect it to redirect to the auth URL
-	assert.Equal(t, "/akprox/auth/traefik", s.Values[constants.SessionRedirect])
+	assert.Equal(t, http.StatusInternalServerError, rr.Code)
 }
 
 func TestForwardHandleTraefik_Domain_Header(t *testing.T) {

internal/outpost/proxyv2/application/mode_proxy.go

@@ -60,7 +60,7 @@ func (a *Application) configureProxy() error {
 		}
 		metrics.UpstreamTiming.With(prometheus.Labels{
 			"outpost_name":  a.outpostName,
-			"upstream_host": u.String(),
+			"upstream_host": r.URL.Host,
 			"scheme":        r.URL.Scheme,
 			"method":        r.Method,
 			"path":          r.URL.Path,
@@ -71,10 +71,20 @@ func (a *Application) configureProxy() error {
 	return nil
 }
 
-func (a *Application) proxyModifyRequest(u *url.URL) func(req *http.Request) {
-	return func(req *http.Request) {
-		req.URL.Scheme = u.Scheme
-		req.URL.Host = u.Host
+func (a *Application) proxyModifyRequest(ou *url.URL) func(req *http.Request) {
+	return func(r *http.Request) {
+		claims, _ := a.getClaims(r)
+		if claims.Proxy.BackendOverride != "" {
+			u, err := url.Parse(claims.Proxy.BackendOverride)
+			if err != nil {
+				a.log.WithField("backend_override", claims.Proxy.BackendOverride).WithError(err).Warning("failed parse user backend override")
+			}
+			r.URL.Scheme = u.Scheme
+			r.URL.Host = u.Host
+		} else {
+			r.URL.Scheme = ou.Scheme
+			r.URL.Host = ou.Host
+		}
 	}
 }
 

internal/outpost/proxyv2/application/utils.go

@@ -87,3 +87,13 @@ func contains(s []string, e string) bool {
 	}
 	return false
 }
+
+func cleanseHeaders(headers http.Header) map[string]string {
+	h := make(map[string]string)
+	for hk, hv := range headers {
+		if len(hv) > 0 {
+			h[hk] = hv[0]
+		}
+	}
+	return h
+}

internal/outpost/proxyv2/handlers.go

@@ -8,6 +8,7 @@ import (
 	"time"
 
 	"github.com/prometheus/client_golang/prometheus"
+	"goauthentik.io/api"
 	"goauthentik.io/internal/outpost/proxyv2/application"
 	"goauthentik.io/internal/outpost/proxyv2/metrics"
 	"goauthentik.io/internal/utils/web"
@@ -58,6 +59,9 @@ func (ps *ProxyServer) lookupApp(r *http.Request) (*application.Application, str
 	var longestMatch *application.Application
 	longestMatchLength := 0
 	for _, app := range ps.apps {
+		if app.Mode() != api.PROXYMODE_FORWARD_DOMAIN {
+			continue
+		}
 		// Check if the cookie domain has a leading period for a wildcard
 		// This will decrease the weight of a wildcard domain, but a request to example.com
 		// with the cookie domain set to example.com will still be routed correctly.
@@ -70,6 +74,11 @@ func (ps *ProxyServer) lookupApp(r *http.Request) (*application.Application, str
 		}
 		longestMatch = app
 		longestMatchLength = len(cd)
+		// Also for forward_auth_domain, we need to respond on the external domain
+		if app.ProxyConfig().ExternalHost == host {
+			ps.log.WithField("host", host).WithField("app", app.ProxyConfig().Name).Debug("Found app based on external_host")
+			return app, host
+		}
 	}
 	// Check if our longes match is 0, in which case we didn't match, so we
 	// manually return no app

internal/utils/web/middleware.go

@@ -99,14 +99,14 @@ func (h loggingHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
 	h.handler.ServeHTTP(responseLogger, req)
 	duration := float64(time.Since(t)) / float64(time.Millisecond)
 	h.afterHandler(h.logger.WithFields(log.Fields{
-		"remote":            req.RemoteAddr,
-		"host":              GetHost(req),
-		"request_protocol":  req.Proto,
-		"runtime":           fmt.Sprintf("%0.3f", duration),
-		"method":            req.Method,
-		"size":              responseLogger.Size(),
-		"status":            responseLogger.Status(),
-		"upstream":          responseLogger.upstream,
-		"request_useragent": req.UserAgent(),
+		"remote":     req.RemoteAddr,
+		"host":       GetHost(req),
+		"runtime":    fmt.Sprintf("%0.3f", duration),
+		"method":     req.Method,
+		"scheme":     req.URL.Scheme,
+		"size":       responseLogger.Size(),
+		"status":     responseLogger.Status(),
+		"upstream":   responseLogger.upstream,
+		"user_agent": req.UserAgent(),
 	}), req).Info(url.RequestURI())
 }

lifecycle/gunicorn.conf.py

@@ -1,13 +1,18 @@
 """Gunicorn config"""
 import os
 import pwd
+from hashlib import sha512
 from multiprocessing import cpu_count
 
 import structlog
 from kubernetes.config.incluster_config import SERVICE_HOST_ENV_NAME
 
+from authentik import get_full_version
+from authentik.lib.config import CONFIG
+from authentik.lib.utils.http import get_http_session
+from authentik.lib.utils.reflection import get_env
+
 bind = "127.0.0.1:8000"
-reload = True
 
 try:
     pwd.getpwnam("authentik")
@@ -70,3 +75,31 @@ def worker_exit(server, worker):
     from prometheus_client import multiprocess
 
     multiprocess.mark_process_dead(worker.pid)
+
+
+if not CONFIG.y_bool("disable_startup_analytics", False):
+    env = get_env()
+    should_send = env not in ["dev", "ci"]
+    if should_send:
+        try:
+            get_http_session().post(
+                "https://goauthentik.io/api/event",
+                json={
+                    "domain": "authentik",
+                    "name": "pageview",
+                    "referrer": get_full_version(),
+                    "url": (
+                        f"http://localhost/{env}?utm_source={get_full_version()}&utm_medium={env}"
+                    ),
+                },
+                headers={
+                    "User-Agent": sha512(str(CONFIG.y("secret_key")).encode("ascii")).hexdigest()[
+                        :16
+                    ],
+                    "Content-Type": "application/json",
+                },
+                timeout=5,
+            )
+        # pylint: disable=bare-except
+        except:  # nosec
+            pass

poetry.lock

@@ -206,40 +206,35 @@ python-versions = "*"
 
 [[package]]
 name = "black"
-version = "21.12b0"
+version = "22.1.0"
 description = "The uncompromising code formatter."
 category = "dev"
 optional = false
 python-versions = ">=3.6.2"
 
 [package.dependencies]
-click = ">=7.1.2"
+click = ">=8.0.0"
 mypy-extensions = ">=0.4.3"
-pathspec = ">=0.9.0,<1"
+pathspec = ">=0.9.0"
 platformdirs = ">=2"
-tomli = ">=0.2.6,<2.0.0"
-typing-extensions = [
-    {version = ">=3.10.0.0", markers = "python_version < \"3.10\""},
-    {version = "!=3.10.0.1", markers = "python_version >= \"3.10\""},
-]
+tomli = ">=1.1.0"
 
 [package.extras]
 colorama = ["colorama (>=0.4.3)"]
 d = ["aiohttp (>=3.7.4)"]
 jupyter = ["ipython (>=7.8.0)", "tokenize-rt (>=3.2.0)"]
-python2 = ["typed-ast (>=1.4.3)"]
 uvloop = ["uvloop (>=0.15.2)"]
 
 [[package]]
 name = "boto3"
-version = "1.20.43"
+version = "1.20.46"
 description = "The AWS SDK for Python"
 category = "main"
 optional = false
 python-versions = ">= 3.6"
 
 [package.dependencies]
-botocore = ">=1.23.43,<1.24.0"
+botocore = ">=1.23.46,<1.24.0"
 jmespath = ">=0.7.1,<1.0.0"
 s3transfer = ">=0.5.0,<0.6.0"
 
@@ -248,7 +243,7 @@ crt = ["botocore[crt] (>=1.21.0,<2.0a0)"]
 
 [[package]]
 name = "botocore"
-version = "1.23.43"
+version = "1.23.46"
 description = "Low-level, data-driven core of boto 3."
 category = "main"
 optional = false
@@ -585,7 +580,7 @@ dev = ["tox", "bump2version (<1)", "sphinx (<2)", "importlib-metadata (<3)", "im
 
 [[package]]
 name = "django"
-version = "4.0.1"
+version = "4.0.2"
 description = "A high-level Python web framework that encourages rapid development and clean, pragmatic design."
 category = "main"
 optional = false
@@ -1302,7 +1297,7 @@ python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*"
 
 [[package]]
 name = "pycryptodome"
-version = "3.13.0"
+version = "3.14.0"
 description = "Cryptographic library for Python"
 category = "main"
 optional = false
@@ -1560,7 +1555,7 @@ test = ["fixtures", "mock", "purl", "pytest", "sphinx", "testrepository (>=0.0.1
 
 [[package]]
 name = "requests-oauthlib"
-version = "1.3.0"
+version = "1.3.1"
 description = "OAuthlib authentication support for Requests."
 category = "main"
 optional = false
@@ -1903,7 +1898,7 @@ socks = ["PySocks (>=1.5.6,!=1.5.7,<2.0)"]
 
