release: 2022.5.3

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

.bumpversion.cfg

@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 2022.5.2
+current_version = 2022.5.3
 tag = True
 commit = True
 parse = (?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)\-?(?P<release>.*)

.github/stale.yml

@@ -10,6 +10,7 @@ exemptLabels:
   - enhancement
   - bug/confirmed
   - enhancement/confirmed
+  - question
 # Comment to post when marking an issue as stale. Set to `false` to disable
 markComment: >
   This issue has been automatically marked as stale because it has not had

.github/workflows/release-publish.yml

@@ -30,9 +30,9 @@ jobs:
         with:
           push: ${{ github.event_name == 'release' }}
           tags: |
-            beryju/authentik:2022.5.2,
+            beryju/authentik:2022.5.3,
             beryju/authentik:latest,
-            ghcr.io/goauthentik/server:2022.5.2,
+            ghcr.io/goauthentik/server:2022.5.3,
             ghcr.io/goauthentik/server:latest
           platforms: linux/amd64,linux/arm64
           context: .
@@ -69,9 +69,9 @@ jobs:
         with:
           push: ${{ github.event_name == 'release' }}
           tags: |
-            beryju/authentik-${{ matrix.type }}:2022.5.2,
+            beryju/authentik-${{ matrix.type }}:2022.5.3,
             beryju/authentik-${{ matrix.type }}:latest,
-            ghcr.io/goauthentik/${{ matrix.type }}:2022.5.2,
+            ghcr.io/goauthentik/${{ matrix.type }}:2022.5.3,
             ghcr.io/goauthentik/${{ matrix.type }}:latest
           file: ${{ matrix.type }}.Dockerfile
           platforms: linux/amd64,linux/arm64
@@ -152,7 +152,7 @@ jobs:
           SENTRY_PROJECT: authentik
           SENTRY_URL: https://sentry.beryju.org
         with:
-          version: authentik@2022.5.2
+          version: authentik@2022.5.3
           environment: beryjuorg-prod
           sourcemaps: './web/dist'
           url_prefix: '~/static/dist'

Makefile

@@ -65,7 +65,7 @@ gen-client-web:
 	docker run \
 		--rm -v ${PWD}:/local \
 		--user ${UID}:${GID} \
-		openapitools/openapi-generator-cli:v6.0.0-beta generate \
+		openapitools/openapi-generator-cli:v6.0.0 generate \
 		-i /local/schema.yml \
 		-g typescript-fetch \
 		-o /local/gen-ts-api \
@@ -83,7 +83,7 @@ gen-client-go:
 	docker run \
 		--rm -v ${PWD}:/local \
 		--user ${UID}:${GID} \
-		openapitools/openapi-generator-cli:v5.2.1 generate \
+		openapitools/openapi-generator-cli:v6.0.0 generate \
 		-i /local/schema.yml \
 		-g go \
 		-o /local/gen-go-api \

authentik/__init__.py

@@ -2,7 +2,7 @@
 from os import environ
 from typing import Optional
 
-__version__ = "2022.5.2"
+__version__ = "2022.5.3"
 ENV_GIT_HASH_KEY = "GIT_BUILD_HASH"
 
 

authentik/api/templates/api/browser.html

@@ -8,9 +8,6 @@ API Browser - {{ tenant.branding_title }}
 
 {% block head %}
 <script type="module" src="{% static 'dist/rapidoc-min.js' %}"></script>
-{% endblock %}
-
-{% block body %}
 <script>
 function getCookie(name) {
     let cookieValue = "";
@@ -34,16 +31,58 @@ window.addEventListener('DOMContentLoaded', (event) => {
     });
 });
 </script>
+<style>
+    img.logo {
+        width: 100%;
+        padding: 1rem 0.5rem 1.5rem 0.5rem;
+        min-height: 48px;
+    }
+</style>
+{% endblock %}
+
+{% block body %}
 <rapi-doc
     spec-url="{{ path }}"
-    heading-text="authentik"
-    theme="dark"
-    render-style="view"
+    heading-text=""
+    theme="light"
+    render-style="read"
+    default-schema-tab="schema"
     primary-color="#fd4b2d"
+    nav-bg-color="#212427"
+    bg-color="#000000"
+    text-color="#000000"
+    nav-text-color="#ffffff"
+    nav-hover-bg-color="#3c3f42"
+    nav-accent-color="#4f5255"
+    nav-hover-text-color="#ffffff"
+    use-path-in-nav-bar="true"
+    nav-item-spacing="relaxed"
+    allow-server-selection="false"
+    show-header="false"
     allow-spec-url-load="false"
     allow-spec-file-load="false">
-    <div slot="logo">
-        <img src="{% static 'dist/assets/icons/icon.png' %}" style="width:50px; height:50px" />
+    <div slot="nav-logo">
+        <img class="logo" src="{% static 'dist/assets/icons/icon_left_brand.png' %}" />
     </div>
 </rapi-doc>
+<script>
+const rapidoc = document.querySelector("rapi-doc");
+const matcher = window.matchMedia("(prefers-color-scheme: light)");
+const changer = (ev) => {
+    const style = getComputedStyle(document.documentElement);
+    let bg, text = "";
+    if (matcher.matches) {
+        bg = style.getPropertyValue('--pf-global--BackgroundColor--light-300');
+        text = style.getPropertyValue('--pf-global--Color--300');
+    } else {
+        bg = style.getPropertyValue('--ak-dark-background');
+        text = style.getPropertyValue('--ak-dark-foreground');
+    }
+    rapidoc.attributes.getNamedItem("bg-color").value = bg.trim();
+    rapidoc.attributes.getNamedItem("text-color").value = text.trim();
+    rapidoc.requestUpdate();
+};
+matcher.addEventListener("change", changer);
+window.addEventListener("load", changer);
+</script>
 {% endblock %}

authentik/api/tests/test_viewsets.py

@@ -0,0 +1,29 @@
+"""authentik API Modelviewset tests"""
+from typing import Callable
+
+from django.test import TestCase
+from rest_framework.viewsets import ModelViewSet, ReadOnlyModelViewSet
+
+from authentik.api.v3.urls import router
+
+
+class TestModelViewSets(TestCase):
+    """Test Viewset"""
+
+
+def viewset_tester_factory(test_viewset: type[ModelViewSet]) -> Callable:
+    """Test Viewset"""
+
+    def tester(self: TestModelViewSets):
+        self.assertIsNotNone(getattr(test_viewset, "search_fields", None))
+        filterset_class = getattr(test_viewset, "filterset_class", None)
+        if not filterset_class:
+            self.assertIsNotNone(getattr(test_viewset, "filterset_fields", None))
+
+    return tester
+
+
+for _, viewset, _ in router.registry:
+    if not issubclass(viewset, (ModelViewSet, ReadOnlyModelViewSet)):
+        continue
+    setattr(TestModelViewSets, f"test_viewset_{viewset.__name__}", viewset_tester_factory(viewset))

authentik/core/api/applications.py

@@ -89,6 +89,7 @@ class ApplicationViewSet(UsedByMixin, ModelViewSet):
         "group",
     ]
     lookup_field = "slug"
+    filterset_fields = ["name", "slug"]
     ordering = ["name"]
 
     def _filter_queryset_for_list(self, queryset: QuerySet) -> QuerySet:

authentik/core/api/sources.py

@@ -66,6 +66,7 @@ class SourceViewSet(
     queryset = Source.objects.none()
     serializer_class = SourceSerializer
     lookup_field = "slug"
+    search_fields = ["slug", "name"]
 
     def get_queryset(self):  # pragma: no cover
         return Source.objects.select_subclasses()

authentik/core/api/users.py

@@ -72,6 +72,7 @@ class UserSerializer(ModelSerializer):
     )
     groups_obj = ListSerializer(child=GroupSerializer(), read_only=True, source="ak_groups")
     uid = CharField(read_only=True)
+    username = CharField(max_length=150)
 
     class Meta:
 

authentik/crypto/migrations/0002_create_self_signed_kp.py

@@ -2,6 +2,8 @@
 
 from django.db import migrations
 
+from authentik.lib.generators import generate_id
+
 
 def create_self_signed(apps, schema_editor):
     CertificateKeyPair = apps.get_model("authentik_crypto", "CertificateKeyPair")
@@ -9,7 +11,7 @@ def create_self_signed(apps, schema_editor):
     from authentik.crypto.builder import CertificateBuilder
 
     builder = CertificateBuilder()
-    builder.build()
+    builder.build(subject_alt_names=[f"{generate_id()}.self-signed.goauthentik.io"])
     CertificateKeyPair.objects.using(db_alias).create(
         name="authentik Self-signed Certificate",
         certificate_data=builder.certificate,

authentik/events/api/notification_mappings.py

@@ -26,3 +26,4 @@ class NotificationWebhookMappingViewSet(UsedByMixin, ModelViewSet):
     serializer_class = NotificationWebhookMappingSerializer
     filterset_fields = ["name"]
     ordering = ["name"]
+    search_fields = ["name"]

authentik/events/api/notification_rules.py

@@ -32,3 +32,4 @@ class NotificationRuleViewSet(UsedByMixin, ModelViewSet):
     serializer_class = NotificationRuleSerializer
     filterset_fields = ["name", "severity", "group__name"]
     ordering = ["name"]
+    search_fields = ["name", "group__name"]

authentik/events/api/notification_transports.py

@@ -68,6 +68,7 @@ class NotificationTransportViewSet(UsedByMixin, ModelViewSet):
     queryset = NotificationTransport.objects.all()
     serializer_class = NotificationTransportSerializer
     filterset_fields = ["name", "mode", "webhook_url", "send_once"]
+    search_fields = ["name", "mode", "webhook_url"]
     ordering = ["name"]
 
     @permission_required("authentik_events.change_notificationtransport")

authentik/events/middleware.py

@@ -26,9 +26,9 @@ IGNORED_MODELS = [
     StaticToken,
 ]
 if settings.DEBUG:
-    from silk.models import Request, Response
+    from silk.models import Request, Response, SQLQuery
 
-    IGNORED_MODELS += [Request, Response]
+    IGNORED_MODELS += [Request, Response, SQLQuery]
 IGNORED_MODELS = tuple(IGNORED_MODELS)
 
 

authentik/events/migrations/0001_squashed_0019_alter_notificationtransport_webhook_url.py

@@ -383,6 +383,7 @@ class Migration(migrations.Migration):
                     models.ManyToManyField(
                         help_text="Select which transports should be used to notify the user. If none are selected, the notification will only be shown in the authentik UI.",
                         to="authentik_events.NotificationTransport",
+                        blank=True,
                     ),
                 ),
             ],

authentik/events/models.py

@@ -481,6 +481,7 @@ class NotificationRule(PolicyBindingModel):
                 "selected, the notification will only be shown in the authentik UI."
             )
         ),
+        blank=True,
     )
     severity = models.TextField(
         choices=NotificationSeverity.choices,

authentik/flows/api/bindings.py

@@ -35,3 +35,4 @@ class FlowStageBindingViewSet(UsedByMixin, ModelViewSet):
     queryset = FlowStageBinding.objects.all()
     serializer_class = FlowStageBindingSerializer
     filterset_fields = "__all__"
+    search_fields = ["stage__name"]

authentik/flows/tests/test_inspector.py

@@ -9,6 +9,7 @@ from rest_framework.test import APITestCase
 from authentik.core.tests.utils import create_test_admin_user
 from authentik.flows.challenge import ChallengeTypes
 from authentik.flows.models import Flow, FlowDesignation, FlowStageBinding, InvalidResponseAction
+from authentik.lib.generators import generate_id
 from authentik.stages.dummy.models import DummyStage
 from authentik.stages.identification.models import IdentificationStage, UserFields
 
@@ -24,8 +25,8 @@ class TestFlowInspector(APITestCase):
     def test(self):
         """test inspector"""
         flow = Flow.objects.create(
-            name="test-full",
-            slug="test-full",
+            name=generate_id(),
+            slug=generate_id(),
             designation=FlowDesignation.AUTHENTICATION,
         )
 

authentik/flows/tests/test_transfer.py

@@ -13,6 +13,26 @@ from authentik.policies.models import PolicyBinding
 from authentik.stages.prompt.models import FieldTypes, Prompt, PromptStage
 from authentik.stages.user_login.models import UserLoginStage
 
+STATIC_PROMPT_EXPORT = """{
+    "version": 1,
+    "entries": [
+        {
+            "identifiers": {
+                "pk": "cb954fd4-65a5-4ad9-b1ee-180ee9559cf4"
+            },
+            "model": "authentik_stages_prompt.prompt",
+            "attrs": {
+                "field_key": "username",
+                "label": "Username",
+                "type": "username",
+                "required": true,
+                "placeholder": "Username",
+                "order": 0
+            }
+        }
+    ]
+}"""
+
 
 class TestFlowTransfer(TransactionTestCase):
     """Test flow transfer"""
@@ -58,6 +78,22 @@ class TestFlowTransfer(TransactionTestCase):
 
         self.assertTrue(Flow.objects.filter(slug=flow_slug).exists())
 