 [[package]]
 name = "uvicorn"
-version = "0.17.0.post1"
+version = "0.17.1"
 description = "The lightning-fast ASGI server."
 category = "main"
 optional = false
@@ -2213,16 +2208,37 @@ billiard = [
     {file = "billiard-3.6.4.0.tar.gz", hash = "sha256:299de5a8da28a783d51b197d496bef4f1595dd023a93a4f59dde1886ae905547"},
 ]
 black = [
-    {file = "black-21.12b0-py3-none-any.whl", hash = "sha256:a615e69ae185e08fdd73e4715e260e2479c861b5740057fde6e8b4e3b7dd589f"},
-    {file = "black-21.12b0.tar.gz", hash = "sha256:77b80f693a569e2e527958459634f18df9b0ba2625ba4e0c2d5da5be42e6f2b3"},
+    {file = "black-22.1.0-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:1297c63b9e1b96a3d0da2d85d11cd9bf8664251fd69ddac068b98dc4f34f73b6"},
+    {file = "black-22.1.0-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:2ff96450d3ad9ea499fc4c60e425a1439c2120cbbc1ab959ff20f7c76ec7e866"},
+    {file = "black-22.1.0-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:0e21e1f1efa65a50e3960edd068b6ae6d64ad6235bd8bfea116a03b21836af71"},
+    {file = "black-22.1.0-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:e2f69158a7d120fd641d1fa9a921d898e20d52e44a74a6fbbcc570a62a6bc8ab"},
+    {file = "black-22.1.0-cp310-cp310-win_amd64.whl", hash = "sha256:228b5ae2c8e3d6227e4bde5920d2fc66cc3400fde7bcc74f480cb07ef0b570d5"},
+    {file = "black-22.1.0-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:b1a5ed73ab4c482208d20434f700d514f66ffe2840f63a6252ecc43a9bc77e8a"},
+    {file = "black-22.1.0-cp36-cp36m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:35944b7100af4a985abfcaa860b06af15590deb1f392f06c8683b4381e8eeaf0"},
+    {file = "black-22.1.0-cp36-cp36m-win_amd64.whl", hash = "sha256:7835fee5238fc0a0baf6c9268fb816b5f5cd9b8793423a75e8cd663c48d073ba"},
+    {file = "black-22.1.0-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:dae63f2dbf82882fa3b2a3c49c32bffe144970a573cd68d247af6560fc493ae1"},
+    {file = "black-22.1.0-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:5fa1db02410b1924b6749c245ab38d30621564e658297484952f3d8a39fce7e8"},
+    {file = "black-22.1.0-cp37-cp37m-win_amd64.whl", hash = "sha256:c8226f50b8c34a14608b848dc23a46e5d08397d009446353dad45e04af0c8e28"},
+    {file = "black-22.1.0-cp38-cp38-macosx_10_9_universal2.whl", hash = "sha256:2d6f331c02f0f40aa51a22e479c8209d37fcd520c77721c034517d44eecf5912"},
+    {file = "black-22.1.0-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:742ce9af3086e5bd07e58c8feb09dbb2b047b7f566eb5f5bc63fd455814979f3"},
+    {file = "black-22.1.0-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:fdb8754b453fb15fad3f72cd9cad3e16776f0964d67cf30ebcbf10327a3777a3"},
+    {file = "black-22.1.0-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:f5660feab44c2e3cb24b2419b998846cbb01c23c7fe645fee45087efa3da2d61"},
+    {file = "black-22.1.0-cp38-cp38-win_amd64.whl", hash = "sha256:6f2f01381f91c1efb1451998bd65a129b3ed6f64f79663a55fe0e9b74a5f81fd"},
+    {file = "black-22.1.0-cp39-cp39-macosx_10_9_universal2.whl", hash = "sha256:efbadd9b52c060a8fc3b9658744091cb33c31f830b3f074422ed27bad2b18e8f"},
+    {file = "black-22.1.0-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:8871fcb4b447206904932b54b567923e5be802b9b19b744fdff092bd2f3118d0"},
+    {file = "black-22.1.0-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:ccad888050f5393f0d6029deea2a33e5ae371fd182a697313bdbd835d3edaf9c"},
+    {file = "black-22.1.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:07e5c049442d7ca1a2fc273c79d1aecbbf1bc858f62e8184abe1ad175c4f7cc2"},
+    {file = "black-22.1.0-cp39-cp39-win_amd64.whl", hash = "sha256:373922fc66676133ddc3e754e4509196a8c392fec3f5ca4486673e685a421321"},
+    {file = "black-22.1.0-py3-none-any.whl", hash = "sha256:3524739d76b6b3ed1132422bf9d82123cd1705086723bc3e235ca39fd21c667d"},
+    {file = "black-22.1.0.tar.gz", hash = "sha256:a7c0192d35635f6fc1174be575cb7915e92e5dd629ee79fdaf0dcfa41a80afb5"},
 ]
 boto3 = [
-    {file = "boto3-1.20.43-py3-none-any.whl", hash = "sha256:50611d4707e967f1300e897c196db98cfc1b0ab95eca5d46d3b56a1c8e2a27b5"},
-    {file = "boto3-1.20.43.tar.gz", hash = "sha256:219cba1d078b3c0f3bd1678ee355e07c4a07ea75ee75adee6c306d89d60c555c"},
+    {file = "boto3-1.20.46-py3-none-any.whl", hash = "sha256:a2ffce001160d7e7c72a90c3084700d50eb64ea4a3aae8afe21566971d1fd611"},
+    {file = "boto3-1.20.46.tar.gz", hash = "sha256:d7effba509d7298ef49316ba2da7a2ea115f2a7ff691f875f6354666663cf386"},
 ]
 botocore = [
-    {file = "botocore-1.23.43-py3-none-any.whl", hash = "sha256:22c88a653a026439f2e9b0ade154fafe0eaaaea3fee6e080102d90ec4271284e"},
-    {file = "botocore-1.23.43.tar.gz", hash = "sha256:f8c60dff90a7aea7f84908f0e4e778890d4f08c883d2da111c15c10d7c199102"},
+    {file = "botocore-1.23.46-py3-none-any.whl", hash = "sha256:354bce55e5adc8e2fe106acfd455ce448f9b920d7b697d06faa8cf200fd6566b"},
+    {file = "botocore-1.23.46.tar.gz", hash = "sha256:38dd4564839f531725b667db360ba7df2125ceb3752b0ba12759c3e918015b95"},
 ]
 bump2version = [
     {file = "bump2version-1.0.1-py2.py3-none-any.whl", hash = "sha256:37f927ea17cde7ae2d7baf832f8e80ce3777624554a653006c9144f8017fe410"},
@@ -2440,8 +2456,8 @@ deprecated = [
     {file = "Deprecated-1.2.13.tar.gz", hash = "sha256:43ac5335da90c31c24ba028af536a91d41d53f9e6901ddb021bcc572ce44e38d"},
 ]
 django = [
-    {file = "Django-4.0.1-py3-none-any.whl", hash = "sha256:7cd8e8a3ed2bc0dfda05ce1e53a9c81b30eefd7aa350e538a18884475e4d4ce2"},
-    {file = "Django-4.0.1.tar.gz", hash = "sha256:2485eea3cc4c3bae13080dee866ebf90ba9f98d1afe8fda89bfb0eb2e218ef86"},
+    {file = "Django-4.0.2-py3-none-any.whl", hash = "sha256:996495c58bff749232426c88726d8cd38d24c94d7c1d80835aafffa9bc52985a"},
+    {file = "Django-4.0.2.tar.gz", hash = "sha256:110fb58fb12eca59e072ad59fc42d771cd642dd7a2f2416582aa9da7a8ef954a"},
 ]
 django-dbbackup = [
     {file = "django-dbbackup-4.0.0b0.tar.gz", hash = "sha256:aca81265dab91b3a73c3a730cf168d946621c28002f1321d4c33910ba7c63634"},
@@ -3058,36 +3074,36 @@ pycparser = [
     {file = "pycparser-2.21.tar.gz", hash = "sha256:e644fdec12f7872f86c58ff790da456218b10f863970249516d60a5eaca77206"},
 ]
 pycryptodome = [
-    {file = "pycryptodome-3.13.0-cp27-cp27m-macosx_10_9_x86_64.whl", hash = "sha256:e468724173df02f9d83f3fea830bf0d04aa291b5add22b4a78e01c97aab04873"},
-    {file = "pycryptodome-3.13.0-cp27-cp27m-manylinux1_i686.whl", hash = "sha256:1fb7a6f222072412f320b9e48d3ce981920efbfce37b06d028ec9bd94093b37f"},
-    {file = "pycryptodome-3.13.0-cp27-cp27m-manylinux1_x86_64.whl", hash = "sha256:4f1b594d0cf35bd12ec4244df1155a7f565bf6e6245976ac36174c1564688c90"},
-    {file = "pycryptodome-3.13.0-cp27-cp27m-manylinux2010_i686.whl", hash = "sha256:9ea70f6c3f6566159e3798e4593a4a8016994a0080ac29a45200615b45091a1b"},
-    {file = "pycryptodome-3.13.0-cp27-cp27m-manylinux2010_x86_64.whl", hash = "sha256:f7aad304575d075faf2806977b726b67da7ba294adc97d878f92a062e357a56a"},
-    {file = "pycryptodome-3.13.0-cp27-cp27m-manylinux2014_aarch64.whl", hash = "sha256:702446a012fd9337b9327d168bb0c7dc714eb93ad361f6f61af9ca8305a301f1"},
-    {file = "pycryptodome-3.13.0-cp27-cp27m-win32.whl", hash = "sha256:681ac47c538c64305d710eaed2bb49532f62b3f4c93aa7c423c520df981392e5"},
-    {file = "pycryptodome-3.13.0-cp27-cp27m-win_amd64.whl", hash = "sha256:7b3478a187d897f003b2aa1793bcc59463e8d57a42e2aafbcbbe9cd47ec46863"},
-    {file = "pycryptodome-3.13.0-cp27-cp27mu-manylinux1_i686.whl", hash = "sha256:eec02d9199af4b1ccfe1f9c587691a07a1fa39d949d2c1dc69d079ab9af8212f"},
-    {file = "pycryptodome-3.13.0-cp27-cp27mu-manylinux1_x86_64.whl", hash = "sha256:9c8e0e6c5e982699801b20fa74f43c19aa080d2b53a39f3c132d35958e153bd4"},
-    {file = "pycryptodome-3.13.0-cp27-cp27mu-manylinux2010_i686.whl", hash = "sha256:f5457e44d3f26d9946091e92b28f3e970a56538b96c87b4b155a84e32a40b7b5"},
-    {file = "pycryptodome-3.13.0-cp27-cp27mu-manylinux2010_x86_64.whl", hash = "sha256:88d6d54e83cf9bbd665ce1e7b9079983ee2d97a05f42e0569ff00a70f1dd8b1e"},
-    {file = "pycryptodome-3.13.0-cp27-cp27mu-manylinux2014_aarch64.whl", hash = "sha256:72de8c4d71e6b11d54528bb924447fa4fdabcbb3d76cc0e7f61d3b6075def6b3"},
-    {file = "pycryptodome-3.13.0-cp35-abi3-macosx_10_9_x86_64.whl", hash = "sha256:008ef2c631f112cd5a58736e0b29f4a28b4bb853e68878689f8b476fd56e0691"},
-    {file = "pycryptodome-3.13.0-cp35-abi3-manylinux1_i686.whl", hash = "sha256:51ebe9624ad0a0b4da1aaaa2d43aabadf8537737fd494cee0ffa37cd6326de02"},
-    {file = "pycryptodome-3.13.0-cp35-abi3-manylinux1_x86_64.whl", hash = "sha256:deede160bdf87ddb71f0a1314ad5a267b1a960be314ea7dc6b7ad86da6da89a3"},
-    {file = "pycryptodome-3.13.0-cp35-abi3-manylinux2010_i686.whl", hash = "sha256:857c16bffd938254e3a834cd6b2a755ed24e1a953b1a86e33da136d3e4c16a6f"},
-    {file = "pycryptodome-3.13.0-cp35-abi3-manylinux2010_x86_64.whl", hash = "sha256:ca6db61335d07220de0b665bfee7b8e9615b2dfc67a54016db4826dac34c2dd2"},
-    {file = "pycryptodome-3.13.0-cp35-abi3-manylinux2014_aarch64.whl", hash = "sha256:073dedf0f9c490ae22ca081b86357646ac9b76f3e2bd89119d137fc697a9e3b6"},
-    {file = "pycryptodome-3.13.0-cp35-abi3-win32.whl", hash = "sha256:e3affa03c49cce7b0a9501cc7f608d4f8e61fb2522b276d599ac049b5955576d"},
-    {file = "pycryptodome-3.13.0-cp35-abi3-win_amd64.whl", hash = "sha256:e5d72be02b17e6bd7919555811264403468d1d052fa67c946e402257c3c29a27"},
-    {file = "pycryptodome-3.13.0-pp27-pypy_73-macosx_10_9_x86_64.whl", hash = "sha256:0896d5d15ffe584d46cb9b69a75cf14a2bc8f6daf635b7bf16c1b041342a44b1"},
-    {file = "pycryptodome-3.13.0-pp27-pypy_73-manylinux1_x86_64.whl", hash = "sha256:e420cdfca73f80fe15f79bb34756959945231a052440813e5fce531e6e96331a"},
-    {file = "pycryptodome-3.13.0-pp27-pypy_73-manylinux2010_x86_64.whl", hash = "sha256:720fafdf3e5c5de93039d8308f765cc60b8e9e7e852ad7135aa65dd89238191f"},
-    {file = "pycryptodome-3.13.0-pp27-pypy_73-win32.whl", hash = "sha256:7a8b0e526ff239b4f4c61dd6898e2474d609843ffc437267f3a27ddff626e6f6"},
-    {file = "pycryptodome-3.13.0-pp36-pypy36_pp73-macosx_10_9_x86_64.whl", hash = "sha256:d92a5eddffb0ad39f582f07c1de26e9daf6880e3e782a94bb7ebaf939567f8bf"},
-    {file = "pycryptodome-3.13.0-pp36-pypy36_pp73-manylinux1_x86_64.whl", hash = "sha256:cb9453c981554984c6f5c5ce7682d7286e65e2173d7416114c3593a977a01bf5"},
-    {file = "pycryptodome-3.13.0-pp36-pypy36_pp73-manylinux2010_x86_64.whl", hash = "sha256:765b8b16bc1fd699e183dde642c7f2653b8f3c9c1a50051139908e9683f97732"},
-    {file = "pycryptodome-3.13.0-pp36-pypy36_pp73-win32.whl", hash = "sha256:b3af53dddf848afb38b3ac2bae7159ddad1feb9bac14aa3acec6ef1797b82f8d"},
-    {file = "pycryptodome-3.13.0.tar.gz", hash = "sha256:95bacf9ff7d1b90bba537d3f5f6c834efe6bfbb1a0195cb3573f29e6716ef08d"},
+    {file = "pycryptodome-3.14.0-cp27-cp27m-macosx_10_9_x86_64.whl", hash = "sha256:bd800856e6dea6924504795ae4ec0d822e912e0a9a215e73b77b585c4d15a0f7"},
+    {file = "pycryptodome-3.14.0-cp27-cp27m-manylinux1_i686.whl", hash = "sha256:625f78ad69aa3c45e19b85b9e9cae3a30aa4a1de6b908981a63426b88e860489"},
+    {file = "pycryptodome-3.14.0-cp27-cp27m-manylinux1_x86_64.whl", hash = "sha256:a1c116dd7a00aac631f67920912fd8ef7a5ad3402cd4d497c6f5cc6b8115747b"},
+    {file = "pycryptodome-3.14.0-cp27-cp27m-manylinux2010_i686.whl", hash = "sha256:0d0b6cca6b707b2c7cd4177c2d3cd950efa959ed8f01c30e676f102c68156f00"},
+    {file = "pycryptodome-3.14.0-cp27-cp27m-manylinux2010_x86_64.whl", hash = "sha256:9d939a257117cc8c6840ad69f149b3ca5e07268cfe0429bd9feec0f91da2343d"},
+    {file = "pycryptodome-3.14.0-cp27-cp27m-manylinux2014_aarch64.whl", hash = "sha256:41dbb8c2129d43f34ed555cbd365d5e8f023ef0f9238fd9cd0302086b15a38b3"},
+    {file = "pycryptodome-3.14.0-cp27-cp27m-win32.whl", hash = "sha256:9b454af09914807cef1222d100a8c523737a160347cb8d699facc4bdfb9fe725"},
+    {file = "pycryptodome-3.14.0-cp27-cp27m-win_amd64.whl", hash = "sha256:95bac6e55411650933f3b615e57bf0966bf08f3ce07c01f07482ced95f18cbec"},
+    {file = "pycryptodome-3.14.0-cp27-cp27mu-manylinux1_i686.whl", hash = "sha256:0ffbca43c1788243421a8583d85acb59f4cd0b82b001c485fdc3fbfd8fd0804f"},
+    {file = "pycryptodome-3.14.0-cp27-cp27mu-manylinux1_x86_64.whl", hash = "sha256:69b85d78f7db628370d2cc87f1c41a449f6460896ba95f412173618f75027c2c"},
+    {file = "pycryptodome-3.14.0-cp27-cp27mu-manylinux2010_i686.whl", hash = "sha256:bba348d2823315ab8ebe44f0b2fc2ff8dfac8de881713a08def3dadcfc8e92bb"},
+    {file = "pycryptodome-3.14.0-cp27-cp27mu-manylinux2010_x86_64.whl", hash = "sha256:7d667daa851b1f9a20f2b5cad3cff13fba5204bc2f857d12f27c25b178d8629b"},
+    {file = "pycryptodome-3.14.0-cp27-cp27mu-manylinux2014_aarch64.whl", hash = "sha256:74918d5de06b12fef2255135bede41307a5f7b929b145ad867111525aea075dc"},
+    {file = "pycryptodome-3.14.0-cp35-abi3-macosx_10_9_x86_64.whl", hash = "sha256:c2b6faabd09d2876f9050f8af5d78046d81fe856f99e801c2ddab85b59602007"},
+    {file = "pycryptodome-3.14.0-cp35-abi3-manylinux1_i686.whl", hash = "sha256:22a8629315c76d2bec57bc4fd67eb7e01664c3e3b9579df40f530ee5821db1de"},
+    {file = "pycryptodome-3.14.0-cp35-abi3-manylinux1_x86_64.whl", hash = "sha256:7e3851e4fbbab72d9b30f98a504f450cc61e497e8e4b0be8205dc198703eee4d"},
+    {file = "pycryptodome-3.14.0-cp35-abi3-manylinux2010_i686.whl", hash = "sha256:9006f17944efaacc3be364c01c2253c00a00f0b5fa5a1a85a1191efd861e764d"},
+    {file = "pycryptodome-3.14.0-cp35-abi3-manylinux2010_x86_64.whl", hash = "sha256:8f0da308fca149b4c4da78e1388f82d8dd167e0ce12992a44f81b506cede3109"},
+    {file = "pycryptodome-3.14.0-cp35-abi3-manylinux2014_aarch64.whl", hash = "sha256:d186e34747985fbd94df7ed4d621f8377165053a06872314c2a594af34741655"},
+    {file = "pycryptodome-3.14.0-cp35-abi3-win32.whl", hash = "sha256:2ed4da8f8afe44895c1f49ae1141a55b15d81dc745b5baa7b7a7265d7b40b81e"},
+    {file = "pycryptodome-3.14.0-cp35-abi3-win_amd64.whl", hash = "sha256:11167a1f892283e5320feb5e81589fd041a1822b94c047820f00bc03eb98a9f7"},
+    {file = "pycryptodome-3.14.0-pp27-pypy_73-macosx_10_9_x86_64.whl", hash = "sha256:1714ea5f83bcff25e8ae4640e22359d7a0815157a29d9f4eebc2b9e975a3cda0"},
+    {file = "pycryptodome-3.14.0-pp27-pypy_73-manylinux1_x86_64.whl", hash = "sha256:3a011b9fe674bd21056613e88a3e660c56f1b47263138ebf420aa3ee4b8b0107"},
+    {file = "pycryptodome-3.14.0-pp27-pypy_73-manylinux2010_x86_64.whl", hash = "sha256:3fd50e3682ac3a684ace5b90ba1aef8090a78eeadf38c1ec385aad3a599cfd68"},
+    {file = "pycryptodome-3.14.0-pp27-pypy_73-win32.whl", hash = "sha256:08be50d4195edd595df580077bbeec5599d0e5aa0cc468083178ae870e0b29f4"},
+    {file = "pycryptodome-3.14.0-pp36-pypy36_pp73-macosx_10_9_x86_64.whl", hash = "sha256:16c171dd969c9046b7b304c6ba0c643624dcf18093a66bd30b8b091703f177a2"},
+    {file = "pycryptodome-3.14.0-pp36-pypy36_pp73-manylinux1_x86_64.whl", hash = "sha256:89bb56cfd1fb74663842710bc41a6be26dafceb60eb8d432536891aea08a3740"},
+    {file = "pycryptodome-3.14.0-pp36-pypy36_pp73-manylinux2010_x86_64.whl", hash = "sha256:c30a98c8718ae93d44680a7038adb484a520319860747ba43b6cd0a20f6b5984"},
+    {file = "pycryptodome-3.14.0-pp36-pypy36_pp73-win32.whl", hash = "sha256:e972f566ef7b821c8b958dab64174afa072f8271b779e32444ad7c127b0a84b2"},
+    {file = "pycryptodome-3.14.0.tar.gz", hash = "sha256:ceea92a4b8ba6c50d8d70f2efbb4ea14b002dac4160ce4dda33f1b7442f8158a"},
 ]
 pyjwt = [
     {file = "PyJWT-2.3.0-py3-none-any.whl", hash = "sha256:e0c4bb8d9f0af0c7f5b1ec4c5036309617d03d56932877f2f7a0beeb5318322f"},
@@ -3234,9 +3250,8 @@ requests-mock = [
     {file = "requests_mock-1.9.3-py2.py3-none-any.whl", hash = "sha256:0a2d38a117c08bb78939ec163522976ad59a6b7fdd82b709e23bb98004a44970"},
 ]
 requests-oauthlib = [
-    {file = "requests-oauthlib-1.3.0.tar.gz", hash = "sha256:b4261601a71fd721a8bd6d7aa1cc1d6a8a93b4a9f5e96626f8e4d91e8beeaa6a"},
-    {file = "requests_oauthlib-1.3.0-py2.py3-none-any.whl", hash = "sha256:7f71572defaecd16372f9006f33c2ec8c077c3cfa6f5911a9a90202beb513f3d"},
-    {file = "requests_oauthlib-1.3.0-py3.7.egg", hash = "sha256:fa6c47b933f01060936d87ae9327fead68768b69c6c9ea2109c48be30f2d4dbc"},
+    {file = "requests-oauthlib-1.3.1.tar.gz", hash = "sha256:75beac4a47881eeb94d5ea5d6ad31ef88856affe2332b9aafb52c6452ccf0d7a"},
+    {file = "requests_oauthlib-1.3.1-py2.py3-none-any.whl", hash = "sha256:2577c501a2fb8d05a304c09d090d6e47c306fef15809d102b327cf8364bddab5"},
 ]
 rsa = [
     {file = "rsa-4.8-py3-none-any.whl", hash = "sha256:95c5d300c4e879ee69708c428ba566c59478fd653cc3a22243eeb8ed846950bb"},
@@ -3391,8 +3406,8 @@ urllib3 = [
     {file = "urllib3-1.26.8.tar.gz", hash = "sha256:0e7c33d9a63e7ddfcb86780aac87befc2fbddf46c58dbb487e0855f7ceec283c"},
 ]
 uvicorn = [
-    {file = "uvicorn-0.17.0.post1-py3-none-any.whl", hash = "sha256:fa166e6c3d58e23ff5a1a3543b079c7b28aa057ab1388201e4b34a49ec05da72"},
-    {file = "uvicorn-0.17.0.post1.tar.gz", hash = "sha256:60a149248181920a73b2e97aec1dacec5501618867f041a228b2519d91a62a91"},
+    {file = "uvicorn-0.17.1-py3-none-any.whl", hash = "sha256:8b16d9ecb76500f7804184f182835fe8a2b54716d3b0b6bb2da0b2b192f62c73"},
+    {file = "uvicorn-0.17.1.tar.gz", hash = "sha256:dffbacb8cc25d924d68d231d2c478c4fe6727c36537d8de21e5de591b37afc41"},
 ]
 uvloop = [
     {file = "uvloop-0.16.0-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:6224f1401025b748ffecb7a6e2652b17768f30b1a6a3f7b44660e5b5b690b12d"},