+    def test_export_validate_import_re_import(self):
+        """Test export and import it twice"""
+        count_initial = Prompt.objects.filter(field_key="username").count()
+
+        importer = FlowImporter(STATIC_PROMPT_EXPORT)
+        self.assertTrue(importer.validate())
+        self.assertTrue(importer.apply())
+
+        count_before = Prompt.objects.filter(field_key="username").count()
+        self.assertEqual(count_initial + 1, count_before)
+
+        importer = FlowImporter(STATIC_PROMPT_EXPORT)
+        self.assertTrue(importer.apply())
+
+        self.assertEqual(Prompt.objects.filter(field_key="username").count(), count_before)
+
     def test_export_validate_import_policies(self):
         """Test export and validate it"""
         flow_slug = generate_id()

authentik/flows/transfer/importer.py

@@ -115,6 +115,11 @@ class FlowImporter:
             serializer_kwargs["instance"] = model_instance
         else:
             self.logger.debug("initialise new instance", model=model, **updated_identifiers)
+            model_instance = model()
+            # pk needs to be set on the model instance otherwise a new one will be generated
+            if "pk" in updated_identifiers:
+                model_instance.pk = updated_identifiers["pk"]
+            serializer_kwargs["instance"] = model_instance
         full_data = self.__update_pks_for_attrs(entry.attrs)
         full_data.update(updated_identifiers)
         serializer_kwargs["data"] = full_data
@@ -167,7 +172,7 @@ class FlowImporter:
     def validate(self) -> bool:
         """Validate loaded flow export, ensure all models are allowed
         and serializers have no errors"""
-        self.logger.debug("Starting flow import validaton")
+        self.logger.debug("Starting flow import validation")
         if self.__import.version != 1:
             self.logger.warning("Invalid bundle version")
             return False

authentik/outposts/api/service_connections.py

@@ -118,6 +118,7 @@ class DockerServiceConnectionViewSet(UsedByMixin, ModelViewSet):
     serializer_class = DockerServiceConnectionSerializer
     filterset_fields = ["name", "local", "url", "tls_verification", "tls_authentication"]
     ordering = ["name"]
+    search_fields = ["name"]
 
 
 class KubernetesServiceConnectionSerializer(ServiceConnectionSerializer):
@@ -152,3 +153,4 @@ class KubernetesServiceConnectionViewSet(UsedByMixin, ModelViewSet):
     serializer_class = KubernetesServiceConnectionSerializer
     filterset_fields = ["name", "local"]
     ordering = ["name"]
+    search_fields = ["name"]

authentik/policies/dummy/api.py

@@ -21,3 +21,4 @@ class DummyPolicyViewSet(UsedByMixin, ModelViewSet):
     serializer_class = DummyPolicySerializer
     filterset_fields = "__all__"
     ordering = ["name"]
+    search_fields = ["name"]

authentik/policies/event_matcher/api.py

@@ -25,3 +25,4 @@ class EventMatcherPolicyViewSet(UsedByMixin, ModelViewSet):
     serializer_class = EventMatcherPolicySerializer
     filterset_fields = "__all__"
     ordering = ["name"]
+    search_fields = ["name"]

authentik/policies/expiry/api.py

@@ -21,3 +21,4 @@ class PasswordExpiryPolicyViewSet(UsedByMixin, ModelViewSet):
     serializer_class = PasswordExpiryPolicySerializer
     filterset_fields = "__all__"
     ordering = ["name"]
+    search_fields = ["name"]

authentik/policies/expression/api.py

@@ -28,3 +28,4 @@ class ExpressionPolicyViewSet(UsedByMixin, ModelViewSet):
     serializer_class = ExpressionPolicySerializer
     filterset_fields = "__all__"
     ordering = ["name"]
+    search_fields = ["name"]

authentik/policies/hibp/api.py

@@ -20,4 +20,5 @@ class HaveIBeenPwendPolicyViewSet(UsedByMixin, ModelViewSet):
     queryset = HaveIBeenPwendPolicy.objects.all()
     serializer_class = HaveIBeenPwendPolicySerializer
     filterset_fields = "__all__"
+    search_fields = ["name", "password_field"]
     ordering = ["name"]

authentik/policies/password/api.py

@@ -30,3 +30,4 @@ class PasswordPolicyViewSet(UsedByMixin, ModelViewSet):
     serializer_class = PasswordPolicySerializer
     filterset_fields = "__all__"
     ordering = ["name"]
+    search_fields = ["name"]

authentik/policies/process.py

@@ -151,5 +151,5 @@ class PolicyProcess(PROCESS_CLASS):
         try:
             self.connection.send(self.profiling_wrapper())
         except Exception as exc:  # pylint: disable=broad-except
-            LOGGER.warning(str(exc))
+            LOGGER.warning("Policy failed to run", exc=exc)
             self.connection.send(PolicyResult(False, str(exc)))

authentik/policies/reputation/api.py

@@ -26,6 +26,7 @@ class ReputationPolicyViewSet(UsedByMixin, ModelViewSet):
     queryset = ReputationPolicy.objects.all()
     serializer_class = ReputationPolicySerializer
     filterset_fields = "__all__"
+    search_fields = ["name", "threshold"]
     ordering = ["name"]
 
 

authentik/providers/ldap/api.py

@@ -47,6 +47,7 @@ class LDAPProviderViewSet(UsedByMixin, ModelViewSet):
         "uid_start_number": ["iexact"],
         "gid_start_number": ["iexact"],
     }
+    search_fields = ["name"]
     ordering = ["name"]
 
 
@@ -81,3 +82,5 @@ class LDAPOutpostConfigViewSet(ReadOnlyModelViewSet):
     queryset = LDAPProvider.objects.filter(application__isnull=False)
     serializer_class = LDAPOutpostConfigSerializer
     ordering = ["name"]
+    search_fields = ["name"]
+    filterset_fields = ["name"]

authentik/providers/oauth2/api/provider.py

@@ -71,6 +71,7 @@ class OAuth2ProviderViewSet(UsedByMixin, ModelViewSet):
         "property_mappings",
         "issuer_mode",
     ]
+    search_fields = ["name"]
     ordering = ["name"]
 
     @extend_schema(

authentik/providers/oauth2/api/scope.py

@@ -39,3 +39,4 @@ class ScopeMappingViewSet(UsedByMixin, ModelViewSet):
     serializer_class = ScopeMappingSerializer
     filterset_class = ScopeMappingFilter
     ordering = ["scope_name", "name"]
+    search_fields = ["name", "scope_name"]

authentik/providers/oauth2/tests/test_authorize.py

@@ -78,6 +78,28 @@ class TestAuthorize(OAuthTestCase):
             )
             OAuthAuthorizationParams.from_request(request)
 
+    def test_invalid_redirect_uri_regex(self):
+        """test missing/invalid redirect URI"""
+        OAuth2Provider.objects.create(
+            name="test",
+            client_id="test",
+            authorization_flow=create_test_flow(),
+            redirect_uris="+",
+        )
+        with self.assertRaises(RedirectUriError):
+            request = self.factory.get("/", data={"response_type": "code", "client_id": "test"})
+            OAuthAuthorizationParams.from_request(request)
+        with self.assertRaises(RedirectUriError):
+            request = self.factory.get(
+                "/",
+                data={
+                    "response_type": "code",
+                    "client_id": "test",
+                    "redirect_uri": "http://localhost",
+                },
+            )
+            OAuthAuthorizationParams.from_request(request)
+
     def test_empty_redirect_uri(self):
         """test empty redirect URI (configure in provider)"""
         OAuth2Provider.objects.create(

authentik/providers/oauth2/views/authorize.py

@@ -1,7 +1,8 @@
 """authentik OAuth2 Authorization views"""
 from dataclasses import dataclass, field
 from datetime import timedelta
-from re import fullmatch
+from re import error as RegexError
+from re import escape, fullmatch
 from typing import Optional
 from urllib.parse import parse_qs, urlencode, urlparse, urlsplit, urlunsplit
 from uuid import uuid4
@@ -180,16 +181,26 @@ class OAuthAuthorizationParams:
 
         if self.provider.redirect_uris == "":
             LOGGER.info("Setting redirect for blank redirect_uris", redirect=self.redirect_uri)
-            self.provider.redirect_uris = self.redirect_uri
+            self.provider.redirect_uris = escape(self.redirect_uri)
             self.provider.save()
             allowed_redirect_urls = self.provider.redirect_uris.split()
 
-        if not any(fullmatch(x, self.redirect_uri) for x in allowed_redirect_urls):
-            LOGGER.warning(
-                "Invalid redirect uri",
-                redirect_uri=self.redirect_uri,
-                excepted=allowed_redirect_urls,
-            )
+        if self.provider.redirect_uris == "*":
+            LOGGER.info("Converting redirect_uris to regex", redirect=self.redirect_uri)
+            self.provider.redirect_uris = ".*"
+            self.provider.save()
+            allowed_redirect_urls = self.provider.redirect_uris.split()
+
+        try:
+            if not any(fullmatch(x, self.redirect_uri) for x in allowed_redirect_urls):
+                LOGGER.warning(
+                    "Invalid redirect uri",
+                    redirect_uri=self.redirect_uri,
+                    excepted=allowed_redirect_urls,
+                )
+                raise RedirectUriError(self.redirect_uri, allowed_redirect_urls)
+        except RegexError as exc:
+            LOGGER.warning("Invalid regular expression configured", exc=exc)
             raise RedirectUriError(self.redirect_uri, allowed_redirect_urls)
         if self.request:
             raise AuthorizeError(

authentik/providers/oauth2/views/token.py

@@ -2,6 +2,7 @@
 from base64 import urlsafe_b64encode
 from dataclasses import InitVar, dataclass
 from hashlib import sha256
+from re import error as RegexError
 from re import fullmatch
 from typing import Any, Optional
 
@@ -149,12 +150,16 @@ class TokenParams:
         allowed_redirect_urls = self.provider.redirect_uris.split()
         # At this point, no provider should have a blank redirect_uri, in case they do
         # this will check an empty array and raise an error
-        if not any(fullmatch(x, self.redirect_uri) for x in allowed_redirect_urls):
-            LOGGER.warning(
-                "Invalid redirect uri",
-                redirect_uri=self.redirect_uri,
-                excepted=allowed_redirect_urls,
-            )
+        try:
+            if not any(fullmatch(x, self.redirect_uri) for x in allowed_redirect_urls):
+                LOGGER.warning(
+                    "Invalid redirect uri",
+                    redirect_uri=self.redirect_uri,
+                    excepted=allowed_redirect_urls,
+                )
+                raise TokenError("invalid_client")
+        except RegexError as exc:
+            LOGGER.warning("Invalid regular expression configured", exc=exc)
             raise TokenError("invalid_client")
 
         try:
@@ -297,18 +302,7 @@ class TokenParams:
             raise TokenError("invalid_grant")
 
         self.__check_policy_access(app, request, oauth_jwt=token)
-
-        self.user, _ = User.objects.update_or_create(
-            username=f"{self.provider.name}-{token.get('sub')}",
-            defaults={
-                "attributes": {
-                    USER_ATTRIBUTE_GENERATED: True,
-                    USER_ATTRIBUTE_EXPIRES: token.get("exp"),
-                },
-                "last_login": now(),
-                "name": f"Autogenerated user from application {app.name} (client credentials JWT)",
-            },
-        )
+        self.__create_user_from_jwt(token, app)
 
         Event.new(
             action=EventAction.LOGIN,
@@ -319,6 +313,23 @@ class TokenParams:
             PLAN_CONTEXT_APPLICATION=app,
         ).from_http(request, user=self.user)
 
+    def __create_user_from_jwt(self, token: dict[str, Any], app: Application):
+        """Create user from JWT"""
+        exp = token.get("exp")
+        self.user, created = User.objects.update_or_create(
+            username=f"{self.provider.name}-{token.get('sub')}",
+            defaults={
+                "attributes": {
+                    USER_ATTRIBUTE_GENERATED: True,
+                },
+                "last_login": now(),
+                "name": f"Autogenerated user from application {app.name} (client credentials JWT)",
+            },
+        )
+        if created and exp:
+            self.user.attributes[USER_ATTRIBUTE_EXPIRES] = exp
+            self.user.save()
+
 
 class TokenView(View):
     """Generate tokens for clients"""

authentik/providers/proxy/api.py

@@ -103,6 +103,7 @@ class ProxyProviderViewSet(UsedByMixin, ModelViewSet):
         "redirect_uris": ["iexact"],
         "cookie_domain": ["iexact"],
     }
+    search_fields = ["name"]
     ordering = ["name"]
 
 
@@ -166,3 +167,5 @@ class ProxyOutpostConfigViewSet(ReadOnlyModelViewSet):
     queryset = ProxyProvider.objects.filter(application__isnull=False)
     serializer_class = ProxyOutpostConfigSerializer
     ordering = ["name"]
+    search_fields = ["name"]
+    filterset_fields = ["name"]

authentik/providers/saml/api.py

@@ -99,6 +99,7 @@ class SAMLProviderViewSet(UsedByMixin, ModelViewSet):
     serializer_class = SAMLProviderSerializer
     filterset_fields = "__all__"
     ordering = ["name"]
+    search_fields = ["name"]
 