pyproject.toml

@@ -14,7 +14,7 @@ pythonPlatform = "Linux"
 
 [tool.black]
 line-length = 100
-target-version = ['py39']
+target-version = ['py310']
 exclude = 'node_modules'
 
 [tool.isort]
@@ -92,7 +92,7 @@ addopts = "-p no:celery --junitxml=unittest.xml"
 
 [tool.poetry]
 name = "authentik"
-version = "2022.1.3"
+version = "2022.1.4"
 description = ""
 authors = ["Jens Langhammer <jens.langhammer@beryju.org>"]
 

schema.yml

@@ -1,7 +1,7 @@
 openapi: 3.0.3
 info:
   title: authentik
-  version: 2022.1.3
+  version: 2022.1.4
   description: Making authentication simple.
   contact:
     email: hello@beryju.org

scripts/generate_ci_config.py

@@ -3,7 +3,11 @@ from authentik.lib.generators import generate_id
 from yaml import safe_dump
 
 with open("local.env.yml", "w") as _config:
-    safe_dump({
-        "log_level": "debug",
-        "secret_key": generate_id(),
-    }, _config, default_flow_style=False)
+    safe_dump(
+        {
+            "log_level": "debug",
+            "secret_key": generate_id(),
+        },
+        _config,
+        default_flow_style=False,
+    )

scripts/gh_env.py

@@ -13,7 +13,10 @@ if os.environ.get(env_pr_branch, "") != "":
 should_build = str(os.environ.get("DOCKER_USERNAME", "") != "").lower()
 
 print("##[set-output name=branchName]%s" % branch_name)
-print("##[set-output name=branchNameContainer]%s" % branch_name.replace("refs/heads/", "").replace("/", "-"))
+print(
+    "##[set-output name=branchNameContainer]%s"
+    % branch_name.replace("refs/heads/", "").replace("/", "-")
+)
 print("##[set-output name=timestamp]%s" % int(time()))
 print("##[set-output name=sha]%s" % os.environ[sha])
 print("##[set-output name=shouldBuild]%s" % should_build)

scripts/web_api_esm.py

@@ -2,20 +2,15 @@
 from json import loads, dumps
 
 TSCONFIG_ESM = {
-  "compilerOptions": {
-    "declaration": True,
-    "target": "es6",
-    "module": "esnext",
-    "moduleResolution": "node",
-    "outDir": "./dist/esm",
-    "typeRoots": [
-      "node_modules/@types"
-    ]
-  },
-  "exclude": [
-    "dist",
-    "node_modules"
-  ]
+    "compilerOptions": {
+        "declaration": True,
+        "target": "es6",
+        "module": "esnext",
+        "moduleResolution": "node",
+        "outDir": "./dist/esm",
+        "typeRoots": ["node_modules/@types"],
+    },
+    "exclude": ["dist", "node_modules"],
 }
 