     @extend_schema(
         responses={
@@ -216,4 +217,5 @@ class SAMLPropertyMappingViewSet(UsedByMixin, ModelViewSet):
     queryset = SAMLPropertyMapping.objects.all()
     serializer_class = SAMLPropertyMappingSerializer
     filterset_class = SAMLPropertyMappingFilter
+    search_fields = ["name"]
     ordering = ["name"]

authentik/providers/saml/processors/request_parser.py

@@ -3,6 +3,7 @@ from base64 import b64decode
 from dataclasses import dataclass
 from typing import Optional
 from urllib.parse import quote_plus
+from xml.etree.ElementTree import ParseError  # nosec
 
 import xmlsec
 from defusedxml import ElementTree
@@ -175,7 +176,10 @@ class AuthNRequestParser:
                 )
             except xmlsec.Error as exc:
                 raise CannotHandleAssertion(ERROR_FAILED_TO_VERIFY) from exc
-        return self._parse_xml(decoded_xml, relay_state)
+        try:
+            return self._parse_xml(decoded_xml, relay_state)
+        except ParseError as exc:
+            raise CannotHandleAssertion(ERROR_FAILED_TO_VERIFY) from exc
 
     def idp_initiated(self) -> AuthNRequest:
         """Create IdP Initiated AuthNRequest"""

authentik/sources/ldap/api.py

@@ -91,6 +91,7 @@ class LDAPSourceViewSet(UsedByMixin, ModelViewSet):
         "property_mappings",
         "property_mappings_group",
     ]
+    search_fields = ["name", "slug"]
     ordering = ["name"]
 
     @extend_schema(
@@ -142,4 +143,5 @@ class LDAPPropertyMappingViewSet(UsedByMixin, ModelViewSet):
     queryset = LDAPPropertyMapping.objects.all()
     serializer_class = LDAPPropertyMappingSerializer
     filterset_class = LDAPPropertyMappingFilter
+    search_fields = ["name"]
     ordering = ["name"]

authentik/sources/oauth/api/source.py

@@ -102,6 +102,7 @@ class OAuthSourceViewSet(UsedByMixin, ModelViewSet):
         "consumer_key",
         "additional_scopes",
     ]
+    search_fields = ["name", "slug"]
     ordering = ["name"]
 
     @extend_schema(

authentik/sources/oauth/api/source_connection.py

@@ -26,6 +26,7 @@ class UserOAuthSourceConnectionViewSet(UsedByMixin, ModelViewSet):
     queryset = UserOAuthSourceConnection.objects.all()
     serializer_class = UserOAuthSourceConnectionSerializer
     filterset_fields = ["source__slug"]
+    search_fields = ["source__slug"]
     permission_classes = [OwnerSuperuserPermissions]
     filter_backends = [OwnerFilter, DjangoFilterBackend, OrderingFilter, SearchFilter]
     ordering = ["source__slug"]

authentik/sources/plex/api/source.py

@@ -60,6 +60,7 @@ class PlexSourceViewSet(UsedByMixin, ModelViewSet):
         "client_id",
         "allow_friends",
     ]
+    search_fields = ["name", "slug"]
     ordering = ["name"]
 
     @permission_required(None)

authentik/sources/plex/api/source_connection.py

@@ -35,3 +35,4 @@ class PlexSourceConnectionViewSet(UsedByMixin, ModelViewSet):
     permission_classes = [OwnerSuperuserPermissions]
     filter_backends = [OwnerFilter, DjangoFilterBackend, OrderingFilter, SearchFilter]
     ordering = ["pk"]
+    search_fields = ["source__slug"]

authentik/sources/saml/api.py

@@ -41,6 +41,7 @@ class SAMLSourceViewSet(UsedByMixin, ModelViewSet):
     serializer_class = SAMLSourceSerializer
     lookup_field = "slug"
     filterset_fields = "__all__"
+    search_fields = ["name", "slug"]
     ordering = ["name"]
 
     @extend_schema(responses={200: SAMLMetadataSerializer(many=False)})

authentik/stages/authenticator_duo/api.py

@@ -51,6 +51,7 @@ class AuthenticatorDuoStageViewSet(UsedByMixin, ModelViewSet):
         "client_id",
         "api_hostname",
     ]
+    search_fields = ["name"]
     ordering = ["name"]
 
     @extend_schema(

authentik/stages/authenticator_sms/api.py

@@ -36,6 +36,7 @@ class AuthenticatorSMSStageViewSet(UsedByMixin, ModelViewSet):
     serializer_class = AuthenticatorSMSStageSerializer
     filterset_fields = "__all__"
     ordering = ["name"]
+    search_fields = ["name"]
 
 
 class SMSDeviceSerializer(ModelSerializer):

authentik/stages/authenticator_static/api.py

@@ -29,6 +29,7 @@ class AuthenticatorStaticStageViewSet(UsedByMixin, ModelViewSet):
     serializer_class = AuthenticatorStaticStageSerializer
     filterset_fields = "__all__"
     ordering = ["name"]
+    search_fields = ["name"]
 
 
 class StaticDeviceTokenSerializer(ModelSerializer):

authentik/stages/authenticator_totp/api.py

@@ -29,6 +29,7 @@ class AuthenticatorTOTPStageViewSet(UsedByMixin, ModelViewSet):
     serializer_class = AuthenticatorTOTPStageSerializer
     filterset_fields = "__all__"
     ordering = ["name"]
+    search_fields = ["name"]
 
 
 class TOTPDeviceSerializer(ModelSerializer):

authentik/stages/authenticator_validate/api.py

@@ -41,3 +41,4 @@ class AuthenticatorValidateStageViewSet(UsedByMixin, ModelViewSet):
     serializer_class = AuthenticatorValidateStageSerializer
     filterset_fields = ["name", "not_configured_action", "configuration_stages"]
     ordering = ["name"]
+    search_fields = ["name"]

authentik/stages/authenticator_validate/stage.py

@@ -168,11 +168,6 @@ class AuthenticatorValidateStageView(ChallengeStageView):
                 continue
             # check if device has been used within threshold and skip this stage if so
             if threshold.total_seconds() > 0:
-                print("yeet")
-                print(get_device_last_usage(device))
-                print(_now - get_device_last_usage(device))
-                print(threshold)
-                print(_now - get_device_last_usage(device) <= threshold)
                 if _now - get_device_last_usage(device) <= threshold:
                     LOGGER.info("Device has been used within threshold", device=device)
                     raise FlowSkipStageException()

authentik/stages/authenticator_webauthn/api.py

@@ -33,6 +33,7 @@ class AuthenticateWebAuthnStageViewSet(UsedByMixin, ModelViewSet):
     serializer_class = AuthenticateWebAuthnStageSerializer
     filterset_fields = "__all__"
     ordering = ["name"]
+    search_fields = ["name"]
 
 
 class WebAuthnDeviceSerializer(ModelSerializer):

authentik/stages/captcha/api.py

@@ -22,4 +22,5 @@ class CaptchaStageViewSet(UsedByMixin, ModelViewSet):
     queryset = CaptchaStage.objects.all()
     serializer_class = CaptchaStageSerializer
     filterset_fields = ["name", "public_key"]
+    search_fields = ["name"]
     ordering = ["name"]

authentik/stages/consent/api.py

@@ -28,6 +28,7 @@ class ConsentStageViewSet(UsedByMixin, ModelViewSet):
     serializer_class = ConsentStageSerializer
     filterset_fields = "__all__"
     ordering = ["name"]
+    search_fields = ["name"]
 
 
 class UserConsentSerializer(StageSerializer):
@@ -60,6 +61,7 @@ class UserConsentViewSet(
         OrderingFilter,
         SearchFilter,
     ]
+    search_fields = ["user__username"]
 
     def get_queryset(self):
         user = self.request.user if self.request else get_anonymous_user()

authentik/stages/deny/api.py

@@ -22,3 +22,4 @@ class DenyStageViewSet(UsedByMixin, ModelViewSet):
     serializer_class = DenyStageSerializer
     filterset_fields = "__all__"
     ordering = ["name"]
+    search_fields = ["name"]

authentik/stages/dummy/api.py

@@ -21,4 +21,5 @@ class DummyStageViewSet(UsedByMixin, ModelViewSet):
     queryset = DummyStage.objects.all()
     serializer_class = DummyStageSerializer
     filterset_fields = "__all__"
+    search_fields = ["name"]
     ordering = ["name"]

authentik/stages/email/api.py

@@ -68,6 +68,7 @@ class EmailStageViewSet(UsedByMixin, ModelViewSet):
         "template",
         "activate_user_on_success",
     ]
+    search_fields = ["name"]
     ordering = ["name"]
 
     @extend_schema(responses={200: TypeCreateSerializer(many=True)})

authentik/stages/identification/api.py

@@ -40,4 +40,5 @@ class IdentificationStageViewSet(UsedByMixin, ModelViewSet):
         "passwordless_flow",
         "show_source_labels",
     ]
+    search_fields = ["name"]
     ordering = ["name"]

authentik/stages/invitation/api.py

@@ -41,6 +41,7 @@ class InvitationStageViewSet(UsedByMixin, ModelViewSet):
     serializer_class = InvitationStageSerializer
     filterset_class = InvitationStageFilter
     ordering = ["name"]
+    search_fields = ["name"]
 
 
 class InvitationSerializer(ModelSerializer):

authentik/stages/password/api.py

@@ -29,4 +29,5 @@ class PasswordStageViewSet(UsedByMixin, ModelViewSet):
         "configure_flow",
         "failed_attempts_before_cancel",
     ]
+    search_fields = ["name"]
     ordering = ["name"]

authentik/stages/prompt/api.py

@@ -29,6 +29,7 @@ class PromptStageViewSet(UsedByMixin, ModelViewSet):
     serializer_class = PromptStageSerializer
     filterset_fields = "__all__"
     ordering = ["name"]
+    search_fields = ["name"]
 
 
 class PromptSerializer(ModelSerializer):
@@ -59,3 +60,4 @@ class PromptViewSet(UsedByMixin, ModelViewSet):
     queryset = Prompt.objects.all().prefetch_related("promptstage_set")
     serializer_class = PromptSerializer
     filterset_fields = ["field_key", "label", "type", "placeholder"]
+    search_fields = ["field_key", "label", "type", "placeholder"]

authentik/stages/user_delete/api.py

@@ -22,3 +22,4 @@ class UserDeleteStageViewSet(UsedByMixin, ModelViewSet):
     serializer_class = UserDeleteStageSerializer
     filterset_fields = "__all__"
     ordering = ["name"]
+    search_fields = ["name"]

authentik/stages/user_login/api.py

@@ -23,4 +23,5 @@ class UserLoginStageViewSet(UsedByMixin, ModelViewSet):
     queryset = UserLoginStage.objects.all()
     serializer_class = UserLoginStageSerializer
     filterset_fields = "__all__"
+    search_fields = ["name"]
     ordering = ["name"]

authentik/stages/user_logout/api.py

@@ -21,4 +21,5 @@ class UserLogoutStageViewSet(UsedByMixin, ModelViewSet):
     queryset = UserLogoutStage.objects.all()
     serializer_class = UserLogoutStageSerializer
     filterset_fields = "__all__"
+    search_fields = ["name"]
     ordering = ["name"]

authentik/stages/user_write/api.py

@@ -21,4 +21,5 @@ class UserWriteStageViewSet(UsedByMixin, ModelViewSet):
     queryset = UserWriteStage.objects.all()
     serializer_class = UserWriteStageSerializer
     filterset_fields = "__all__"
+    search_fields = ["name"]
     ordering = ["name"]

authentik/stages/user_write/stage.py

@@ -20,7 +20,7 @@ from authentik.stages.prompt.stage import PLAN_CONTEXT_PROMPT
 from authentik.stages.user_write.signals import user_write
 
 LOGGER = get_logger()
-PLAN_CONTEXT_GROUPS = "group"
+PLAN_CONTEXT_GROUPS = "groups"
 
 
 class UserWriteStageView(StageView):

cmd/server/main.go

@@ -124,7 +124,7 @@ func attemptProxyStart(ws *web.WebServer, u *url.URL) {
 		ws.ProxyServer = srv
 		ac.Server = srv
 		l.Debug("attempting to start outpost")
-		err := ac.StartBackgorundTasks()
+		err := ac.StartBackgroundTasks()
 		if err != nil {
 			l.WithError(err).Warning("outpost failed to start")
 			attempt += 1

docker-compose.yml

@@ -1,10 +1,16 @@
 ---
-version: '3.2'
+version: '3.4'
 
 services:
   postgresql:
     image: postgres:12-alpine
     restart: unless-stopped
+    healthcheck:
+      test: ["CMD", "pg_isready"]
+      start_period: 20s
+      interval: 30s
+      retries: 5
+      timeout: 5s
     volumes:
       - database:/var/lib/postgresql/data
     environment:
@@ -16,8 +22,14 @@ services:
   redis:
     image: redis:alpine
     restart: unless-stopped
+    healthcheck:
+      test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
+      start_period: 20s
+      interval: 30s
+      retries: 5
+      timeout: 3s
   server:
-    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.5.2}
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.5.3}
     restart: unless-stopped
     command: server
     environment:
@@ -38,7 +50,7 @@ services:
       - "0.0.0.0:${AUTHENTIK_PORT_HTTP:-9000}:9000"
       - "0.0.0.0:${AUTHENTIK_PORT_HTTPS:-9443}:9443"
   worker:
-    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.5.2}
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.5.3}
     restart: unless-stopped
     command: worker
     environment:

go.mod

@@ -16,7 +16,7 @@ require (
 	github.com/gorilla/securecookie v1.1.1
 	github.com/gorilla/sessions v1.2.1
 	github.com/gorilla/websocket v1.5.0
-	github.com/imdario/mergo v0.3.12
+	github.com/imdario/mergo v0.3.13
 	github.com/jellydator/ttlcache/v3 v3.0.0
 	github.com/nmcclain/asn1-ber v0.0.0-20170104154839-2661553a0484
 	github.com/nmcclain/ldap v0.0.0-20210720162743-7f8d1e44eeba
@@ -26,7 +26,7 @@ require (
 	github.com/quasoft/memstore v0.0.0-20191010062613-2bce066d2b0b
 	github.com/sirupsen/logrus v1.8.1
 	github.com/stretchr/testify v1.7.1
-	goauthentik.io/api/v3 v3.2022041.10
+	goauthentik.io/api/v3 v3.2022052.6
 	golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b
 	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
 	gopkg.in/boj/redistore.v1 v1.0.0-20160128113310-fc113767cd6b
@@ -73,5 +73,5 @@ require (
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/protobuf v1.27.1 // indirect
 	gopkg.in/square/go-jose.v2 v2.5.1 // indirect
-	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
+	gopkg.in/yaml.v3 v3.0.0 // indirect
 )

go.sum

@@ -221,8 +221,8 @@ github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/ad
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
-github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU=
-github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
+github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk=
+github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg=
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
 github.com/jellydator/ttlcache/v3 v3.0.0 h1:zmFhqrB/4sKiEiJHhtseJsNRE32IMVmJSs4++4gaQO4=
 github.com/jellydator/ttlcache/v3 v3.0.0/go.mod h1:WwTaEmcXQ3MTjOm4bsZoDFiCu/hMvNWLO1w67RXz6h4=
@@ -358,8 +358,10 @@ go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.uber.org/goleak v1.1.10 h1:z+mqJhf6ss6BSfSM671tgKyZBFPTTJM+HLxnhPC3wu0=
-goauthentik.io/api/v3 v3.2022041.10 h1:ClHdNzSW//oCv+H6Nr5qQQwKn+fe1sN37lwHEuLWqAA=
-goauthentik.io/api/v3 v3.2022041.10/go.mod h1:QM9J32HgYE4gL71lWAfAoXSPdSmLVLW08itfLI3Mo10=
+goauthentik.io/api/v3 v3.2022052.5 h1:kaW52rZZE+wUsp47Ab9OBaLCPNGbqQkCrQWkrbzy14Q=
+goauthentik.io/api/v3 v3.2022052.5/go.mod h1:QM9J32HgYE4gL71lWAfAoXSPdSmLVLW08itfLI3Mo10=
+goauthentik.io/api/v3 v3.2022052.6 h1:NF9WLbWWcqOViPhYbJoUUdILnXtOYJrjFmHHqL513wY=
+goauthentik.io/api/v3 v3.2022052.6/go.mod h1:QM9J32HgYE4gL71lWAfAoXSPdSmLVLW08itfLI3Mo10=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190422162423-af44ce270edf/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE=
@@ -667,8 +669,9 @@ gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo=
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.0 h1:hjy8E9ON/egN1tAYqKb61G10WtihqetD4sz2H+8nIeA=
+gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=

internal/constants/constants.go

@@ -25,4 +25,4 @@ func OutpostUserAgent() string {
 	return fmt.Sprintf("goauthentik.io/outpost/%s", FullVersion())
 }
 
-const VERSION = "2022.5.2"
+const VERSION = "2022.5.3"

internal/outpost/ak/api.go

@@ -27,7 +27,7 @@ const ConfigLogLevel = "log_level"
 type APIController struct {
 	Client       *api.APIClient
 	Outpost      api.Outpost
-	GlobalConfig api.Config
+	GlobalConfig *api.Config
 
 	Server Outpost
 
@@ -113,7 +113,7 @@ func (a *APIController) Start() error {
 	if err != nil {
 		return err
 	}
-	err = a.StartBackgorundTasks()
+	err = a.StartBackgroundTasks()
 	if err != nil {
 		return err
 	}
@@ -165,7 +165,7 @@ func (a *APIController) OnRefresh() error {
 	return err
 }
 
-func (a *APIController) StartBackgorundTasks() error {
+func (a *APIController) StartBackgroundTasks() error {
 	OutpostInfo.With(prometheus.Labels{
 		"outpost_name": a.Outpost.Name,
 		"outpost_type": a.Server.Type(),

internal/outpost/ak/global.go

@@ -15,7 +15,7 @@ import (
 
 var initialSetup = false
 
-func doGlobalSetup(outpost api.Outpost, globalConfig api.Config) {
+func doGlobalSetup(outpost api.Outpost, globalConfig *api.Config) {
 	l := log.WithField("logger", "authentik.outpost")
 	m := outpost.Managed.Get()
 	level, ok := outpost.Config[ConfigLogLevel]

internal/outpost/ak/test.go

@@ -50,7 +50,7 @@ func MockAK(outpost api.Outpost, globalConfig api.Config) *APIController {
 
 	ac := &APIController{
 		Client:       apiClient,
-		GlobalConfig: globalConfig,
+		GlobalConfig: &globalConfig,
 
 		token:  token,
 		logger: log,

internal/outpost/ldap/group/group.go

@@ -16,7 +16,7 @@ type LDAPGroup struct {
 	Member         []string
 	IsSuperuser    bool
 	IsVirtualGroup bool
-	AKAttributes   interface{}
+	AKAttributes   map[string]interface{}
 }
 
 func (lg *LDAPGroup) Entry() *ldap.Entry {

internal/outpost/ldap/search/direct/direct.go

@@ -149,7 +149,7 @@ func (ds *DirectSearcher) Search(req *search.Request) (ldap.ServerSearchResult,
 						return fmt.Errorf("failed to get userinfo")
 					}
 
-					flags.UserInfo = &u
+					flags.UserInfo = u
 				}
 
 				u := make([]api.User, 1)

internal/outpost/ldap/search/memory/fetch.go

@@ -16,7 +16,7 @@ func (ms *MemorySearcher) FetchUsers() []api.User {
 			return nil, err
 		}
 		ms.log.WithField("page", page).WithField("count", len(users.Results)).Debug("fetched users")
-		return &users, nil
+		return users, nil
 	}
 	page := 1
 	users := make([]api.User, 0)
@@ -43,7 +43,7 @@ func (ms *MemorySearcher) FetchGroups() []api.Group {
 			return nil, err
 		}
 		ms.log.WithField("page", page).WithField("count", len(groups.Results)).Debug("fetched groups")
-		return &groups, nil
+		return groups, nil
 	}
 	page := 1
 	groups := make([]api.Group, 0)

internal/outpost/ldap/search/memory/memory.go

@@ -141,7 +141,7 @@ func (ms *MemorySearcher) Search(req *search.Request) (ldap.ServerSearchResult,
 					if flags.UserPk == u.Pk {
 						//TODO: Is there a better way to clone this object?
 						fg := api.NewGroup(g.Pk, g.NumPk, g.Name, g.Parent, g.ParentName, []int32{flags.UserPk}, []api.GroupMember{u})
-						fg.SetAttributes(*g.Attributes)
+						fg.SetAttributes(g.Attributes)
 						fg.SetIsSuperuser(*g.IsSuperuser)
 						groups = append(groups, group.FromAPIGroup(*fg, ms.si))
 						break

internal/outpost/ldap/utils/utils.go

@@ -36,13 +36,12 @@ func ldapResolveTypeSingle(in interface{}) *string {
 	}
 }
 
-func AKAttrsToLDAP(attrs interface{}) []*ldap.EntryAttribute {
+func AKAttrsToLDAP(attrs map[string]interface{}) []*ldap.EntryAttribute {
 	attrList := []*ldap.EntryAttribute{}
 	if attrs == nil {
 		return attrList
 	}
-	a := attrs.(*map[string]interface{})
-	for attrKey, attrValue := range *a {
+	for attrKey, attrValue := range attrs {
 		entry := &ldap.EntryAttribute{Name: attrKey}
 		switch t := attrValue.(type) {
 		case []string:

internal/outpost/ldap/utils/utils_test.go

@@ -13,45 +13,45 @@ func Test_ldapResolveTypeSingle_nil(t *testing.T) {
 }
 
 func TestAKAttrsToLDAP_String(t *testing.T) {
-	var d *map[string]interface{}
+	u := api.User{}
 
 	// normal string
-	d = &map[string]interface{}{
+	u.Attributes = map[string]interface{}{
 		"foo": "bar",
 	}
-	assert.Equal(t, 1, len(AKAttrsToLDAP(d)))
-	assert.Equal(t, "foo", AKAttrsToLDAP(d)[0].Name)
-	assert.Equal(t, []string{"bar"}, AKAttrsToLDAP(d)[0].Values)
+	assert.Equal(t, 1, len(AKAttrsToLDAP(u.Attributes)))
+	assert.Equal(t, "foo", AKAttrsToLDAP(u.Attributes)[0].Name)
+	assert.Equal(t, []string{"bar"}, AKAttrsToLDAP(u.Attributes)[0].Values)
 	// pointer string
-	d = &map[string]interface{}{
+	u.Attributes = map[string]interface{}{
 		"foo": api.PtrString("bar"),
 	}
-	assert.Equal(t, 1, len(AKAttrsToLDAP(d)))
-	assert.Equal(t, "foo", AKAttrsToLDAP(d)[0].Name)
-	assert.Equal(t, []string{"bar"}, AKAttrsToLDAP(d)[0].Values)
+	assert.Equal(t, 1, len(AKAttrsToLDAP(u.Attributes)))
+	assert.Equal(t, "foo", AKAttrsToLDAP(u.Attributes)[0].Name)
+	assert.Equal(t, []string{"bar"}, AKAttrsToLDAP(u.Attributes)[0].Values)
 }
 
 func TestAKAttrsToLDAP_String_List(t *testing.T) {
-	var d *map[string]interface{}
+	u := api.User{}
 	// string list
-	d = &map[string]interface{}{
+	u.Attributes = map[string]interface{}{
 		"foo": []string{"bar"},
 	}
-	assert.Equal(t, 1, len(AKAttrsToLDAP(d)))
-	assert.Equal(t, "foo", AKAttrsToLDAP(d)[0].Name)
-	assert.Equal(t, []string{"bar"}, AKAttrsToLDAP(d)[0].Values)
+	assert.Equal(t, 1, len(AKAttrsToLDAP(u.Attributes)))
+	assert.Equal(t, "foo", AKAttrsToLDAP(u.Attributes)[0].Name)
+	assert.Equal(t, []string{"bar"}, AKAttrsToLDAP(u.Attributes)[0].Values)
 	// pointer string list
-	d = &map[string]interface{}{
+	u.Attributes = map[string]interface{}{
 		"foo": &[]string{"bar"},
 	}
-	assert.Equal(t, 1, len(AKAttrsToLDAP(d)))
-	assert.Equal(t, "foo", AKAttrsToLDAP(d)[0].Name)
-	assert.Equal(t, []string{"bar"}, AKAttrsToLDAP(d)[0].Values)
+	assert.Equal(t, 1, len(AKAttrsToLDAP(u.Attributes)))
+	assert.Equal(t, "foo", AKAttrsToLDAP(u.Attributes)[0].Name)
+	assert.Equal(t, []string{"bar"}, AKAttrsToLDAP(u.Attributes)[0].Values)
 }
 
 func TestAKAttrsToLDAP_Dict(t *testing.T) {
 	// dict
-	d := &map[string]interface{}{
+	d := map[string]interface{}{
 		"foo": map[string]string{
 			"foo": "bar",
 		},
@@ -64,7 +64,7 @@ func TestAKAttrsToLDAP_Dict(t *testing.T) {
 
 func TestAKAttrsToLDAP_Mixed(t *testing.T) {
 	// dict
-	d := &map[string]interface{}{
+	d := map[string]interface{}{
 		"foo": []interface{}{
 			"foo",
 			6,

internal/outpost/proxyv2/application/application.go

@@ -149,7 +149,7 @@ func NewApplication(p api.ProxyOutpostConfig, c *http.Client, cs *ak.CryptoStore
 	mux.HandleFunc("/outpost.goauthentik.io/sign_in", a.handleRedirect)
 	mux.HandleFunc("/outpost.goauthentik.io/callback", a.handleCallback)
 	mux.HandleFunc("/outpost.goauthentik.io/sign_out", a.handleSignOut)
-	switch *p.Mode {
+	switch *p.Mode.Get() {
 	case api.PROXYMODE_PROXY:
 		err = a.configureProxy()
 	case api.PROXYMODE_FORWARD_SINGLE:
@@ -186,7 +186,7 @@ func NewApplication(p api.ProxyOutpostConfig, c *http.Client, cs *ak.CryptoStore
 }
 
 func (a *Application) Mode() api.ProxyMode {
-	return *a.proxyConfig.Mode
+	return *a.proxyConfig.Mode.Get()
 }
 
 func (a *Application) ProxyConfig() api.ProxyOutpostConfig {

internal/outpost/proxyv2/application/mode_common.go

@@ -107,7 +107,7 @@ func (a *Application) ReportMisconfiguration(r *http.Request, msg string, fields
 		Action:   api.EVENTACTIONS_CONFIGURATION_ERROR,
 		App:      "authentik.providers.proxy", // must match python apps.py name
 		ClientIp: *api.NewNullableString(api.PtrString(r.RemoteAddr)),
-		Context:  &fields,
+		Context:  fields,
 	}
 	_, _, err := a.ak.Client.EventsApi.EventsEventsCreate(context.Background()).EventRequest(req).Execute()
 	if err != nil {