 
@@ -24,7 +19,7 @@ with open("web-api/package.json", encoding="utf-8") as _package:
     package["license"] = "GPL-3.0-only"
     package["module"] = "./dist/esm/index.js"
     package["sideEffects"] = False
-    package["scripts"]["build"] =  "tsc && tsc --project tsconfig.esm.json"
+    package["scripts"]["build"] = "tsc && tsc --project tsconfig.esm.json"
 
 open("web-api/package.json", "w+", encoding="utf-8").write(dumps(package))
 open("web-api/tsconfig.esm.json", "w+", encoding="utf-8").write(dumps(TSCONFIG_ESM))

web/package-lock.json

@@ -16,13 +16,13 @@
                 "@babel/preset-typescript": "^7.16.7",
                 "@formatjs/intl-listformat": "^6.5.1",
                 "@fortawesome/fontawesome-free": "^5.15.4",
-                "@goauthentik/api": "^2022.1.2-1643057053",
+                "@goauthentik/api": "^2022.1.3-1643236150",
                 "@jackfranklin/rollup-plugin-markdown": "^0.3.0",
                 "@lingui/cli": "^3.13.2",
                 "@lingui/core": "^3.13.2",
                 "@lingui/detect-locale": "^3.13.2",
                 "@lingui/macro": "^3.13.2",
-                "@patternfly/patternfly": "^4.164.2",
+                "@patternfly/patternfly": "^4.171.1",
                 "@polymer/iron-form": "^3.0.1",
                 "@polymer/paper-input": "^3.2.1",
                 "@rollup/plugin-babel": "^5.3.0",
@@ -30,24 +30,24 @@
                 "@rollup/plugin-node-resolve": "^13.1.3",
                 "@rollup/plugin-replace": "^3.0.1",
                 "@rollup/plugin-typescript": "^8.3.0",
-                "@sentry/browser": "^6.17.2",
-                "@sentry/tracing": "^6.17.2",
+                "@sentry/browser": "^6.17.3",
+                "@sentry/tracing": "^6.17.3",
                 "@squoosh/cli": "^0.7.2",
                 "@trivago/prettier-plugin-sort-imports": "^3.1.1",
                 "@types/chart.js": "^2.9.35",
                 "@types/codemirror": "5.60.5",
                 "@types/grecaptcha": "^3.0.3",
-                "@typescript-eslint/eslint-plugin": "^5.10.1",
-                "@typescript-eslint/parser": "^5.10.1",
+                "@typescript-eslint/eslint-plugin": "^5.10.2",
+                "@typescript-eslint/parser": "^5.10.2",
                 "@webcomponents/webcomponentsjs": "^2.6.0",
                 "babel-plugin-macros": "^3.1.0",
                 "base64-js": "^1.5.1",
                 "chart.js": "^3.7.0",
                 "chartjs-adapter-moment": "^1.0.0",
                 "codemirror": "^5.65.1",
-                "construct-style-sheets-polyfill": "^3.0.5",
+                "construct-style-sheets-polyfill": "^3.1.0",
                 "country-flag-icons": "^1.4.20",
-                "eslint": "^8.7.0",
+                "eslint": "^8.8.0",
                 "eslint-config-google": "^0.14.0",
                 "eslint-plugin-custom-elements": "0.0.4",
                 "eslint-plugin-lit": "^1.6.1",
@@ -1753,9 +1753,9 @@
             }
         },
         "node_modules/@goauthentik/api": {
-            "version": "2022.1.2-1643057053",
-            "resolved": "https://registry.npmjs.org/@goauthentik/api/-/api-2022.1.2-1643057053.tgz",
-            "integrity": "sha512-UWi49e9KodhubB4zOYHdf+Kwm7Skn6Z4J1EDI3Stu2SDQfsQlU0U4NrOfKnaD7WI6QVjzAK/K+6+bODSQQtOmw=="
+            "version": "2022.1.3-1643236150",
+            "resolved": "https://registry.npmjs.org/@goauthentik/api/-/api-2022.1.3-1643236150.tgz",
+            "integrity": "sha512-eteq3Y/4eME6bffuQy8cB6ZrV3DB7rk1IKdvzfUbr9I1hSRzXEBtlzmXp+lhY6RxlEy9hhcJHZO8/OCKFI5l9A=="
         },
         "node_modules/@humanwhocodes/config-array": {
             "version": "0.9.2",
@@ -2176,9 +2176,9 @@
             }
         },
         "node_modules/@patternfly/patternfly": {
-            "version": "4.164.2",
-            "resolved": "https://registry.npmjs.org/@patternfly/patternfly/-/patternfly-4.164.2.tgz",
-            "integrity": "sha512-gezQi83JKd6tW0z1J6Q5VvMCW/a58+ys4TWcTuXUMqcV3APQdNxVP+ZV6FIv5353oIPi9HuWAaApVwcCxYZYYg=="
+            "version": "4.171.1",
+            "resolved": "https://registry.npmjs.org/@patternfly/patternfly/-/patternfly-4.171.1.tgz",
+            "integrity": "sha512-e5Ykg+QOo8TsyOyG6SqytAs52MJXwaP020z3twb8z9G3ZNra92uNsrxGgZEqPJoWbjU4K7LGDxy2DOM1FeRoFw=="
         },
         "node_modules/@polymer/font-roboto": {
             "version": "3.0.2",
@@ -2433,13 +2433,13 @@
             }
         },
         "node_modules/@sentry/browser": {
-            "version": "6.17.2",
-            "resolved": "https://registry.npmjs.org/@sentry/browser/-/browser-6.17.2.tgz",
-            "integrity": "sha512-4Ow5z9GxK5dG9+stBNKb7s6NoxE4wgEcHRmO66QTK4gH2NNmzV4R/aaZ7iDoS/lD86sH0M86jm76dpg9uiJPmw==",
+            "version": "6.17.3",
+            "resolved": "https://registry.npmjs.org/@sentry/browser/-/browser-6.17.3.tgz",
+            "integrity": "sha512-UElPk6/Q/78eL8tHGHy080uHVQAuieWXlSMSzrJMVNa+vwXPwEeyL+WbPtKkND2jGwdODjg+pSj960RqhIv+ig==",
             "dependencies": {
-                "@sentry/core": "6.17.2",
-                "@sentry/types": "6.17.2",
-                "@sentry/utils": "6.17.2",
+                "@sentry/core": "6.17.3",
+                "@sentry/types": "6.17.3",
+                "@sentry/utils": "6.17.3",
                 "tslib": "^1.9.3"
             },
             "engines": {
@@ -2452,14 +2452,14 @@
             "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg=="
         },
         "node_modules/@sentry/core": {
-            "version": "6.17.2",
-            "resolved": "https://registry.npmjs.org/@sentry/core/-/core-6.17.2.tgz",
-            "integrity": "sha512-Uew0CNMr+QvowrF4EJYjOUgHep/sZJ3l5zevPEELugIgqWBodd+ZDCV3fQFR7cr6KOqx1rMgVrgcKIkLl0l+RA==",
+            "version": "6.17.3",
+            "resolved": "https://registry.npmjs.org/@sentry/core/-/core-6.17.3.tgz",
+            "integrity": "sha512-h7WgrNL0RVlr8Dceh97ZiXNdmEumDutpoqFijjiX4x72IiC6zSaVD4IsqrdGln+v8iJ3l3lX44HHqzubDub1OQ==",
             "dependencies": {
-                "@sentry/hub": "6.17.2",
-                "@sentry/minimal": "6.17.2",
-                "@sentry/types": "6.17.2",
-                "@sentry/utils": "6.17.2",
+                "@sentry/hub": "6.17.3",
+                "@sentry/minimal": "6.17.3",
+                "@sentry/types": "6.17.3",
+                "@sentry/utils": "6.17.3",
                 "tslib": "^1.9.3"
             },
             "engines": {
@@ -2472,12 +2472,12 @@
             "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg=="
         },
         "node_modules/@sentry/hub": {
-            "version": "6.17.2",
-            "resolved": "https://registry.npmjs.org/@sentry/hub/-/hub-6.17.2.tgz",
-            "integrity": "sha512-CMi6jU920bTwRTmGHjP4u8toOx4gm1dsx+rsxvp+FKzqRwpwoyi9mOw8oEYERVzaqaYceGdFylyRUrjdf0f77g==",
+            "version": "6.17.3",
+            "resolved": "https://registry.npmjs.org/@sentry/hub/-/hub-6.17.3.tgz",
+            "integrity": "sha512-TDxv8nRvk45xvfQg6zs8GYzQzgo0EMhI3wjQZLiNfW2rzybKmIwVp2x3O4PAc3WPzwg4bYNgSAkYKVlHmYjRCg==",
             "dependencies": {
-                "@sentry/types": "6.17.2",
-                "@sentry/utils": "6.17.2",
+                "@sentry/types": "6.17.3",
+                "@sentry/utils": "6.17.3",
                 "tslib": "^1.9.3"
             },
             "engines": {
@@ -2490,12 +2490,12 @@
             "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg=="
         },
         "node_modules/@sentry/minimal": {
-            "version": "6.17.2",
-            "resolved": "https://registry.npmjs.org/@sentry/minimal/-/minimal-6.17.2.tgz",
-            "integrity": "sha512-Cdh+iM6QhLKfxwUWWP4mk2K7+EsQj4tuF2dGQke4Zcbp7zQ7wbcMruUcZHiZfvg5kiSYxwNVkH7cXMzcO7AJsg==",
+            "version": "6.17.3",
+            "resolved": "https://registry.npmjs.org/@sentry/minimal/-/minimal-6.17.3.tgz",
+            "integrity": "sha512-zvGGfHNNA92Lqx6P8ZwOUkmRmAiQl0AQFRXl9So1Ayq9bJRnFLJZv4YFVnp2wE4HXYIlfBYb51+GlGB5LIuPmw==",
             "dependencies": {
-                "@sentry/hub": "6.17.2",
-                "@sentry/types": "6.17.2",
+                "@sentry/hub": "6.17.3",
+                "@sentry/types": "6.17.3",
                 "tslib": "^1.9.3"
             },
             "engines": {
@@ -2508,14 +2508,14 @@
             "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg=="
         },
         "node_modules/@sentry/tracing": {
-            "version": "6.17.2",
-            "resolved": "https://registry.npmjs.org/@sentry/tracing/-/tracing-6.17.2.tgz",
-            "integrity": "sha512-oWY2Ga+5D5f90utvfF2Y0eQvme+eS768ZWjR+klRYgZWoY8r1v8uWwWsvroYU1g+h6X0G/xh3giFjsdOWtRENw==",
+            "version": "6.17.3",
+            "resolved": "https://registry.npmjs.org/@sentry/tracing/-/tracing-6.17.3.tgz",
+            "integrity": "sha512-GnHugxw5qkWwYmeQbbrswuWpb0bpYqyJr/dO25QQOCwp+cckQrvBYTMC8zGJG10u94O4el0lQaQnNFz9WF3r6g==",
             "dependencies": {
-                "@sentry/hub": "6.17.2",
-                "@sentry/minimal": "6.17.2",
-                "@sentry/types": "6.17.2",
-                "@sentry/utils": "6.17.2",
+                "@sentry/hub": "6.17.3",
+                "@sentry/minimal": "6.17.3",
+                "@sentry/types": "6.17.3",
+                "@sentry/utils": "6.17.3",
                 "tslib": "^1.9.3"
             },
             "engines": {
@@ -2528,19 +2528,19 @@
             "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg=="
         },
         "node_modules/@sentry/types": {
-            "version": "6.17.2",
-            "resolved": "https://registry.npmjs.org/@sentry/types/-/types-6.17.2.tgz",
-            "integrity": "sha512-UrFLRDz5mn253O8k/XftLxoldF+NyZdkqKLGIQmST5HEVr7ub9nQJ4Y5ZFA3zJYWpraaW8faIbuw+pgetC8hmQ==",
+            "version": "6.17.3",
+            "resolved": "https://registry.npmjs.org/@sentry/types/-/types-6.17.3.tgz",
+            "integrity": "sha512-0AXCjYcfl8Vx26GfyLY4rBQ78Lyt1oND3UozTTMaVXlcKYIjzV+f7TOo5IZx+Kbr6EGUNDLdpA4xfbkWdW/1NA==",
             "engines": {
                 "node": ">=6"
             }
         },
         "node_modules/@sentry/utils": {
-            "version": "6.17.2",
-            "resolved": "https://registry.npmjs.org/@sentry/utils/-/utils-6.17.2.tgz",
-            "integrity": "sha512-ePWtO44KJQwUULOiU86fa1WU3Ird2TH0i39gqB2d3zNS3QyVp9qPlzSdPKSPJ9LdgadzBHw7ikEuE+GY8JTrhA==",
+            "version": "6.17.3",
+            "resolved": "https://registry.npmjs.org/@sentry/utils/-/utils-6.17.3.tgz",
+            "integrity": "sha512-6/2awDIeHSj0JgiC7DDdV1lxvLmf+/BisWhw09dKvmhVQB3ADvQZbohjUgM+Qam5zE0xmZAfQhvuDwC41W8Wnw==",
             "dependencies": {
-                "@sentry/types": "6.17.2",
+                "@sentry/types": "6.17.3",
                 "tslib": "^1.9.3"
             },
             "engines": {
@@ -2844,13 +2844,13 @@
             "integrity": "sha512-7tFImggNeNBVMsn0vLrpn1H1uPrUBdnARPTpZoitY37ZrdJREzf7I16tMrlK3hen349gr1NYh8CmZQa7CTG6Aw=="
         },
         "node_modules/@typescript-eslint/eslint-plugin": {
-            "version": "5.10.1",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-5.10.1.tgz",
-            "integrity": "sha512-xN3CYqFlyE/qOcy978/L0xLR2HlcAGIyIK5sMOasxaaAPfQRj/MmMV6OC3I7NZO84oEUdWCOju34Z9W8E0pFDQ==",
+            "version": "5.10.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-5.10.2.tgz",
+            "integrity": "sha512-4W/9lLuE+v27O/oe7hXJKjNtBLnZE8tQAFpapdxwSVHqtmIoPB1gph3+ahNwVuNL37BX7YQHyGF9Xv6XCnIX2Q==",
             "dependencies": {
-                "@typescript-eslint/scope-manager": "5.10.1",
-                "@typescript-eslint/type-utils": "5.10.1",
-                "@typescript-eslint/utils": "5.10.1",
+                "@typescript-eslint/scope-manager": "5.10.2",
+                "@typescript-eslint/type-utils": "5.10.2",
+                "@typescript-eslint/utils": "5.10.2",
                 "debug": "^4.3.2",