internal/outpost/proxyv2/application/mode_common_test.go

@@ -19,7 +19,7 @@ func urlMustParse(u string) *url.URL {
 
 func TestIsAllowlisted_Proxy_Single(t *testing.T) {
 	a := newTestApplication()
-	a.proxyConfig.Mode = api.PROXYMODE_PROXY.Ptr()
+	a.proxyConfig.Mode = *api.NewNullableProxyMode(api.PROXYMODE_PROXY.Ptr())
 
 	assert.Equal(t, false, a.IsAllowlisted(urlMustParse("")))
 	a.UnauthenticatedRegex = []*regexp.Regexp{
@@ -30,7 +30,7 @@ func TestIsAllowlisted_Proxy_Single(t *testing.T) {
 
 func TestIsAllowlisted_Proxy_Domain(t *testing.T) {
 	a := newTestApplication()
-	a.proxyConfig.Mode = api.PROXYMODE_FORWARD_DOMAIN.Ptr()
+	a.proxyConfig.Mode = *api.NewNullableProxyMode(api.PROXYMODE_FORWARD_DOMAIN.Ptr())
 
 	assert.Equal(t, false, a.IsAllowlisted(urlMustParse("")))
 	a.UnauthenticatedRegex = []*regexp.Regexp{

internal/outpost/proxyv2/application/mode_forward.go

@@ -56,9 +56,9 @@ func (a *Application) forwardHandleTraefik(rw http.ResponseWriter, r *http.Reque
 	host := ""
 	s, _ := a.sessions.Get(r, constants.SessionName)
 	// Optional suffix, which is appended to the URL
-	if *a.proxyConfig.Mode == api.PROXYMODE_FORWARD_SINGLE {
+	if *a.proxyConfig.Mode.Get() == api.PROXYMODE_FORWARD_SINGLE {
 		host = web.GetHost(r)
-	} else if *a.proxyConfig.Mode == api.PROXYMODE_FORWARD_DOMAIN {
+	} else if *a.proxyConfig.Mode.Get() == api.PROXYMODE_FORWARD_DOMAIN {
 		eh, err := url.Parse(a.proxyConfig.ExternalHost)
 		if err != nil {
 			a.log.WithField("host", a.proxyConfig.ExternalHost).WithError(err).Warning("invalid external_host")

internal/outpost/proxyv2/application/mode_forward_nginx_test.go

@@ -106,7 +106,7 @@ func TestForwardHandleNginx_Single_Claims(t *testing.T) {
 
 func TestForwardHandleNginx_Domain_Blank(t *testing.T) {
 	a := newTestApplication()
-	a.proxyConfig.Mode = api.PROXYMODE_FORWARD_DOMAIN.Ptr()
+	a.proxyConfig.Mode = *api.NewNullableProxyMode(api.PROXYMODE_FORWARD_DOMAIN.Ptr())
 	a.proxyConfig.CookieDomain = api.PtrString("foo")
 	req, _ := http.NewRequest("GET", "/outpost.goauthentik.io/auth/nginx", nil)
 
@@ -118,7 +118,7 @@ func TestForwardHandleNginx_Domain_Blank(t *testing.T) {
 
 func TestForwardHandleNginx_Domain_Header(t *testing.T) {
 	a := newTestApplication()
-	a.proxyConfig.Mode = api.PROXYMODE_FORWARD_DOMAIN.Ptr()
+	a.proxyConfig.Mode = *api.NewNullableProxyMode(api.PROXYMODE_FORWARD_DOMAIN.Ptr())
 	a.proxyConfig.CookieDomain = api.PtrString("foo")
 	a.proxyConfig.ExternalHost = "http://auth.test.goauthentik.io"
 	req, _ := http.NewRequest("GET", "/outpost.goauthentik.io/auth/nginx", nil)

internal/outpost/proxyv2/application/mode_forward_traefik_test.go

@@ -100,7 +100,7 @@ func TestForwardHandleTraefik_Single_Claims(t *testing.T) {
 
 func TestForwardHandleTraefik_Domain_Blank(t *testing.T) {
 	a := newTestApplication()
-	a.proxyConfig.Mode = api.PROXYMODE_FORWARD_DOMAIN.Ptr()
+	a.proxyConfig.Mode = *api.NewNullableProxyMode(api.PROXYMODE_FORWARD_DOMAIN.Ptr())
 	a.proxyConfig.CookieDomain = api.PtrString("foo")
 	req, _ := http.NewRequest("GET", "/outpost.goauthentik.io/auth/traefik", nil)
 
@@ -112,7 +112,7 @@ func TestForwardHandleTraefik_Domain_Blank(t *testing.T) {
 
 func TestForwardHandleTraefik_Domain_Header(t *testing.T) {
 	a := newTestApplication()
-	a.proxyConfig.Mode = api.PROXYMODE_FORWARD_DOMAIN.Ptr()
+	a.proxyConfig.Mode = *api.NewNullableProxyMode(api.PROXYMODE_FORWARD_DOMAIN.Ptr())
 	a.proxyConfig.CookieDomain = api.PtrString("foo")
 	a.proxyConfig.ExternalHost = "http://auth.test.goauthentik.io"
 	req, _ := http.NewRequest("GET", "/outpost.goauthentik.io/auth/traefik", nil)

internal/outpost/proxyv2/application/oauth_test.go

@@ -34,7 +34,7 @@ func TestCheckRedirectParam(t *testing.T) {
 
 func TestCheckRedirectParam_Domain(t *testing.T) {
 	a := newTestApplication()
-	a.proxyConfig.Mode = api.PROXYMODE_FORWARD_DOMAIN.Ptr()
+	a.proxyConfig.Mode = *api.NewNullableProxyMode(api.PROXYMODE_FORWARD_DOMAIN.Ptr())
 	a.proxyConfig.CookieDomain = api.PtrString("t.goauthentik.io")
 	req, _ := http.NewRequest("GET", "https://a.t.goauthentik.io/outpost.goauthentik.io/auth/start", nil)
 

internal/outpost/proxyv2/application/test.go

@@ -17,7 +17,7 @@ func newTestApplication() *Application {
 			CookieSecret:               api.PtrString(ak.TestSecret()),
 			ExternalHost:               "https://ext.t.goauthentik.io",
 			CookieDomain:               api.PtrString(""),
-			Mode:                       api.PROXYMODE_FORWARD_SINGLE.Ptr(),
+			Mode:                       *api.NewNullableProxyMode(api.PROXYMODE_FORWARD_SINGLE.Ptr()),
 			SkipPathRegex:              api.PtrString("/skip.*"),
 			BasicAuthEnabled:           api.PtrBool(true),
 			BasicAuthUserAttribute:     api.PtrString("username"),

internal/outpost/proxyv2/application/utils_test.go

@@ -12,7 +12,7 @@ import (
 
 func TestRedirectToStart_Proxy(t *testing.T) {
 	a := newTestApplication()
-	a.proxyConfig.Mode = api.PROXYMODE_PROXY.Ptr()
+	a.proxyConfig.Mode = *api.NewNullableProxyMode(api.PROXYMODE_PROXY.Ptr())
 	a.proxyConfig.ExternalHost = "https://test.goauthentik.io"
 	req, _ := http.NewRequest("GET", "/foo/bar/baz", nil)
 
@@ -29,7 +29,7 @@ func TestRedirectToStart_Proxy(t *testing.T) {
 
 func TestRedirectToStart_Forward(t *testing.T) {
 	a := newTestApplication()
-	a.proxyConfig.Mode = api.PROXYMODE_FORWARD_SINGLE.Ptr()
+	a.proxyConfig.Mode = *api.NewNullableProxyMode(api.PROXYMODE_FORWARD_SINGLE.Ptr())
 	a.proxyConfig.ExternalHost = "https://test.goauthentik.io"
 	req, _ := http.NewRequest("GET", "/foo/bar/baz", nil)
 
@@ -47,7 +47,7 @@ func TestRedirectToStart_Forward(t *testing.T) {
 func TestRedirectToStart_Forward_Domain_Invalid(t *testing.T) {
 	a := newTestApplication()
 	a.proxyConfig.CookieDomain = api.PtrString("foo")
-	a.proxyConfig.Mode = api.PROXYMODE_FORWARD_DOMAIN.Ptr()
+	a.proxyConfig.Mode = *api.NewNullableProxyMode(api.PROXYMODE_FORWARD_DOMAIN.Ptr())
 	a.proxyConfig.ExternalHost = "https://test.goauthentik.io"
 	req, _ := http.NewRequest("GET", "/foo/bar/baz", nil)
 
@@ -65,7 +65,7 @@ func TestRedirectToStart_Forward_Domain_Invalid(t *testing.T) {
 func TestRedirectToStart_Forward_Domain(t *testing.T) {
 	a := newTestApplication()
 	a.proxyConfig.CookieDomain = api.PtrString("goauthentik.io")
-	a.proxyConfig.Mode = api.PROXYMODE_FORWARD_DOMAIN.Ptr()
+	a.proxyConfig.Mode = *api.NewNullableProxyMode(api.PROXYMODE_FORWARD_DOMAIN.Ptr())
 	a.proxyConfig.ExternalHost = "https://test.goauthentik.io"
 	req, _ := http.NewRequest("GET", "/foo/bar/baz", nil)
 

poetry.lock

@@ -477,14 +477,14 @@ python-versions = "*"
 
 [[package]]
 name = "coverage"
-version = "6.3.3"
+version = "6.4"
 description = "Code coverage measurement for Python"
 category = "dev"
 optional = false
 python-versions = ">=3.7"
 
 [package.dependencies]
-tomli = {version = "*", optional = true, markers = "extra == \"toml\""}
+tomli = {version = "*", optional = true, markers = "python_version < \"3.11\" and extra == \"toml\""}
 
 [package.extras]
 toml = ["tomli"]
@@ -927,7 +927,7 @@ python-versions = ">=3.5"
 
 [[package]]
 name = "importlib-metadata"
-version = "4.11.3"
+version = "4.11.4"
 description = "Read metadata from Python packages"
 category = "dev"
 optional = false
@@ -2405,47 +2405,47 @@ constantly = [
     {file = "constantly-15.1.0.tar.gz", hash = "sha256:586372eb92059873e29eba4f9dec8381541b4d3834660707faf8ba59146dfc35"},
 ]
 coverage = [
-    {file = "coverage-6.3.3-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:df32ee0f4935a101e4b9a5f07b617d884a531ed5666671ff6ac66d2e8e8246d8"},
-    {file = "coverage-6.3.3-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:75b5dbffc334e0beb4f6c503fb95e6d422770fd2d1b40a64898ea26d6c02742d"},
-    {file = "coverage-6.3.3-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:114944e6061b68a801c5da5427b9173a0dd9d32cd5fcc18a13de90352843737d"},
-    {file = "coverage-6.3.3-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:2ab88a01cd180b5640ccc9c47232e31924d5f9967ab7edd7e5c91c68eee47a69"},
-    {file = "coverage-6.3.3-cp310-cp310-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:ad8f9068f5972a46d50fe5f32c09d6ee11da69c560fcb1b4c3baea246ca4109b"},
-    {file = "coverage-6.3.3-cp310-cp310-musllinux_1_1_aarch64.whl", hash = "sha256:4cd696aa712e6cd16898d63cf66139dc70d998f8121ab558f0e1936396dbc579"},
-    {file = "coverage-6.3.3-cp310-cp310-musllinux_1_1_i686.whl", hash = "sha256:c1a9942e282cc9d3ed522cd3e3cab081149b27ea3bda72d6f61f84eaf88c1a63"},
-    {file = "coverage-6.3.3-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:c06455121a089252b5943ea682187a4e0a5cf0a3fb980eb8e7ce394b144430a9"},
-    {file = "coverage-6.3.3-cp310-cp310-win32.whl", hash = "sha256:cb5311d6ccbd22578c80028c5e292a7ab9adb91bd62c1982087fad75abe2e63d"},
-    {file = "coverage-6.3.3-cp310-cp310-win_amd64.whl", hash = "sha256:6d4a6f30f611e657495cc81a07ff7aa8cd949144e7667c5d3e680d73ba7a70e4"},
-    {file = "coverage-6.3.3-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:79bf405432428e989cad7b8bc60581963238f7645ae8a404f5dce90236cc0293"},
-    {file = "coverage-6.3.3-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:338c417613f15596af9eb7a39353b60abec9d8ce1080aedba5ecee6a5d85f8d3"},
-    {file = "coverage-6.3.3-cp37-cp37m-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:db094a6a4ae6329ed322a8973f83630b12715654c197dd392410400a5bfa1a73"},
-    {file = "coverage-6.3.3-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:1414e8b124611bf4df8d77215bd32cba6e3425da8ce9c1f1046149615e3a9a31"},
-    {file = "coverage-6.3.3-cp37-cp37m-musllinux_1_1_aarch64.whl", hash = "sha256:93b16b08f94c92cab88073ffd185070cdcb29f1b98df8b28e6649145b7f2c90d"},
-    {file = "coverage-6.3.3-cp37-cp37m-musllinux_1_1_i686.whl", hash = "sha256:fbc86ae8cc129c801e7baaafe3addf3c8d49c9c1597c44bdf2d78139707c3c62"},
-    {file = "coverage-6.3.3-cp37-cp37m-musllinux_1_1_x86_64.whl", hash = "sha256:b5ba058610e8289a07db2a57bce45a1793ec0d3d11db28c047aae2aa1a832572"},
-    {file = "coverage-6.3.3-cp37-cp37m-win32.whl", hash = "sha256:8329635c0781927a2c6ae068461e19674c564e05b86736ab8eb29c420ee7dc20"},
-    {file = "coverage-6.3.3-cp37-cp37m-win_amd64.whl", hash = "sha256:e5af1feee71099ae2e3b086ec04f57f9950e1be9ecf6c420696fea7977b84738"},
-    {file = "coverage-6.3.3-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:e814a4a5a1d95223b08cdb0f4f57029e8eab22ffdbae2f97107aeef28554517e"},
-    {file = "coverage-6.3.3-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:61f4fbf3633cb0713437291b8848634ea97f89c7e849c2be17a665611e433f53"},
-    {file = "coverage-6.3.3-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:3401b0d2ed9f726fadbfa35102e00d1b3547b73772a1de5508ef3bdbcb36afe7"},
-    {file = "coverage-6.3.3-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:8586b177b4407f988731eb7f41967415b2197f35e2a6ee1a9b9b561f6323c8e9"},
-    {file = "coverage-6.3.3-cp38-cp38-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:892e7fe32191960da559a14536768a62e83e87bbb867e1b9c643e7e0fbce2579"},
-    {file = "coverage-6.3.3-cp38-cp38-musllinux_1_1_aarch64.whl", hash = "sha256:afb03f981fadb5aed1ac6e3dd34f0488e1a0875623d557b6fad09b97a942b38a"},
-    {file = "coverage-6.3.3-cp38-cp38-musllinux_1_1_i686.whl", hash = "sha256:cbe91bc84be4e5ef0b1480d15c7b18e29c73bdfa33e07d3725da7d18e1b0aff2"},
-    {file = "coverage-6.3.3-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:91502bf27cbd5c83c95cfea291ef387469f2387508645602e1ca0fd8a4ba7548"},
-    {file = "coverage-6.3.3-cp38-cp38-win32.whl", hash = "sha256:c488db059848702aff30aa1d90ef87928d4e72e4f00717343800546fdbff0a94"},
-    {file = "coverage-6.3.3-cp38-cp38-win_amd64.whl", hash = "sha256:ceb6534fcdfb5c503affb6b1130db7b5bfc8a0f77fa34880146f7a5c117987d0"},
-    {file = "coverage-6.3.3-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:cc692c9ee18f0dd3214843779ba6b275ee4bb9b9a5745ba64265bce911aefd1a"},
-    {file = "coverage-6.3.3-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:462105283de203df8de58a68c1bb4ba2a8a164097c2379f664fa81d6baf94b81"},
-    {file = "coverage-6.3.3-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:cc972d829ad5ef4d4c5fcabd2bbe2add84ce8236f64ba1c0c72185da3a273130"},
-    {file = "coverage-6.3.3-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:06f54765cdbce99901871d50fe9f41d58213f18e98b170a30ca34f47de7dd5e8"},
-    {file = "coverage-6.3.3-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:7835f76a081787f0ca62a53504361b3869840a1620049b56d803a8cb3a9eeea3"},
-    {file = "coverage-6.3.3-cp39-cp39-musllinux_1_1_aarch64.whl", hash = "sha256:6f5fee77ec3384b934797f1873758f796dfb4f167e1296dc00f8b2e023ce6ee9"},
-    {file = "coverage-6.3.3-cp39-cp39-musllinux_1_1_i686.whl", hash = "sha256:baa8be8aba3dd1e976e68677be68a960a633a6d44c325757aefaa4d66175050f"},
-    {file = "coverage-6.3.3-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:4d06380e777dd6b35ee936f333d55b53dc4a8271036ff884c909cf6e94be8b6c"},
-    {file = "coverage-6.3.3-cp39-cp39-win32.whl", hash = "sha256:f8cabc5fd0091976ab7b020f5708335033e422de25e20ddf9416bdce2b7e07d8"},
-    {file = "coverage-6.3.3-cp39-cp39-win_amd64.whl", hash = "sha256:9c9441d57b0963cf8340268ad62fc83de61f1613034b79c2b1053046af0c5284"},
-    {file = "coverage-6.3.3-pp36.pp37.pp38-none-any.whl", hash = "sha256:d522f1dc49127eab0bfbba4e90fa068ecff0899bbf61bf4065c790ddd6c177fe"},
-    {file = "coverage-6.3.3.tar.gz", hash = "sha256:2781c43bffbbec2b8867376d4d61916f5e9c4cc168232528562a61d1b4b01879"},
+    {file = "coverage-6.4-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:50ed480b798febce113709846b11f5d5ed1e529c88d8ae92f707806c50297abf"},
+    {file = "coverage-6.4-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:26f8f92699756cb7af2b30720de0c5bb8d028e923a95b6d0c891088025a1ac8f"},
+    {file = "coverage-6.4-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:60c2147921da7f4d2d04f570e1838db32b95c5509d248f3fe6417e91437eaf41"},
+    {file = "coverage-6.4-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:750e13834b597eeb8ae6e72aa58d1d831b96beec5ad1d04479ae3772373a8088"},
+    {file = "coverage-6.4-cp310-cp310-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:af5b9ee0fc146e907aa0f5fb858c3b3da9199d78b7bb2c9973d95550bd40f701"},
+    {file = "coverage-6.4-cp310-cp310-musllinux_1_1_aarch64.whl", hash = "sha256:a022394996419142b33a0cf7274cb444c01d2bb123727c4bb0b9acabcb515dea"},
+    {file = "coverage-6.4-cp310-cp310-musllinux_1_1_i686.whl", hash = "sha256:5a78cf2c43b13aa6b56003707c5203f28585944c277c1f3f109c7b041b16bd39"},
+    {file = "coverage-6.4-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:9229d074e097f21dfe0643d9d0140ee7433814b3f0fc3706b4abffd1e3038632"},
+    {file = "coverage-6.4-cp310-cp310-win32.whl", hash = "sha256:fb45fe08e1abc64eb836d187b20a59172053999823f7f6ef4f18a819c44ba16f"},
+    {file = "coverage-6.4-cp310-cp310-win_amd64.whl", hash = "sha256:3cfd07c5889ddb96a401449109a8b97a165be9d67077df6802f59708bfb07720"},
+    {file = "coverage-6.4-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:03014a74023abaf5a591eeeaf1ac66a73d54eba178ff4cb1fa0c0a44aae70383"},
+    {file = "coverage-6.4-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:9c82f2cd69c71698152e943f4a5a6b83a3ab1db73b88f6e769fabc86074c3b08"},
+    {file = "coverage-6.4-cp37-cp37m-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:7b546cf2b1974ddc2cb222a109b37c6ed1778b9be7e6b0c0bc0cf0438d9e45a6"},
+    {file = "coverage-6.4-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:cc173f1ce9ffb16b299f51c9ce53f66a62f4d975abe5640e976904066f3c835d"},
+    {file = "coverage-6.4-cp37-cp37m-musllinux_1_1_aarch64.whl", hash = "sha256:c53ad261dfc8695062fc8811ac7c162bd6096a05a19f26097f411bdf5747aee7"},
+    {file = "coverage-6.4-cp37-cp37m-musllinux_1_1_i686.whl", hash = "sha256:eef5292b60b6de753d6e7f2d128d5841c7915fb1e3321c3a1fe6acfe76c38052"},
+    {file = "coverage-6.4-cp37-cp37m-musllinux_1_1_x86_64.whl", hash = "sha256:543e172ce4c0de533fa892034cce260467b213c0ea8e39da2f65f9a477425211"},
+    {file = "coverage-6.4-cp37-cp37m-win32.whl", hash = "sha256:00c8544510f3c98476bbd58201ac2b150ffbcce46a8c3e4fb89ebf01998f806a"},
+    {file = "coverage-6.4-cp37-cp37m-win_amd64.whl", hash = "sha256:b84ab65444dcc68d761e95d4d70f3cfd347ceca5a029f2ffec37d4f124f61311"},
+    {file = "coverage-6.4-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:d548edacbf16a8276af13063a2b0669d58bbcfca7c55a255f84aac2870786a61"},
+    {file = "coverage-6.4-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:033ebec282793bd9eb988d0271c211e58442c31077976c19c442e24d827d356f"},
+    {file = "coverage-6.4-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:742fb8b43835078dd7496c3c25a1ec8d15351df49fb0037bffb4754291ef30ce"},
+    {file = "coverage-6.4-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:d55fae115ef9f67934e9f1103c9ba826b4c690e4c5bcf94482b8b2398311bf9c"},
+    {file = "coverage-6.4-cp38-cp38-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:5cd698341626f3c77784858427bad0cdd54a713115b423d22ac83a28303d1d95"},
+    {file = "coverage-6.4-cp38-cp38-musllinux_1_1_aarch64.whl", hash = "sha256:62d382f7d77eeeaff14b30516b17bcbe80f645f5cf02bb755baac376591c653c"},
+    {file = "coverage-6.4-cp38-cp38-musllinux_1_1_i686.whl", hash = "sha256:016d7f5cf1c8c84f533a3c1f8f36126fbe00b2ec0ccca47cc5731c3723d327c6"},
+    {file = "coverage-6.4-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:69432946f154c6add0e9ede03cc43b96e2ef2733110a77444823c053b1ff5166"},
+    {file = "coverage-6.4-cp38-cp38-win32.whl", hash = "sha256:83bd142cdec5e4a5c4ca1d4ff6fa807d28460f9db919f9f6a31babaaa8b88426"},
+    {file = "coverage-6.4-cp38-cp38-win_amd64.whl", hash = "sha256:4002f9e8c1f286e986fe96ec58742b93484195defc01d5cc7809b8f7acb5ece3"},
+    {file = "coverage-6.4-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:e4f52c272fdc82e7c65ff3f17a7179bc5f710ebc8ce8a5cadac81215e8326740"},
+    {file = "coverage-6.4-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:b5578efe4038be02d76c344007b13119b2b20acd009a88dde8adec2de4f630b5"},
+    {file = "coverage-6.4-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:d8099ea680201c2221f8468c372198ceba9338a5fec0e940111962b03b3f716a"},
+    {file = "coverage-6.4-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:a00441f5ea4504f5abbc047589d09e0dc33eb447dc45a1a527c8b74bfdd32c65"},
+    {file = "coverage-6.4-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:2e76bd16f0e31bc2b07e0fb1379551fcd40daf8cdf7e24f31a29e442878a827c"},
+    {file = "coverage-6.4-cp39-cp39-musllinux_1_1_aarch64.whl", hash = "sha256:8d2e80dd3438e93b19e1223a9850fa65425e77f2607a364b6fd134fcd52dc9df"},
+    {file = "coverage-6.4-cp39-cp39-musllinux_1_1_i686.whl", hash = "sha256:341e9c2008c481c5c72d0e0dbf64980a4b2238631a7f9780b0fe2e95755fb018"},
+    {file = "coverage-6.4-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:21e6686a95025927775ac501e74f5940cdf6fe052292f3a3f7349b0abae6d00f"},
+    {file = "coverage-6.4-cp39-cp39-win32.whl", hash = "sha256:968ed5407f9460bd5a591cefd1388cc00a8f5099de9e76234655ae48cfdbe2c3"},
+    {file = "coverage-6.4-cp39-cp39-win_amd64.whl", hash = "sha256:e35217031e4b534b09f9b9a5841b9344a30a6357627761d4218818b865d45055"},
+    {file = "coverage-6.4-pp36.pp37.pp38-none-any.whl", hash = "sha256:e637ae0b7b481905358624ef2e81d7fb0b1af55f5ff99f9ba05442a444b11e45"},
+    {file = "coverage-6.4.tar.gz", hash = "sha256:727dafd7f67a6e1cad808dc884bd9c5a2f6ef1f8f6d2f22b37b96cb0080d4f49"},
 ]
 cryptography = [
     {file = "cryptography-36.0.2-cp36-abi3-macosx_10_10_universal2.whl", hash = "sha256:4e2dddd38a5ba733be6a025a1475a9f45e4e41139d1321f412c6b360b19070b6"},
@@ -2733,8 +2733,8 @@ idna = [
     {file = "idna-3.3.tar.gz", hash = "sha256:9d643ff0a55b762d5cdb124b8eaa99c66322e2157b69160bc32796e824360e6d"},
 ]
 importlib-metadata = [
-    {file = "importlib_metadata-4.11.3-py3-none-any.whl", hash = "sha256:1208431ca90a8cca1a6b8af391bb53c1a2db74e5d1cef6ddced95d4b2062edc6"},
-    {file = "importlib_metadata-4.11.3.tar.gz", hash = "sha256:ea4c597ebf37142f827b8f39299579e31685c31d3a438b59f469406afd0f2539"},
+    {file = "importlib_metadata-4.11.4-py3-none-any.whl", hash = "sha256:c58c8eb8a762858f49e18436ff552e83914778e50e9d2f1660535ffb364552ec"},
+    {file = "importlib_metadata-4.11.4.tar.gz", hash = "sha256:5d26852efe48c0a32b0509ffbc583fda1a2266545a78d104a6f4aff3db17d700"},
 ]
 incremental = [
     {file = "incremental-21.3.0-py2.py3-none-any.whl", hash = "sha256:92014aebc6a20b78a8084cdd5645eeaa7f74b8933f70fa3ada2cfbd1e3b54321"},

pyproject.toml

@@ -92,7 +92,7 @@ addopts = "-p no:celery --junitxml=unittest.xml"
 