                 "functional-red-black-tree": "^1.0.1",
                 "ignore": "^5.1.8",
@@ -2898,13 +2898,13 @@
             }
         },
         "node_modules/@typescript-eslint/parser": {
-            "version": "5.10.1",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-5.10.1.tgz",
-            "integrity": "sha512-GReo3tjNBwR5RnRO0K2wDIDN31cM3MmDtgyQ85oAxAmC5K3j/g85IjP+cDfcqDsDDBf1HNKQAD0WqOYL8jXqUA==",
+            "version": "5.10.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-5.10.2.tgz",
+            "integrity": "sha512-JaNYGkaQVhP6HNF+lkdOr2cAs2wdSZBoalE22uYWq8IEv/OVH0RksSGydk+sW8cLoSeYmC+OHvRyv2i4AQ7Czg==",
             "dependencies": {
-                "@typescript-eslint/scope-manager": "5.10.1",
-                "@typescript-eslint/types": "5.10.1",
-                "@typescript-eslint/typescript-estree": "5.10.1",
+                "@typescript-eslint/scope-manager": "5.10.2",
+                "@typescript-eslint/types": "5.10.2",
+                "@typescript-eslint/typescript-estree": "5.10.2",
                 "debug": "^4.3.2"
             },
             "engines": {
@@ -2924,12 +2924,12 @@
             }
         },
         "node_modules/@typescript-eslint/scope-manager": {
-            "version": "5.10.1",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-5.10.1.tgz",
-            "integrity": "sha512-Lyvi559Gvpn94k7+ElXNMEnXu/iundV5uFmCUNnftbFrUbAJ1WBoaGgkbOBm07jVZa682oaBU37ao/NGGX4ZDg==",
+            "version": "5.10.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-5.10.2.tgz",
+            "integrity": "sha512-39Tm6f4RoZoVUWBYr3ekS75TYgpr5Y+X0xLZxXqcZNDWZdJdYbKd3q2IR4V9y5NxxiPu/jxJ8XP7EgHiEQtFnw==",
             "dependencies": {
-                "@typescript-eslint/types": "5.10.1",
-                "@typescript-eslint/visitor-keys": "5.10.1"
+                "@typescript-eslint/types": "5.10.2",
+                "@typescript-eslint/visitor-keys": "5.10.2"
             },
             "engines": {
                 "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
@@ -2940,11 +2940,11 @@
             }
         },
         "node_modules/@typescript-eslint/type-utils": {
-            "version": "5.10.1",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-5.10.1.tgz",
-            "integrity": "sha512-AfVJkV8uck/UIoDqhu+ptEdBoQATON9GXnhOpPLzkQRJcSChkvD//qsz9JVffl2goxX+ybs5klvacE9vmrQyCw==",
+            "version": "5.10.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-5.10.2.tgz",
+            "integrity": "sha512-uRKSvw/Ccs5FYEoXW04Z5VfzF2iiZcx8Fu7DGIB7RHozuP0VbKNzP1KfZkHBTM75pCpsWxIthEH1B33dmGBKHw==",
             "dependencies": {
-                "@typescript-eslint/utils": "5.10.1",
+                "@typescript-eslint/utils": "5.10.2",
                 "debug": "^4.3.2",
                 "tsutils": "^3.21.0"
             },
@@ -2965,9 +2965,9 @@
             }
         },
         "node_modules/@typescript-eslint/types": {
-            "version": "5.10.1",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-5.10.1.tgz",
-            "integrity": "sha512-ZvxQ2QMy49bIIBpTqFiOenucqUyjTQ0WNLhBM6X1fh1NNlYAC6Kxsx8bRTY3jdYsYg44a0Z/uEgQkohbR0H87Q==",
+            "version": "5.10.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-5.10.2.tgz",
+            "integrity": "sha512-Qfp0qk/5j2Rz3p3/WhWgu4S1JtMcPgFLnmAKAW061uXxKSa7VWKZsDXVaMXh2N60CX9h6YLaBoy9PJAfCOjk3w==",
             "engines": {
                 "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
             },
@@ -2977,12 +2977,12 @@
             }
         },
         "node_modules/@typescript-eslint/typescript-estree": {
-            "version": "5.10.1",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-5.10.1.tgz",
-            "integrity": "sha512-PwIGnH7jIueXv4opcwEbVGDATjGPO1dx9RkUl5LlHDSe+FXxPwFL5W/qYd5/NHr7f6lo/vvTrAzd0KlQtRusJQ==",
+            "version": "5.10.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-5.10.2.tgz",
+            "integrity": "sha512-WHHw6a9vvZls6JkTgGljwCsMkv8wu8XU8WaYKeYhxhWXH/atZeiMW6uDFPLZOvzNOGmuSMvHtZKd6AuC8PrwKQ==",
             "dependencies": {
-                "@typescript-eslint/types": "5.10.1",
-                "@typescript-eslint/visitor-keys": "5.10.1",
+                "@typescript-eslint/types": "5.10.2",
+                "@typescript-eslint/visitor-keys": "5.10.2",
                 "debug": "^4.3.2",
                 "globby": "^11.0.4",
                 "is-glob": "^4.0.3",
@@ -3017,14 +3017,14 @@
             }
         },
         "node_modules/@typescript-eslint/utils": {
-            "version": "5.10.1",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-5.10.1.tgz",
-            "integrity": "sha512-RRmlITiUbLuTRtn/gcPRi4202niF+q7ylFLCKu4c+O/PcpRvZ/nAUwQ2G00bZgpWkhrNLNnvhZLbDn8Ml0qsQw==",
+            "version": "5.10.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-5.10.2.tgz",
+            "integrity": "sha512-vuJaBeig1NnBRkf7q9tgMLREiYD7zsMrsN1DA3wcoMDvr3BTFiIpKjGiYZoKPllfEwN7spUjv7ZqD+JhbVjEPg==",
             "dependencies": {
                 "@types/json-schema": "^7.0.9",
-                "@typescript-eslint/scope-manager": "5.10.1",
-                "@typescript-eslint/types": "5.10.1",
-                "@typescript-eslint/typescript-estree": "5.10.1",
+                "@typescript-eslint/scope-manager": "5.10.2",
+                "@typescript-eslint/types": "5.10.2",
+                "@typescript-eslint/typescript-estree": "5.10.2",
                 "eslint-scope": "^5.1.1",
                 "eslint-utils": "^3.0.0"
             },
@@ -3040,11 +3040,11 @@
             }
         },
         "node_modules/@typescript-eslint/visitor-keys": {
-            "version": "5.10.1",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-5.10.1.tgz",
-            "integrity": "sha512-NjQ0Xinhy9IL979tpoTRuLKxMc0zJC7QVSdeerXs2/QvOy2yRkzX5dRb10X5woNUdJgU8G3nYRDlI33sq1K4YQ==",
+            "version": "5.10.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-5.10.2.tgz",
+            "integrity": "sha512-zHIhYGGGrFJvvyfwHk5M08C5B5K4bewkm+rrvNTKk1/S15YHR+SA/QUF8ZWscXSfEaB8Nn2puZj+iHcoxVOD/Q==",
             "dependencies": {
-                "@typescript-eslint/types": "5.10.1",
+                "@typescript-eslint/types": "5.10.2",
                 "eslint-visitor-keys": "^3.0.0"
             },
             "engines": {
@@ -3831,12 +3831,9 @@
             "integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s="
         },
         "node_modules/construct-style-sheets-polyfill": {
-            "version": "3.0.5",
-            "resolved": "https://registry.npmjs.org/construct-style-sheets-polyfill/-/construct-style-sheets-polyfill-3.0.5.tgz",
-            "integrity": "sha512-prLKSx9gYwtmqWtq+pZxppU1SaH9o4ug7JIc0I/1zMV2bFE3GvRtQaMTIpotlhw33XjtC7rGQFOZJsOFnlAAhQ==",
-            "engines": {
-                "npm": ">=7"
-            }
+            "version": "3.1.0",
+            "resolved": "https://registry.npmjs.org/construct-style-sheets-polyfill/-/construct-style-sheets-polyfill-3.1.0.tgz",
+            "integrity": "sha512-HBLKP0chz8BAY6rBdzda11c3wAZeCZ+kIG4weVC2NM3AXzxx09nhe8t0SQNdloAvg5GLuHwq/0SPOOSPvtCcKw=="
         },
         "node_modules/convert-source-map": {
             "version": "1.8.0",
@@ -4105,9 +4102,9 @@
             }
         },
         "node_modules/eslint": {
-            "version": "8.7.0",
-            "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.7.0.tgz",
-            "integrity": "sha512-ifHYzkBGrzS2iDU7KjhCAVMGCvF6M3Xfs8X8b37cgrUlDt6bWRTpRh6T/gtSXv1HJ/BUGgmjvNvOEGu85Iif7w==",
+            "version": "8.8.0",
+            "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.8.0.tgz",
+            "integrity": "sha512-H3KXAzQGBH1plhYS3okDix2ZthuYJlQQEGE5k0IKuEqUSiyu4AmxxlJ2MtTYeJ3xB4jDhcYCwGOg2TXYdnDXlQ==",
             "dependencies": {
                 "@eslint/eslintrc": "^1.0.5",
                 "@humanwhocodes/config-array": "^0.9.2",
@@ -10058,9 +10055,9 @@
             "integrity": "sha512-eYm8vijH/hpzr/6/1CJ/V/Eb1xQFW2nnUKArb3z+yUWv7HTwj6M7SP957oMjfZjAHU6qpoNc2wQvIxBLWYa/Jg=="
         },
         "@goauthentik/api": {
-            "version": "2022.1.2-1643057053",
-            "resolved": "https://registry.npmjs.org/@goauthentik/api/-/api-2022.1.2-1643057053.tgz",
-            "integrity": "sha512-UWi49e9KodhubB4zOYHdf+Kwm7Skn6Z4J1EDI3Stu2SDQfsQlU0U4NrOfKnaD7WI6QVjzAK/K+6+bODSQQtOmw=="
+            "version": "2022.1.3-1643236150",
+            "resolved": "https://registry.npmjs.org/@goauthentik/api/-/api-2022.1.3-1643236150.tgz",
+            "integrity": "sha512-eteq3Y/4eME6bffuQy8cB6ZrV3DB7rk1IKdvzfUbr9I1hSRzXEBtlzmXp+lhY6RxlEy9hhcJHZO8/OCKFI5l9A=="
         },
         "@humanwhocodes/config-array": {
             "version": "0.9.2",
@@ -10369,9 +10366,9 @@
             }
         },
         "@patternfly/patternfly": {
-            "version": "4.164.2",
-            "resolved": "https://registry.npmjs.org/@patternfly/patternfly/-/patternfly-4.164.2.tgz",
-            "integrity": "sha512-gezQi83JKd6tW0z1J6Q5VvMCW/a58+ys4TWcTuXUMqcV3APQdNxVP+ZV6FIv5353oIPi9HuWAaApVwcCxYZYYg=="
+            "version": "4.171.1",
+            "resolved": "https://registry.npmjs.org/@patternfly/patternfly/-/patternfly-4.171.1.tgz",
+            "integrity": "sha512-e5Ykg+QOo8TsyOyG6SqytAs52MJXwaP020z3twb8z9G3ZNra92uNsrxGgZEqPJoWbjU4K7LGDxy2DOM1FeRoFw=="
         },
         "@polymer/font-roboto": {
             "version": "3.0.2",
@@ -10588,13 +10585,13 @@
             }
         },
         "@sentry/browser": {
-            "version": "6.17.2",
-            "resolved": "https://registry.npmjs.org/@sentry/browser/-/browser-6.17.2.tgz",
-            "integrity": "sha512-4Ow5z9GxK5dG9+stBNKb7s6NoxE4wgEcHRmO66QTK4gH2NNmzV4R/aaZ7iDoS/lD86sH0M86jm76dpg9uiJPmw==",
+            "version": "6.17.3",
+            "resolved": "https://registry.npmjs.org/@sentry/browser/-/browser-6.17.3.tgz",
+            "integrity": "sha512-UElPk6/Q/78eL8tHGHy080uHVQAuieWXlSMSzrJMVNa+vwXPwEeyL+WbPtKkND2jGwdODjg+pSj960RqhIv+ig==",
             "requires": {
-                "@sentry/core": "6.17.2",
-                "@sentry/types": "6.17.2",
-                "@sentry/utils": "6.17.2",
+                "@sentry/core": "6.17.3",
+                "@sentry/types": "6.17.3",
+                "@sentry/utils": "6.17.3",
                 "tslib": "^1.9.3"
             },
             "dependencies": {
@@ -10606,14 +10603,14 @@
             }
         },
         "@sentry/core": {
-            "version": "6.17.2",
-            "resolved": "https://registry.npmjs.org/@sentry/core/-/core-6.17.2.tgz",
-            "integrity": "sha512-Uew0CNMr+QvowrF4EJYjOUgHep/sZJ3l5zevPEELugIgqWBodd+ZDCV3fQFR7cr6KOqx1rMgVrgcKIkLl0l+RA==",
+            "version": "6.17.3",
+            "resolved": "https://registry.npmjs.org/@sentry/core/-/core-6.17.3.tgz",
+            "integrity": "sha512-h7WgrNL0RVlr8Dceh97ZiXNdmEumDutpoqFijjiX4x72IiC6zSaVD4IsqrdGln+v8iJ3l3lX44HHqzubDub1OQ==",
             "requires": {
-                "@sentry/hub": "6.17.2",
-                "@sentry/minimal": "6.17.2",
-                "@sentry/types": "6.17.2",
-                "@sentry/utils": "6.17.2",
+                "@sentry/hub": "6.17.3",
+                "@sentry/minimal": "6.17.3",
+                "@sentry/types": "6.17.3",
+                "@sentry/utils": "6.17.3",
                 "tslib": "^1.9.3"
             },
             "dependencies": {
@@ -10625,12 +10622,12 @@
             }
         },
         "@sentry/hub": {
-            "version": "6.17.2",
-            "resolved": "https://registry.npmjs.org/@sentry/hub/-/hub-6.17.2.tgz",
-            "integrity": "sha512-CMi6jU920bTwRTmGHjP4u8toOx4gm1dsx+rsxvp+FKzqRwpwoyi9mOw8oEYERVzaqaYceGdFylyRUrjdf0f77g==",
+            "version": "6.17.3",
+            "resolved": "https://registry.npmjs.org/@sentry/hub/-/hub-6.17.3.tgz",
+            "integrity": "sha512-TDxv8nRvk45xvfQg6zs8GYzQzgo0EMhI3wjQZLiNfW2rzybKmIwVp2x3O4PAc3WPzwg4bYNgSAkYKVlHmYjRCg==",
             "requires": {
-                "@sentry/types": "6.17.2",
-                "@sentry/utils": "6.17.2",
+                "@sentry/types": "6.17.3",
+                "@sentry/utils": "6.17.3",
                 "tslib": "^1.9.3"
             },
             "dependencies": {
@@ -10642,12 +10639,12 @@
             }
         },
         "@sentry/minimal": {
-            "version": "6.17.2",
-            "resolved": "https://registry.npmjs.org/@sentry/minimal/-/minimal-6.17.2.tgz",
-            "integrity": "sha512-Cdh+iM6QhLKfxwUWWP4mk2K7+EsQj4tuF2dGQke4Zcbp7zQ7wbcMruUcZHiZfvg5kiSYxwNVkH7cXMzcO7AJsg==",
+            "version": "6.17.3",
+            "resolved": "https://registry.npmjs.org/@sentry/minimal/-/minimal-6.17.3.tgz",
+            "integrity": "sha512-zvGGfHNNA92Lqx6P8ZwOUkmRmAiQl0AQFRXl9So1Ayq9bJRnFLJZv4YFVnp2wE4HXYIlfBYb51+GlGB5LIuPmw==",
             "requires": {
-                "@sentry/hub": "6.17.2",
-                "@sentry/types": "6.17.2",
+                "@sentry/hub": "6.17.3",
+                "@sentry/types": "6.17.3",
                 "tslib": "^1.9.3"
             },
             "dependencies": {
@@ -10659,14 +10656,14 @@
             }
         },
         "@sentry/tracing": {
-            "version": "6.17.2",
-            "resolved": "https://registry.npmjs.org/@sentry/tracing/-/tracing-6.17.2.tgz",
-            "integrity": "sha512-oWY2Ga+5D5f90utvfF2Y0eQvme+eS768ZWjR+klRYgZWoY8r1v8uWwWsvroYU1g+h6X0G/xh3giFjsdOWtRENw==",
+            "version": "6.17.3",
+            "resolved": "https://registry.npmjs.org/@sentry/tracing/-/tracing-6.17.3.tgz",
+            "integrity": "sha512-GnHugxw5qkWwYmeQbbrswuWpb0bpYqyJr/dO25QQOCwp+cckQrvBYTMC8zGJG10u94O4el0lQaQnNFz9WF3r6g==",
             "requires": {
-                "@sentry/hub": "6.17.2",
-                "@sentry/minimal": "6.17.2",
-                "@sentry/types": "6.17.2",
-                "@sentry/utils": "6.17.2",
+                "@sentry/hub": "6.17.3",
+                "@sentry/minimal": "6.17.3",
+                "@sentry/types": "6.17.3",
+                "@sentry/utils": "6.17.3",
                 "tslib": "^1.9.3"
             },
             "dependencies": {
@@ -10678,16 +10675,16 @@
             }
         },
         "@sentry/types": {
-            "version": "6.17.2",
-            "resolved": "https://registry.npmjs.org/@sentry/types/-/types-6.17.2.tgz",
-            "integrity": "sha512-UrFLRDz5mn253O8k/XftLxoldF+NyZdkqKLGIQmST5HEVr7ub9nQJ4Y5ZFA3zJYWpraaW8faIbuw+pgetC8hmQ=="
+            "version": "6.17.3",
+            "resolved": "https://registry.npmjs.org/@sentry/types/-/types-6.17.3.tgz",
+            "integrity": "sha512-0AXCjYcfl8Vx26GfyLY4rBQ78Lyt1oND3UozTTMaVXlcKYIjzV+f7TOo5IZx+Kbr6EGUNDLdpA4xfbkWdW/1NA=="
         },
         "@sentry/utils": {
-            "version": "6.17.2",
-            "resolved": "https://registry.npmjs.org/@sentry/utils/-/utils-6.17.2.tgz",
-            "integrity": "sha512-ePWtO44KJQwUULOiU86fa1WU3Ird2TH0i39gqB2d3zNS3QyVp9qPlzSdPKSPJ9LdgadzBHw7ikEuE+GY8JTrhA==",
+            "version": "6.17.3",
+            "resolved": "https://registry.npmjs.org/@sentry/utils/-/utils-6.17.3.tgz",
+            "integrity": "sha512-6/2awDIeHSj0JgiC7DDdV1lxvLmf+/BisWhw09dKvmhVQB3ADvQZbohjUgM+Qam5zE0xmZAfQhvuDwC41W8Wnw==",
             "requires": {
-                "@sentry/types": "6.17.2",
+                "@sentry/types": "6.17.3",
                 "tslib": "^1.9.3"
             },
             "dependencies": {
@@ -10963,13 +10960,13 @@
             "integrity": "sha512-7tFImggNeNBVMsn0vLrpn1H1uPrUBdnARPTpZoitY37ZrdJREzf7I16tMrlK3hen349gr1NYh8CmZQa7CTG6Aw=="
         },
         "@typescript-eslint/eslint-plugin": {
-            "version": "5.10.1",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-5.10.1.tgz",
-            "integrity": "sha512-xN3CYqFlyE/qOcy978/L0xLR2HlcAGIyIK5sMOasxaaAPfQRj/MmMV6OC3I7NZO84oEUdWCOju34Z9W8E0pFDQ==",
+            "version": "5.10.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-5.10.2.tgz",
+            "integrity": "sha512-4W/9lLuE+v27O/oe7hXJKjNtBLnZE8tQAFpapdxwSVHqtmIoPB1gph3+ahNwVuNL37BX7YQHyGF9Xv6XCnIX2Q==",
             "requires": {
-                "@typescript-eslint/scope-manager": "5.10.1",
-                "@typescript-eslint/type-utils": "5.10.1",
-                "@typescript-eslint/utils": "5.10.1",
+                "@typescript-eslint/scope-manager": "5.10.2",
+                "@typescript-eslint/type-utils": "5.10.2",
+                "@typescript-eslint/utils": "5.10.2",
                 "debug": "^4.3.2",
                 "functional-red-black-tree": "^1.0.1",
                 "ignore": "^5.1.8",
@@ -10994,47 +10991,47 @@
             }
         },
         "@typescript-eslint/parser": {
-            "version": "5.10.1",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-5.10.1.tgz",
-            "integrity": "sha512-GReo3tjNBwR5RnRO0K2wDIDN31cM3MmDtgyQ85oAxAmC5K3j/g85IjP+cDfcqDsDDBf1HNKQAD0WqOYL8jXqUA==",
+            "version": "5.10.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-5.10.2.tgz",
+            "integrity": "sha512-JaNYGkaQVhP6HNF+lkdOr2cAs2wdSZBoalE22uYWq8IEv/OVH0RksSGydk+sW8cLoSeYmC+OHvRyv2i4AQ7Czg==",
             "requires": {
-                "@typescript-eslint/scope-manager": "5.10.1",
-                "@typescript-eslint/types": "5.10.1",
-                "@typescript-eslint/typescript-estree": "5.10.1",
+                "@typescript-eslint/scope-manager": "5.10.2",
+                "@typescript-eslint/types": "5.10.2",
+                "@typescript-eslint/typescript-estree": "5.10.2",
                 "debug": "^4.3.2"
             }
         },
         "@typescript-eslint/scope-manager": {
-            "version": "5.10.1",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-5.10.1.tgz",
-            "integrity": "sha512-Lyvi559Gvpn94k7+ElXNMEnXu/iundV5uFmCUNnftbFrUbAJ1WBoaGgkbOBm07jVZa682oaBU37ao/NGGX4ZDg==",
+            "version": "5.10.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-5.10.2.tgz",
+            "integrity": "sha512-39Tm6f4RoZoVUWBYr3ekS75TYgpr5Y+X0xLZxXqcZNDWZdJdYbKd3q2IR4V9y5NxxiPu/jxJ8XP7EgHiEQtFnw==",
             "requires": {
-                "@typescript-eslint/types": "5.10.1",
-                "@typescript-eslint/visitor-keys": "5.10.1"
+                "@typescript-eslint/types": "5.10.2",
+                "@typescript-eslint/visitor-keys": "5.10.2"
             }
         },
         "@typescript-eslint/type-utils": {
-            "version": "5.10.1",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-5.10.1.tgz",
-            "integrity": "sha512-AfVJkV8uck/UIoDqhu+ptEdBoQATON9GXnhOpPLzkQRJcSChkvD//qsz9JVffl2goxX+ybs5klvacE9vmrQyCw==",
+            "version": "5.10.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-5.10.2.tgz",
+            "integrity": "sha512-uRKSvw/Ccs5FYEoXW04Z5VfzF2iiZcx8Fu7DGIB7RHozuP0VbKNzP1KfZkHBTM75pCpsWxIthEH1B33dmGBKHw==",
             "requires": {
-                "@typescript-eslint/utils": "5.10.1",
+                "@typescript-eslint/utils": "5.10.2",
                 "debug": "^4.3.2",
                 "tsutils": "^3.21.0"
             }
         },
         "@typescript-eslint/types": {
-            "version": "5.10.1",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-5.10.1.tgz",
-            "integrity": "sha512-ZvxQ2QMy49bIIBpTqFiOenucqUyjTQ0WNLhBM6X1fh1NNlYAC6Kxsx8bRTY3jdYsYg44a0Z/uEgQkohbR0H87Q=="
+            "version": "5.10.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-5.10.2.tgz",
+            "integrity": "sha512-Qfp0qk/5j2Rz3p3/WhWgu4S1JtMcPgFLnmAKAW061uXxKSa7VWKZsDXVaMXh2N60CX9h6YLaBoy9PJAfCOjk3w=="
         },
         "@typescript-eslint/typescript-estree": {
-            "version": "5.10.1",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-5.10.1.tgz",
-            "integrity": "sha512-PwIGnH7jIueXv4opcwEbVGDATjGPO1dx9RkUl5LlHDSe+FXxPwFL5W/qYd5/NHr7f6lo/vvTrAzd0KlQtRusJQ==",
+            "version": "5.10.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-5.10.2.tgz",
+            "integrity": "sha512-WHHw6a9vvZls6JkTgGljwCsMkv8wu8XU8WaYKeYhxhWXH/atZeiMW6uDFPLZOvzNOGmuSMvHtZKd6AuC8PrwKQ==",
             "requires": {
-                "@typescript-eslint/types": "5.10.1",
-                "@typescript-eslint/visitor-keys": "5.10.1",
+                "@typescript-eslint/types": "5.10.2",
+                "@typescript-eslint/visitor-keys": "5.10.2",
                 "debug": "^4.3.2",
                 "globby": "^11.0.4",
                 "is-glob": "^4.0.3",
@@ -11053,24 +11050,24 @@
             }
         },
         "@typescript-eslint/utils": {
-            "version": "5.10.1",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-5.10.1.tgz",
-            "integrity": "sha512-RRmlITiUbLuTRtn/gcPRi4202niF+q7ylFLCKu4c+O/PcpRvZ/nAUwQ2G00bZgpWkhrNLNnvhZLbDn8Ml0qsQw==",
+            "version": "5.10.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-5.10.2.tgz",
+            "integrity": "sha512-vuJaBeig1NnBRkf7q9tgMLREiYD7zsMrsN1DA3wcoMDvr3BTFiIpKjGiYZoKPllfEwN7spUjv7ZqD+JhbVjEPg==",
             "requires": {
                 "@types/json-schema": "^7.0.9",
-                "@typescript-eslint/scope-manager": "5.10.1",
-                "@typescript-eslint/types": "5.10.1",
-                "@typescript-eslint/typescript-estree": "5.10.1",
+                "@typescript-eslint/scope-manager": "5.10.2",
+                "@typescript-eslint/types": "5.10.2",
+                "@typescript-eslint/typescript-estree": "5.10.2",
                 "eslint-scope": "^5.1.1",
                 "eslint-utils": "^3.0.0"
             }
         },
         "@typescript-eslint/visitor-keys": {
-            "version": "5.10.1",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-5.10.1.tgz",
-            "integrity": "sha512-NjQ0Xinhy9IL979tpoTRuLKxMc0zJC7QVSdeerXs2/QvOy2yRkzX5dRb10X5woNUdJgU8G3nYRDlI33sq1K4YQ==",
+            "version": "5.10.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-5.10.2.tgz",
+            "integrity": "sha512-zHIhYGGGrFJvvyfwHk5M08C5B5K4bewkm+rrvNTKk1/S15YHR+SA/QUF8ZWscXSfEaB8Nn2puZj+iHcoxVOD/Q==",
             "requires": {
-                "@typescript-eslint/types": "5.10.1",
+                "@typescript-eslint/types": "5.10.2",
                 "eslint-visitor-keys": "^3.0.0"
             },
             "dependencies": {
@@ -11636,9 +11633,9 @@
             "integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s="
         },
         "construct-style-sheets-polyfill": {
-            "version": "3.0.5",
-            "resolved": "https://registry.npmjs.org/construct-style-sheets-polyfill/-/construct-style-sheets-polyfill-3.0.5.tgz",
-            "integrity": "sha512-prLKSx9gYwtmqWtq+pZxppU1SaH9o4ug7JIc0I/1zMV2bFE3GvRtQaMTIpotlhw33XjtC7rGQFOZJsOFnlAAhQ=="
+            "version": "3.1.0",
+            "resolved": "https://registry.npmjs.org/construct-style-sheets-polyfill/-/construct-style-sheets-polyfill-3.1.0.tgz",
+            "integrity": "sha512-HBLKP0chz8BAY6rBdzda11c3wAZeCZ+kIG4weVC2NM3AXzxx09nhe8t0SQNdloAvg5GLuHwq/0SPOOSPvtCcKw=="
         },
         "convert-source-map": {
             "version": "1.8.0",
@@ -11837,9 +11834,9 @@
             "integrity": "sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ="
         },
         "eslint": {
-            "version": "8.7.0",
-            "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.7.0.tgz",
-            "integrity": "sha512-ifHYzkBGrzS2iDU7KjhCAVMGCvF6M3Xfs8X8b37cgrUlDt6bWRTpRh6T/gtSXv1HJ/BUGgmjvNvOEGu85Iif7w==",
+            "version": "8.8.0",
+            "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.8.0.tgz",
+            "integrity": "sha512-H3KXAzQGBH1plhYS3okDix2ZthuYJlQQEGE5k0IKuEqUSiyu4AmxxlJ2MtTYeJ3xB4jDhcYCwGOg2TXYdnDXlQ==",
             "requires": {
                 "@eslint/eslintrc": "^1.0.5",
                 "@humanwhocodes/config-array": "^0.9.2",