 [tool.poetry]
 name = "authentik"
-version = "2022.5.2"
+version = "2022.5.3"
 description = ""
 authors = ["Jens Langhammer <jens.langhammer@beryju.org>"]
 

schema.yml

@@ -1,7 +1,7 @@
 openapi: 3.0.3
 info:
   title: authentik
-  version: 2022.5.2
+  version: 2022.5.3
   description: Making authentication simple.
   contact:
     email: hello@beryju.org
@@ -1601,6 +1601,10 @@ paths:
       operationId: core_applications_list
       description: Custom list method that checks Policy based access instead of guardian
       parameters:
+      - in: query
+        name: name
+        schema:
+          type: string
       - name: ordering
         required: false
         in: query
@@ -1625,6 +1629,10 @@ paths:
         description: A search term.
         schema:
           type: string
+      - in: query
+        name: slug
+        schema:
+          type: string
       - in: query
         name: superuser_full_list
         schema:
@@ -6114,6 +6122,10 @@ paths:
       operationId: outposts_ldap_list
       description: LDAPProvider Viewset
       parameters:
+      - in: query
+        name: name
+        schema:
+          type: string
       - name: ordering
         required: false
         in: query
@@ -6184,6 +6196,10 @@ paths:
       operationId: outposts_proxy_list
       description: ProxyProvider Viewset
       parameters:
+      - in: query
+        name: name
+        schema:
+          type: string
       - name: ordering
         required: false
         in: query
@@ -22969,7 +22985,6 @@ components:
       - group_obj
       - name
       - pk
-      - transports
     NotificationRuleRequest:
       type: object
       description: NotificationRule Serializer
@@ -22998,7 +23013,6 @@ components:
             and shown to. If left empty, Notification won't ben sent.
       required:
       - name
-      - transports
     NotificationTransport:
       type: object
       description: NotificationTransport Serializer
@@ -28397,9 +28411,6 @@ components:
         username:
           type: string
           minLength: 1
-          description: Required. 150 characters or fewer. Letters, digits and @/./+/-/_
-            only.
-          pattern: ^[\w.@+-]+$
           maxLength: 150
         name:
           type: string
@@ -30944,9 +30955,6 @@ components:
           title: ID
         username:
           type: string
-          description: Required. 150 characters or fewer. Letters, digits and @/./+/-/_
-            only.
-          pattern: ^[\w.@+-]+$
           maxLength: 150
         name:
           type: string
@@ -31256,9 +31264,6 @@ components:
         username:
           type: string
           minLength: 1
-          description: Required. 150 characters or fewer. Letters, digits and @/./+/-/_
-            only.
-          pattern: ^[\w.@+-]+$
           maxLength: 150
         name:
           type: string