web/package.json

@@ -20,7 +20,9 @@
             "en",
             "pseudo-LOCALE",
             "fr_FR",
-            "tr"
+            "tr",
+            "es",
+            "pl"
         ],
         "formatOptions": {
             "lineNumbers": false
@@ -53,13 +55,13 @@
         "@babel/preset-typescript": "^7.16.7",
         "@formatjs/intl-listformat": "^6.5.1",
         "@fortawesome/fontawesome-free": "^5.15.4",
-        "@goauthentik/api": "^2022.1.2-1643057053",
+        "@goauthentik/api": "^2022.1.3-1643236150",
         "@jackfranklin/rollup-plugin-markdown": "^0.3.0",
         "@lingui/cli": "^3.13.2",
         "@lingui/core": "^3.13.2",
         "@lingui/detect-locale": "^3.13.2",
         "@lingui/macro": "^3.13.2",
-        "@patternfly/patternfly": "^4.164.2",
+        "@patternfly/patternfly": "^4.171.1",
         "@polymer/iron-form": "^3.0.1",
         "@polymer/paper-input": "^3.2.1",
         "@rollup/plugin-babel": "^5.3.0",
@@ -67,24 +69,24 @@
         "@rollup/plugin-node-resolve": "^13.1.3",
         "@rollup/plugin-replace": "^3.0.1",
         "@rollup/plugin-typescript": "^8.3.0",
-        "@sentry/browser": "^6.17.2",
-        "@sentry/tracing": "^6.17.2",
+        "@sentry/browser": "^6.17.3",
+        "@sentry/tracing": "^6.17.3",
         "@squoosh/cli": "^0.7.2",
         "@trivago/prettier-plugin-sort-imports": "^3.1.1",
         "@types/chart.js": "^2.9.35",
         "@types/codemirror": "5.60.5",
         "@types/grecaptcha": "^3.0.3",
-        "@typescript-eslint/eslint-plugin": "^5.10.1",
-        "@typescript-eslint/parser": "^5.10.1",
+        "@typescript-eslint/eslint-plugin": "^5.10.2",
+        "@typescript-eslint/parser": "^5.10.2",
         "@webcomponents/webcomponentsjs": "^2.6.0",
         "babel-plugin-macros": "^3.1.0",
         "base64-js": "^1.5.1",
         "chart.js": "^3.7.0",
         "chartjs-adapter-moment": "^1.0.0",
         "codemirror": "^5.65.1",
-        "construct-style-sheets-polyfill": "^3.0.5",
+        "construct-style-sheets-polyfill": "^3.1.0",
         "country-flag-icons": "^1.4.20",
-        "eslint": "^8.7.0",
+        "eslint": "^8.8.0",
         "eslint-config-google": "^0.14.0",
         "eslint-plugin-custom-elements": "0.0.4",
         "eslint-plugin-lit": "^1.6.1",

web/src/constants.ts

@@ -3,7 +3,7 @@ export const SUCCESS_CLASS = "pf-m-success";
 export const ERROR_CLASS = "pf-m-danger";
 export const PROGRESS_CLASS = "pf-m-in-progress";
 export const CURRENT_CLASS = "pf-m-current";
-export const VERSION = "2022.1.3";
+export const VERSION = "2022.1.4";
 export const TITLE_DEFAULT = "authentik";
 export const ROUTE_SEPARATOR = ";";
 

web/src/flows/FlowExecutor.ts

@@ -113,6 +113,9 @@ export class FlowExecutor extends LitElement implements StageHost {
             .pf-c-drawer__content {
                 background-color: transparent;
             }
+            .pf-c-login__main {
+                width: 100%;
+            }
         `);
     }
 

web/src/interfaces/locale.ts

@@ -1,11 +1,13 @@
-import { en, fr, tr } from "make-plural/plurals";
+import { en, es, fr, pl, tr } from "make-plural/plurals";
 
 import { Messages, i18n } from "@lingui/core";
 import { detect, fromNavigator, fromStorage, fromUrl } from "@lingui/detect-locale";
 import { t } from "@lingui/macro";
 
 import { messages as localeEN } from "../locales/en";
+import { messages as localeES } from "../locales/es";
 import { messages as localeFR_FR } from "../locales/fr_FR";
+import { messages as localePL } from "../locales/pl";
 import { messages as localeDEBUG } from "../locales/pseudo-LOCALE";
 import { messages as localeTR } from "../locales/tr";
 
@@ -29,7 +31,7 @@ export const LOCALES: {
         locale: localeDEBUG,
     },
     {
-        code: "fr_FR",
+        code: "fr",
         plurals: fr,
         label: t`French`,
         locale: localeFR_FR,
@@ -40,6 +42,18 @@ export const LOCALES: {
         label: t`Turkish`,
         locale: localeTR,
     },
+    {
+        code: "es",
+        plurals: es,
+        label: t`Spanish`,
+        locale: localeES,
+    },
+    {
+        code: "pl",
+        plurals: pl,
+        label: t`Polish`,
+        locale: localePL,
+    },
 ];
 
 LOCALES.forEach((locale) => {
@@ -50,9 +64,13 @@ LOCALES.forEach((locale) => {
 const DEFAULT_FALLBACK = () => "en";
 
 export function autoDetectLanguage() {
-    const detected =
+    let detected =
         detect(fromUrl("lang"), fromStorage("lang"), fromNavigator(), DEFAULT_FALLBACK) ||
         DEFAULT_FALLBACK();
+    // For now we only care about the first locale part
+    if (detected.includes("_")) {
+        detected = detected.split("_")[0];
+    }
     if (detected in i18n._messages) {
         console.debug(`authentik/locale: Activating detected locale '${detected}'`);
         i18n.activate(detected);

web/src/locales/en.po

@@ -3608,6 +3608,10 @@ msgstr "Policy {0}"
 msgid "Policy-specific settings"
 msgstr "Policy-specific settings"
 
+#: src/interfaces/locale.ts
+msgid "Polish"
+msgstr "Polish"
+
 #: src/pages/providers/saml/SAMLProviderForm.ts
 msgid "Post"
 msgstr "Post"
@@ -4433,6 +4437,10 @@ msgstr "Sources"
 msgid "Sources of identities, which can either be synced into authentik's database, or can be used by users to authenticate and enroll themselves."
 msgstr "Sources of identities, which can either be synced into authentik's database, or can be used by users to authenticate and enroll themselves."
 
+#: src/interfaces/locale.ts
+msgid "Spanish"
+msgstr "Spanish"
+
 #: src/pages/sources/ldap/LDAPSourceForm.ts
 msgid "Specify multiple server URIs by separating them with a comma."
 msgstr "Specify multiple server URIs by separating them with a comma."

web/src/locales/fr_FR.po

@@ -3580,6 +3580,10 @@ msgstr "Poliitique {0}"
 msgid "Policy-specific settings"
 msgstr "Paramètres spécifiques à la politique"
 
+#: src/interfaces/locale.ts
+msgid "Polish"
+msgstr ""
+
 #: src/pages/providers/saml/SAMLProviderForm.ts
 msgid "Post"
 msgstr "Appliquer"
@@ -4395,6 +4399,10 @@ msgstr "Sources"
 msgid "Sources of identities, which can either be synced into authentik's database, or can be used by users to authenticate and enroll themselves."
 msgstr "Sources d'identités, qui peuvent soit être synchronisées dans la base de données d'Authentik, soit être utilisées par les utilisateurs pour s'authentifier et s'inscrire."
 
+#: src/interfaces/locale.ts
+msgid "Spanish"
+msgstr ""
+
 #: src/pages/sources/ldap/LDAPSourceForm.ts
 msgid "Specify multiple server URIs by separating them with a comma."
 msgstr ""

web/src/locales/pseudo-LOCALE.po

@@ -3598,6 +3598,10 @@ msgstr ""
 msgid "Policy-specific settings"
 msgstr ""
 
+#: src/interfaces/locale.ts
+msgid "Polish"
+msgstr ""
+
 #: src/pages/providers/saml/SAMLProviderForm.ts
 msgid "Post"
 msgstr ""
@@ -4423,6 +4427,10 @@ msgstr ""
 msgid "Sources of identities, which can either be synced into authentik's database, or can be used by users to authenticate and enroll themselves."
 msgstr ""
 
+#: src/interfaces/locale.ts
+msgid "Spanish"
+msgstr ""
+
 #: src/pages/sources/ldap/LDAPSourceForm.ts
 msgid "Specify multiple server URIs by separating them with a comma."
 msgstr ""

web/src/locales/tr.po

@@ -3546,6 +3546,10 @@ msgstr "İlke {0}"
 msgid "Policy-specific settings"
 msgstr "İlke özel ayarlar"
 
+#: src/interfaces/locale.ts
+msgid "Polish"
+msgstr ""
+
 #: src/pages/providers/saml/SAMLProviderForm.ts
 msgid "Post"
 msgstr "Post"
@@ -4344,6 +4348,10 @@ msgstr "Kaynaklar"
 msgid "Sources of identities, which can either be synced into authentik's database, or can be used by users to authenticate and enroll themselves."
 msgstr "Auentik'in veritabanına senkronize edilebilen ya da kullanıcılar tarafından kimlik doğrulaması ve kayıt yaptırmak için kullanılabilen kimliklerin kaynakları."
 
+#: src/interfaces/locale.ts
+msgid "Spanish"
+msgstr ""
+
 #: src/pages/sources/ldap/LDAPSourceForm.ts
 msgid "Specify multiple server URIs by separating them with a comma."
 msgstr "Birden çok sunucu URI'lerini virgülle ayırarak belirtin."

web/src/user/user-settings/details/UserDetailsForm.ts

@@ -103,7 +103,7 @@ export class UserDetailsForm extends ModelForm<UserSelf, number> {
                                     value=${locale.code}
                                     ?selected=${config.locale === locale.code}
                                 >
-                                    ${locale.label}
+                                    ${locale.code.toUpperCase()} - ${locale.label}
                                 </option>`;
                             })}
                         </select>

website/developer-docs/docs/writing-documentation.md

@@ -0,0 +1,38 @@
+---
+title: Writing documentation
+---
+
+Writing documentation for authentik is a great way for both new and experienced users to improve and contribute to the project. Here are a few guidelines to ensure
+the documentation is easy to read and uses similar phrasing.
+
+# General guidelines
+
+- authentik should always be stylized as `authentik` (with a lower-case a and ending with a k)
+- Documentation should use American english
+- Feel free to use Docusaurus-specific features, see [here](https://docusaurus.io/docs/next/markdown-features)
+- Use abbreviations where it makes sense (for commonly used terms like SAML and OAuth)
+- Phrasing should never blame the user, and should be subjective, i.e
+
+    - **DON'T** `You may never click x.`
+    - **DO** `x should never be clicked.`
+
+- When referring to other objects in authentik, use cursive text, and link to the corresponding documentation if possible.
+- When referring to external tools, give an example how to use the tools or explain how the user can use them.
+- Make sure to add the documentation to add to the sidebar, if adding a new page.
+- Test how the documentation renders using the Netlify Preview, especially when using Docusaurus-specific features.
+
+If you find any documentation that doesn't match these guidelines, feel free to either open an Issue or a PR so they can be fixed.
+
+## Integration guidelines
+
+These guidelines apply in addition to the ones above.
+
+- For placeholders, use angle brackets (`<placeholder-name>`).
+
+    Make sure to also define if the placeholder is something the user needs to define, something another system defines, or randomly generated.
+
+    If you're adding configuration snippets to the documentation, and the snippet is in a language that supports comments,
+    other placeholders may be used, for example comments referencing an earlier step.
+
+- For placeholder domains, use `authentik.company` and `app-name.company`, where `app-name` is the name of the application you are writing documentation for.
+- Try to order the documentation in the order that makes it easiest for the user to configure.

website/developer-docs/translation.md

@@ -1,11 +1,15 @@
 ---
-title: Translation
+title: Translations
 ---
 
 Translation in authentik is done in two places. Most of the text is defined in the frontend in `web/`, and a subset of messages is defined in the backend.
 
 The frontend uses [lingui](https://lingui.js.org/), and the backend uses the built-in django translation tools.
 
+:::info
+Please review the [Writing documentation](./docs/writing-documentation) guidelines as they apply to documentation too.
+:::
+
 ## Online translation
 
 To simplify translation you can use https://www.transifex.com/beryjuorg/authentik/, which has no local requirements.

website/docs/expressions/_functions.md

@@ -18,6 +18,17 @@ Example:
 user_email_local = regex_replace(request.user.email, '(.+)@.+', '')
 ```
 
+### `list_flatten(value: list[Any] | Any) -> Optional[Any}`
+
+Flatten a list by either returning its first element, None if the list is empty, or the passed in object if its not a list.
+
+Example:
+
+```python
+user = list_flatten(["foo"])
+# user = "foo"
+```
+
 ### `ak_is_group_member(user: User, **group_filters) -> bool`
 
 Check if `user` is member of a group matching `**group_filters`.

website/docs/outposts/integrations/docker.md

@@ -23,12 +23,12 @@ The container is created with the following hardcoded properties:
     Additionally, the proxy outposts have the following extra labels to add themselves into traefik automatically.
 
     - `traefik.enable`: "true"
-    - `traefik.http.routers.ak-outpost-<outpost-id>-router.rule`: `Host(...)`
-    - `traefik.http.routers.ak-outpost-<outpost-id>-router.service`: `ak-outpost-<outpost-id>-service`
-    - `traefik.http.routers.ak-outpost-<outpost-id>-router.tls`: "true"
-    - `traefik.http.services.ak-outpost-<outpost-id>-service.loadbalancer.healthcheck.path`: "/akprox/ping"
-    - `traefik.http.services.ak-outpost-<outpost-id>-service.loadbalancer.healthcheck.port`: "9300"
-    - `traefik.http.services.ak-outpost-<outpost-id>-service.loadbalancer.server.port`: "9000"
+    - `traefik.http.routers.ak-outpost-<outpost-name>-router.rule`: `Host(...)`
+    - `traefik.http.routers.ak-outpost-<outpost-name>-router.service`: `ak-outpost-<outpost-name>-service`
+    - `traefik.http.routers.ak-outpost-<outpost-name>-router.tls`: "true"
+    - `traefik.http.services.ak-outpost-<outpost-name>-service.loadbalancer.healthcheck.path`: "/akprox/ping"
+    - `traefik.http.services.ak-outpost-<outpost-name>-service.loadbalancer.healthcheck.port`: "9300"
+    - `traefik.http.services.ak-outpost-<outpost-name>-service.loadbalancer.server.port`: "9000"
 
 ## Permissions
 

website/docs/releases/v2022.1.md

@@ -86,6 +86,22 @@ This release mostly removes legacy fields and features that have been deprecated
 - web/admin: fix links which look like labels
 - web/admin: fix SMS Stage form not working
 
+## Fixed in 2022.1.4
+
+- core: fix view_token permission not being assigned on token creation for non-admin user
+- lifecycle: remove gunicorn reload option
+- lifecycle: send analytics in gunicorn config to decrease outgoing requests when workers get restarted
+- providers/proxy: add support for X-Original-URI in nginx, better handle missing headers and report errors to authentik
+- providers/proxy: don't include hostname and scheme in redirect when we only got a path and not a full URL
+- providers/proxy: fix routing for external_host when using forward_auth_domain
+- providers/proxy: set traefik labels using object_naming_template instead of UUID
+- sources/ldap: add list_flatten function to property mappings, enable on managed LDAP mappings
+- web: add es locale
+- web: add pl locale
+- web/admin: only check first half of locale when detecting
+- web/flows: fix width on flow container
+- web/user: include locale code in locale selection
+
 ## Upgrading
 
 This release does not introduce any new requirements.

website/integrations/services/zulip/index.md

@@ -0,0 +1,72 @@
+---
+title: Zulip
+---
+
+## What is Zulip
+
+From https://zulip.com
+
+:::note
+**Zulip**: Chat for distributed teams. Zulip combines the immediacy of real-time chat with an email threading model.
+With Zulip, you can catch up on important conversations while ignoring irrelevant ones. 
+:::
+
+## Preperation
+
+The following placeholders will be used:
+
+- `authentik.company` is the FQDN of the authentik install.
+- `zulip.company` is the FQDN of the Zulip instance.
+
+Create an application in authentik and note the slug, as this will be used later. Create a SAML provider with the following parameters:
+
+- ACS URL: `https://zulip.company/complete/saml/`
+- Issuer: `https://authentik.company`
+- Service Provider Binding: `Post`
+- Signing Keypair: Select any certificate you have.
+- Property mappings: Select all Managed mappings.
+
+## Zulip Configuration
+
+Zulip is a Django application and is configured using `/etc/zulip/settings.py`. Only settings that differ
+from the defaults are displayed below. Please make sure you have the latest `settings.py` file as more settings 
+might have been added to defaults since you installed Zulip.
+
+Uncomment `zproject.backends.SAMLAuthBackend` inside the `AUTHENTICATION_BACKENDS` parameter to enable SAML support
+and fill in the following required configuration.
+
+```
+SOCIAL_AUTH_SAML_ORG_INFO = {
+    "en-US": {
+        "displayname": "authentik Zulip",
+        "name": "zulip",
+        "url": "{}{}".format("https://", EXTERNAL_HOST),
+    },
+}
+
+SOCIAL_AUTH_SAML_ENABLED_IDPS: Dict[str, Any] = {
+    # idp identifier and settings
+    "authentik": {
+       
+	    # KEEP OTHER SETTINGS AS DEFAULT OR CONFIGURE THEM ACCORDING TO YOUR PREFERENCES
+        "entity_id": "https://authentik.company",
+        "url": "https://authentik.company/application/saml/<application slug>/sso/binding/redirect/",
+        "display_name": "authentik SAML",
+    },
+}
+
+```
+
+Place the certificate you associated with the SAML provider in authentik inside the `/etc/zulip/saml/idps` directory. 
+The certificate file name must match the idp identifier name you set in the configuration (i.e. authentik.crt).
+
+:::note
+Remember to restart Zulip.
+:::
+## Additional Resources
+
+Please refer to the following for further information:
+
+- https://zulip.com/
+- https://zulip.readthedocs.io
+- https://chat.zulip.org/ (Official public Zulip Chat instance)

website/integrations/sources/active-directory/index.md

@@ -31,17 +31,17 @@ The following placeholders will be used:
 
     ![](./03_additional_perms.png)
 
-Additional infos: https://support.microfocus.com/kb/doc.php?id=7023371
+Additional info: https://support.microfocus.com/kb/doc.php?id=7023371
 
 ## authentik Setup
 
-In authentik, create a new LDAP Source in Resources -> Sources.
+In authentik, create a new LDAP Source in Directory -> Federation & Social login.
 
 Use these settings:
 
 - Server URI: `ldap://ad.company`
 
-    For authentik to be able to write passwords back to Active Directory, make sure to use `ldaps://`
+    For authentik to be able to write passwords back to Active Directory, make sure to use `ldaps://`. You can test to verify LDAPS is working using `ldp.exe`.
 
     You can specify multiple servers by separating URIs with a comma, like `ldap://dc1.ad.company,ldap://dc2.ad.company`.
 
@@ -53,17 +53,16 @@ Use these settings:
 - Property mappings: Control/Command-select all Mappings which start with "authentik default LDAP" and "authentik default Active Directory"
 - Group property mappings: Select "authentik default LDAP Mapping: Name"
 
-The other settings might need to be adjusted based on the setup of your domain.
+Additional settings that might need to be adjusted based on the setup of your domain:
 
-- Addition User/Group DN: Additional DN which is _prepended_ to your Base DN for user synchronization.
-- Addition Group DN: Additional DN which is _prepended_ to your Base DN for group synchronization.
-- User object filter: Which objects should be considered users.
+- Group: If enabled, all synchronized groups will be given this group as a parent.
+- Addition User/Group DN: Additional DN which is _prepended_ to your Base DN configured above to limit the scope of synchronization for Users and Groups
+- User object filter: Which objects should be considered users. For Active Directory set it to `(&(objectClass=user)(!(objectClass=computer)))` to exclude Computer accounts.
 - Group object filter: Which objects should be considered groups.
 - Group membership field: Which user field saves the group membership
 - Object uniqueness field: A user field which contains a unique Identifier
-- Sync parent group: If enabled, all synchronized groups will be given this group as a parent.
 
-After you save the source, a synchronization will start in the background. When its done, you cen see the summary on the System Tasks page.
+After you save the source, a synchronization will start in the background. When its done, you can see the summary under Dashboards -> System Tasks.
 
 ![](./10_ak_status.png)
 

website/integrations/sources/ldap/index.md

@@ -33,3 +33,11 @@ For FreeIPA, follow the [FreeIPA Integration](../freeipa/)
 - Sync groups: Enable/disable group synchronization. Groups are synced in the background every 5 minutes.
 - Sync parent group: Optionally set this group as the parent group for all synced groups. An example use case of this would be to import Active Directory groups under a root `imported-from-ad` group.
 - Property mappings: Define which LDAP properties map to which authentik properties. The default set of property mappings is generated for Active Directory. See also [LDAP Property Mappings](../../../docs/property-mappings/#ldap-property-mapping)
+
+## Property mappings
+
+LDAP property mappings can be used to convert the raw LDAP response into an authentik user/group.
+
+By default, authentik ships with some pre-configured mappings for the most common LDAP setups.
+
+You can assign the value of a mapping to any user attribute, or save it as a custom attribute by prefixing the object field with `attribute.` Keep in mind though, data types from the LDAP server will be carried over. This means that with some implementations, where fields ar stored as array in LDAP, they will be saved as array in authentik. To prevent this, use the built-in `list_flatten` function.

website/package.json

@@ -12,8 +12,8 @@
         "serve": "docusaurus serve"
     },
     "dependencies": {
-        "@docusaurus/plugin-client-redirects": "2.0.0-beta.14",
-        "@docusaurus/preset-classic": "2.0.0-beta.14",
+        "@docusaurus/plugin-client-redirects": "2.0.0-beta.15",
+        "@docusaurus/preset-classic": "2.0.0-beta.15",
         "@mdx-js/react": "^1.6.22",
         "clsx": "^1.1.1",
         "postcss": "^8.4.5",

website/sidebarsDev.js

@@ -26,5 +26,9 @@ module.exports = {
             type: "doc",
             id: "translation",
         },
+        {
+            type: "doc",
+            id: "docs/writing-documentation",
+        },
     ],
 };

website/sidebarsIntegrations.js

@@ -42,6 +42,7 @@ module.exports = {
                 "services/wiki-js/index",
                 "services/wordpress/index",
                 "services/zabbix/index",
+                "services/zulip/index",
             ],
         },
         {