web/package-lock.json

@@ -16,7 +16,7 @@
                 "@babel/preset-typescript": "^7.17.12",
                 "@formatjs/intl-listformat": "^7.0.1",
                 "@fortawesome/fontawesome-free": "^6.1.1",
-                "@goauthentik/api": "^2022.5.1-1653068887",
+                "@goauthentik/api": "^2022.5.2-1653414238",
                 "@jackfranklin/rollup-plugin-markdown": "^0.3.0",
                 "@lingui/cli": "^3.13.3",
                 "@lingui/core": "^3.13.3",
@@ -37,17 +37,17 @@
                 "@types/chart.js": "^2.9.37",
                 "@types/codemirror": "5.60.5",
                 "@types/grecaptcha": "^3.0.4",
-                "@typescript-eslint/eslint-plugin": "^5.25.0",
-                "@typescript-eslint/parser": "^5.25.0",
+                "@typescript-eslint/eslint-plugin": "^5.26.0",
+                "@typescript-eslint/parser": "^5.26.0",
                 "@webcomponents/webcomponentsjs": "^2.6.0",
                 "babel-plugin-macros": "^3.1.0",
                 "base64-js": "^1.5.1",
                 "chart.js": "^3.7.1",
                 "chartjs-adapter-moment": "^1.0.0",
-                "codemirror": "^5.65.3",
+                "codemirror": "^5.65.4",
                 "construct-style-sheets-polyfill": "^3.1.0",
-                "country-flag-icons": "^1.4.26",
-                "eslint": "^8.15.0",
+                "country-flag-icons": "^1.5.4",
+                "eslint": "^8.16.0",
                 "eslint-config-google": "^0.14.0",
                 "eslint-plugin-custom-elements": "0.0.6",
                 "eslint-plugin-lit": "^1.6.1",
@@ -56,7 +56,7 @@
                 "lit": "^2.2.4",
                 "moment": "^2.29.3",
                 "prettier": "^2.6.2",
-                "rapidoc": "^9.2.0",
+                "rapidoc": "^9.3.2",
                 "rollup": "^2.74.1",
                 "rollup-plugin-copy": "^3.4.0",
                 "rollup-plugin-cssimport": "^1.0.2",
@@ -1692,14 +1692,14 @@
             }
         },
         "node_modules/@eslint/eslintrc": {
-            "version": "1.2.3",
-            "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-1.2.3.tgz",
-            "integrity": "sha512-uGo44hIwoLGNyduRpjdEpovcbMdd+Nv7amtmJxnKmI8xj6yd5LncmSwDa5NgX/41lIFJtkjD6YdVfgEzPfJ5UA==",
+            "version": "1.3.0",
+            "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-1.3.0.tgz",
+            "integrity": "sha512-UWW0TMTmk2d7hLcWD1/e2g5HDM/HQ3csaLSqXCfqwh4uNDuNqlaKWXmEsL4Cs41Z0KnILNvwbHAah3C2yt06kw==",
             "dependencies": {
                 "ajv": "^6.12.4",
                 "debug": "^4.3.2",
                 "espree": "^9.3.2",
-                "globals": "^13.9.0",
+                "globals": "^13.15.0",
                 "ignore": "^5.2.0",
                 "import-fresh": "^3.2.1",
                 "js-yaml": "^4.1.0",
@@ -1711,9 +1711,9 @@
             }
         },
         "node_modules/@eslint/eslintrc/node_modules/globals": {
-            "version": "13.14.0",
-            "resolved": "https://registry.npmjs.org/globals/-/globals-13.14.0.tgz",
-            "integrity": "sha512-ERO68sOYwm5UuLvSJTY7w7NP2c8S4UcXs3X1GBX8cwOr+ShOcDBbCY5mH4zxz0jsYCdJ8ve8Mv9n2YGJMB1aeg==",
+            "version": "13.15.0",
+            "resolved": "https://registry.npmjs.org/globals/-/globals-13.15.0.tgz",
+            "integrity": "sha512-bpzcOlgDhMG070Av0Vy5Owklpv1I6+j96GhUI7Rh7IzDCKLzboflLrrfqMu8NquDbiR4EOQk7XzJwqVJxicxog==",
             "dependencies": {
                 "type-fest": "^0.20.2"
             },
@@ -1772,9 +1772,9 @@
             }
         },
         "node_modules/@goauthentik/api": {
-            "version": "2022.5.1-1653068887",
-            "resolved": "https://registry.npmjs.org/@goauthentik/api/-/api-2022.5.1-1653068887.tgz",
-            "integrity": "sha512-tKzFnmq34rEm3HfYVzHVdI09zIc6oE5ZlACe+Ed0fxwVFPqjWcIce+uK7/KtskY1jsNcaMr2r0sfSLHaH0jFgw=="
+            "version": "2022.5.2-1653414238",
+            "resolved": "https://registry.npmjs.org/@goauthentik/api/-/api-2022.5.2-1653414238.tgz",
+            "integrity": "sha512-KkvLhMhgVCDp3Wj2Hq17YhpW7nNuydX8hyByW1DtFqd5IX4sBVQdWTeMgkZQXPOnWjdgYAv986ZYNoY+ZwDDUg=="
         },
         "node_modules/@humanwhocodes/config-array": {
             "version": "0.9.2",
@@ -2906,13 +2906,13 @@
             "integrity": "sha512-7tFImggNeNBVMsn0vLrpn1H1uPrUBdnARPTpZoitY37ZrdJREzf7I16tMrlK3hen349gr1NYh8CmZQa7CTG6Aw=="
         },
         "node_modules/@typescript-eslint/eslint-plugin": {
-            "version": "5.25.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-5.25.0.tgz",
-            "integrity": "sha512-icYrFnUzvm+LhW0QeJNKkezBu6tJs9p/53dpPLFH8zoM9w1tfaKzVurkPotEpAqQ8Vf8uaFyL5jHd0Vs6Z0ZQg==",
+            "version": "5.26.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-5.26.0.tgz",
+            "integrity": "sha512-oGCmo0PqnRZZndr+KwvvAUvD3kNE4AfyoGCwOZpoCncSh4MVD06JTE8XQa2u9u+NX5CsyZMBTEc2C72zx38eYA==",
             "dependencies": {
-                "@typescript-eslint/scope-manager": "5.25.0",
-                "@typescript-eslint/type-utils": "5.25.0",
-                "@typescript-eslint/utils": "5.25.0",
+                "@typescript-eslint/scope-manager": "5.26.0",
+                "@typescript-eslint/type-utils": "5.26.0",
+                "@typescript-eslint/utils": "5.26.0",
                 "debug": "^4.3.4",
                 "functional-red-black-tree": "^1.0.1",
                 "ignore": "^5.2.0",
@@ -2952,13 +2952,13 @@
             }
         },
         "node_modules/@typescript-eslint/parser": {
-            "version": "5.25.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-5.25.0.tgz",
-            "integrity": "sha512-r3hwrOWYbNKP1nTcIw/aZoH+8bBnh/Lh1iDHoFpyG4DnCpvEdctrSl6LOo19fZbzypjQMHdajolxs6VpYoChgA==",
+            "version": "5.26.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-5.26.0.tgz",
+            "integrity": "sha512-n/IzU87ttzIdnAH5vQ4BBDnLPly7rC5VnjN3m0xBG82HK6rhRxnCb3w/GyWbNDghPd+NktJqB/wl6+YkzZ5T5Q==",
             "dependencies": {
-                "@typescript-eslint/scope-manager": "5.25.0",
-                "@typescript-eslint/types": "5.25.0",
-                "@typescript-eslint/typescript-estree": "5.25.0",
+                "@typescript-eslint/scope-manager": "5.26.0",
+                "@typescript-eslint/types": "5.26.0",
+                "@typescript-eslint/typescript-estree": "5.26.0",
                 "debug": "^4.3.4"
             },
             "engines": {
@@ -2978,12 +2978,12 @@
             }
         },
         "node_modules/@typescript-eslint/scope-manager": {
-            "version": "5.25.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-5.25.0.tgz",
-            "integrity": "sha512-p4SKTFWj+2VpreUZ5xMQsBMDdQ9XdRvODKXN4EksyBjFp2YvQdLkyHqOffakYZPuWJUDNu3jVXtHALDyTv3cww==",
+            "version": "5.26.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-5.26.0.tgz",
+            "integrity": "sha512-gVzTJUESuTwiju/7NiTb4c5oqod8xt5GhMbExKsCTp6adU3mya6AGJ4Pl9xC7x2DX9UYFsjImC0mA62BCY22Iw==",
             "dependencies": {
-                "@typescript-eslint/types": "5.25.0",
-                "@typescript-eslint/visitor-keys": "5.25.0"
+                "@typescript-eslint/types": "5.26.0",
+                "@typescript-eslint/visitor-keys": "5.26.0"
             },
             "engines": {
                 "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
@@ -2994,11 +2994,11 @@
             }
         },
         "node_modules/@typescript-eslint/type-utils": {
-            "version": "5.25.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-5.25.0.tgz",
-            "integrity": "sha512-B6nb3GK3Gv1Rsb2pqalebe/RyQoyG/WDy9yhj8EE0Ikds4Xa8RR28nHz+wlt4tMZk5bnAr0f3oC8TuDAd5CPrw==",
+            "version": "5.26.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-5.26.0.tgz",
+            "integrity": "sha512-7ccbUVWGLmcRDSA1+ADkDBl5fP87EJt0fnijsMFTVHXKGduYMgienC/i3QwoVhDADUAPoytgjbZbCOMj4TY55A==",
             "dependencies": {
-                "@typescript-eslint/utils": "5.25.0",
+                "@typescript-eslint/utils": "5.26.0",
                 "debug": "^4.3.4",
                 "tsutils": "^3.21.0"
             },
@@ -3019,9 +3019,9 @@
             }
         },
         "node_modules/@typescript-eslint/types": {
-            "version": "5.25.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-5.25.0.tgz",
-            "integrity": "sha512-7fWqfxr0KNHj75PFqlGX24gWjdV/FDBABXL5dyvBOWHpACGyveok8Uj4ipPX/1fGU63fBkzSIycEje4XsOxUFA==",
+            "version": "5.26.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-5.26.0.tgz",
+            "integrity": "sha512-8794JZFE1RN4XaExLWLI2oSXsVImNkl79PzTOOWt9h0UHROwJedNOD2IJyfL0NbddFllcktGIO2aOu10avQQyA==",
             "engines": {
                 "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
             },
@@ -3031,12 +3031,12 @@
             }
         },
         "node_modules/@typescript-eslint/typescript-estree": {
-            "version": "5.25.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-5.25.0.tgz",
-            "integrity": "sha512-MrPODKDych/oWs/71LCnuO7NyR681HuBly2uLnX3r5i4ME7q/yBqC4hW33kmxtuauLTM0OuBOhhkFaxCCOjEEw==",
+            "version": "5.26.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-5.26.0.tgz",
+            "integrity": "sha512-EyGpw6eQDsfD6jIqmXP3rU5oHScZ51tL/cZgFbFBvWuCwrIptl+oueUZzSmLtxFuSOQ9vDcJIs+279gnJkfd1w==",
             "dependencies": {
-                "@typescript-eslint/types": "5.25.0",
-                "@typescript-eslint/visitor-keys": "5.25.0",
+                "@typescript-eslint/types": "5.26.0",
+                "@typescript-eslint/visitor-keys": "5.26.0",
                 "debug": "^4.3.4",
                 "globby": "^11.1.0",
                 "is-glob": "^4.0.3",
@@ -3071,14 +3071,14 @@
             }
         },
         "node_modules/@typescript-eslint/utils": {
-            "version": "5.25.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-5.25.0.tgz",
-            "integrity": "sha512-qNC9bhnz/n9Kba3yI6HQgQdBLuxDoMgdjzdhSInZh6NaDnFpTUlwNGxplUFWfY260Ya0TRPvkg9dd57qxrJI9g==",
+            "version": "5.26.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-5.26.0.tgz",
+            "integrity": "sha512-PJFwcTq2Pt4AMOKfe3zQOdez6InIDOjUJJD3v3LyEtxHGVVRK3Vo7Dd923t/4M9hSH2q2CLvcTdxlLPjcIk3eg==",
             "dependencies": {
                 "@types/json-schema": "^7.0.9",
-                "@typescript-eslint/scope-manager": "5.25.0",
-                "@typescript-eslint/types": "5.25.0",
-                "@typescript-eslint/typescript-estree": "5.25.0",
+                "@typescript-eslint/scope-manager": "5.26.0",
+                "@typescript-eslint/types": "5.26.0",
+                "@typescript-eslint/typescript-estree": "5.26.0",
                 "eslint-scope": "^5.1.1",
                 "eslint-utils": "^3.0.0"
             },
@@ -3094,11 +3094,11 @@
             }
         },
         "node_modules/@typescript-eslint/visitor-keys": {
-            "version": "5.25.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-5.25.0.tgz",
-            "integrity": "sha512-yd26vFgMsC4h2dgX4+LR+GeicSKIfUvZREFLf3DDjZPtqgLx5AJZr6TetMNwFP9hcKreTTeztQYBTNbNoOycwA==",
+            "version": "5.26.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-5.26.0.tgz",
+            "integrity": "sha512-wei+ffqHanYDOQgg/fS6Hcar6wAWv0CUPQ3TZzOWd2BLfgP539rb49bwua8WRAs7R6kOSLn82rfEu2ro6Llt8Q==",
             "dependencies": {
-                "@typescript-eslint/types": "5.25.0",
+                "@typescript-eslint/types": "5.26.0",
                 "eslint-visitor-keys": "^3.3.0"
             },
             "engines": {
@@ -3839,9 +3839,9 @@
             }
         },
         "node_modules/codemirror": {
-            "version": "5.65.3",
-            "resolved": "https://registry.npmjs.org/codemirror/-/codemirror-5.65.3.tgz",
-            "integrity": "sha512-kCC0iwGZOVZXHEKW3NDTObvM7pTIyowjty4BUqeREROc/3I6bWbgZDA3fGDwlA+rbgRjvnRnfqs9SfXynel1AQ=="
+            "version": "5.65.4",
+            "resolved": "https://registry.npmjs.org/codemirror/-/codemirror-5.65.4.tgz",
+            "integrity": "sha512-tytrSm5Rh52b6j36cbDXN+FHwHCl9aroY4BrDZB2NFFL3Wjfq9nuYVLFFhaOYOczKAg3JXTr8BuT8LcE5QY4Iw=="
         },
         "node_modules/collection-visit": {
             "version": "1.0.0",
@@ -3988,9 +3988,9 @@
             }
         },
         "node_modules/country-flag-icons": {
-            "version": "1.4.26",
-            "resolved": "https://registry.npmjs.org/country-flag-icons/-/country-flag-icons-1.4.26.tgz",
-            "integrity": "sha512-fUBQ58zfQsSL12ErkFSfBxnQZapzdC8+5ZKqhD1z0EHqPnOuiFl7nZTv8Gqpms+jvweP+pbCYGp7G4aiO9eiMw=="
+            "version": "1.5.4",
+            "resolved": "https://registry.npmjs.org/country-flag-icons/-/country-flag-icons-1.5.4.tgz",
+            "integrity": "sha512-/PnU4OZimNfuwQWH4hBBoGVmIbMoDoGF8AH6+TxSJzYOPgWxO7vEPu8Cuyzwy6R/voEiw3wjJESDXvQqmS1mng=="
         },
         "node_modules/create-require": {
             "version": "1.1.1",
@@ -4188,11 +4188,11 @@
             }
         },
         "node_modules/eslint": {
-            "version": "8.15.0",
-            "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.15.0.tgz",
-            "integrity": "sha512-GG5USZ1jhCu8HJkzGgeK8/+RGnHaNYZGrGDzUtigK3BsGESW/rs2az23XqE0WVwDxy1VRvvjSSGu5nB0Bu+6SA==",
+            "version": "8.16.0",
+            "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.16.0.tgz",
+            "integrity": "sha512-MBndsoXY/PeVTDJeWsYj7kLZ5hQpJOfMYLsF6LicLHQWbRDG19lK5jOix4DPl8yY4SUFcE3txy86OzFLWT+yoA==",
             "dependencies": {
-                "@eslint/eslintrc": "^1.2.3",
+                "@eslint/eslintrc": "^1.3.0",
                 "@humanwhocodes/config-array": "^0.9.2",
                 "ajv": "^6.10.0",
                 "chalk": "^4.0.0",
@@ -4210,7 +4210,7 @@
                 "file-entry-cache": "^6.0.1",
                 "functional-red-black-tree": "^1.0.1",
                 "glob-parent": "^6.0.1",
-                "globals": "^13.6.0",
+                "globals": "^13.15.0",
                 "ignore": "^5.2.0",
                 "import-fresh": "^3.0.0",
                 "imurmurhash": "^0.1.4",
@@ -4406,9 +4406,9 @@
             }
         },
         "node_modules/eslint/node_modules/globals": {
-            "version": "13.11.0",
-            "resolved": "https://registry.npmjs.org/globals/-/globals-13.11.0.tgz",
-            "integrity": "sha512-08/xrJ7wQjK9kkkRoI3OFUBbLx4f+6x3SGwcPvQ0QH6goFDrOU2oyAWrmh3dJezu65buo+HBMzAMQy6rovVC3g==",
+            "version": "13.15.0",
+            "resolved": "https://registry.npmjs.org/globals/-/globals-13.15.0.tgz",
+            "integrity": "sha512-bpzcOlgDhMG070Av0Vy5Owklpv1I6+j96GhUI7Rh7IzDCKLzboflLrrfqMu8NquDbiR4EOQk7XzJwqVJxicxog==",
             "dependencies": {
                 "type-fest": "^0.20.2"
             },
@@ -6264,9 +6264,9 @@
             }
         },
         "node_modules/marked": {
-            "version": "4.0.12",
-            "resolved": "https://registry.npmjs.org/marked/-/marked-4.0.12.tgz",
-            "integrity": "sha512-hgibXWrEDNBWgGiK18j/4lkS6ihTe9sxtV4Q1OQppb/0zzyPSzoFANBa5MfsG/zgsWklmNnhm0XACZOH/0HBiQ==",
+            "version": "4.0.16",
+            "resolved": "https://registry.npmjs.org/marked/-/marked-4.0.16.tgz",
+            "integrity": "sha512-wahonIQ5Jnyatt2fn8KqF/nIqZM8mh3oRu2+l5EANGMhu6RFjiSG52QNE2eWzFMI94HqYSgN184NurgNG6CztA==",
             "bin": {
                 "marked": "bin/marked.js"
             },
@@ -6999,9 +6999,9 @@
             "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
         },
         "node_modules/prismjs": {
-            "version": "1.27.0",
-            "resolved": "https://registry.npmjs.org/prismjs/-/prismjs-1.27.0.tgz",
-            "integrity": "sha512-t13BGPUlFDR7wRB5kQDG4jjl7XeuH6jbJGt11JHPL96qwsEHNX2+68tFXqc1/k+/jALsbSWJKUOT/hcYAZ5LkA==",
+            "version": "1.28.0",
+            "resolved": "https://registry.npmjs.org/prismjs/-/prismjs-1.28.0.tgz",
+            "integrity": "sha512-8aaXdYvl1F7iC7Xm1spqSaY/OJBpYW3v+KJ+F17iYxvdc8sfjW194COK5wVhMZX45tGteiBQgdvD/nhxcRwylw==",
             "engines": {
                 "node": ">=6"
             }
@@ -7091,16 +7091,16 @@
             }
         },
         "node_modules/rapidoc": {
-            "version": "9.2.0",
-            "resolved": "https://registry.npmjs.org/rapidoc/-/rapidoc-9.2.0.tgz",
-            "integrity": "sha512-liK2AFGJ3jTUkohZrT1nvxUOAGAHNu/CGRRclGVHPFp69TyEpUoAgOejQgIMsgDdtbeHnTRTbPiXK6HpirqnRw==",
+            "version": "9.3.2",
+            "resolved": "https://registry.npmjs.org/rapidoc/-/rapidoc-9.3.2.tgz",
+            "integrity": "sha512-IQb9lGWDLT+kufiUHaT356E4Dh0goxwCnCZN3WY+rwF7toxprUQepbrFcqO6FsThMzw6yEICRPNH+DQHvjf2Kw==",
             "dependencies": {
                 "@apitools/openapi-parser": "^0.0.24",
                 "base64-arraybuffer": "^1.0.2",
                 "buffer": "^6.0.3",
-                "lit": "^2.2.0",
-                "marked": "^4.0.12",
-                "prismjs": "^1.26.0"
+                "lit": "^2.2.4",
+                "marked": "^4.0.16",
+                "prismjs": "^1.28.0"
             },
             "engines": {
                 "node": ">=10.21.0"
@@ -10070,14 +10070,14 @@
             }
         },
         "@eslint/eslintrc": {
-            "version": "1.2.3",
-            "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-1.2.3.tgz",
-            "integrity": "sha512-uGo44hIwoLGNyduRpjdEpovcbMdd+Nv7amtmJxnKmI8xj6yd5LncmSwDa5NgX/41lIFJtkjD6YdVfgEzPfJ5UA==",
+            "version": "1.3.0",
+            "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-1.3.0.tgz",
+            "integrity": "sha512-UWW0TMTmk2d7hLcWD1/e2g5HDM/HQ3csaLSqXCfqwh4uNDuNqlaKWXmEsL4Cs41Z0KnILNvwbHAah3C2yt06kw==",
             "requires": {
                 "ajv": "^6.12.4",
                 "debug": "^4.3.2",
                 "espree": "^9.3.2",
-                "globals": "^13.9.0",
+                "globals": "^13.15.0",
                 "ignore": "^5.2.0",
                 "import-fresh": "^3.2.1",
                 "js-yaml": "^4.1.0",
@@ -10086,9 +10086,9 @@
             },
             "dependencies": {
                 "globals": {
-                    "version": "13.14.0",
-                    "resolved": "https://registry.npmjs.org/globals/-/globals-13.14.0.tgz",
-                    "integrity": "sha512-ERO68sOYwm5UuLvSJTY7w7NP2c8S4UcXs3X1GBX8cwOr+ShOcDBbCY5mH4zxz0jsYCdJ8ve8Mv9n2YGJMB1aeg==",
+                    "version": "13.15.0",
+                    "resolved": "https://registry.npmjs.org/globals/-/globals-13.15.0.tgz",
+                    "integrity": "sha512-bpzcOlgDhMG070Av0Vy5Owklpv1I6+j96GhUI7Rh7IzDCKLzboflLrrfqMu8NquDbiR4EOQk7XzJwqVJxicxog==",
                     "requires": {
                         "type-fest": "^0.20.2"
                     }
@@ -10133,9 +10133,9 @@
             "integrity": "sha512-J/3yg2AIXc9wznaVqpHVX3Wa5jwKovVF0AMYSnbmcXTiL3PpRPfF58pzWucCwEiCJBp+hCNRLWClTomD8SseKg=="
         },
         "@goauthentik/api": {
-            "version": "2022.5.1-1653068887",
-            "resolved": "https://registry.npmjs.org/@goauthentik/api/-/api-2022.5.1-1653068887.tgz",
-            "integrity": "sha512-tKzFnmq34rEm3HfYVzHVdI09zIc6oE5ZlACe+Ed0fxwVFPqjWcIce+uK7/KtskY1jsNcaMr2r0sfSLHaH0jFgw=="
+            "version": "2022.5.2-1653414238",
+            "resolved": "https://registry.npmjs.org/@goauthentik/api/-/api-2022.5.2-1653414238.tgz",
+            "integrity": "sha512-KkvLhMhgVCDp3Wj2Hq17YhpW7nNuydX8hyByW1DtFqd5IX4sBVQdWTeMgkZQXPOnWjdgYAv986ZYNoY+ZwDDUg=="
         },
         "@humanwhocodes/config-array": {
             "version": "0.9.2",
@@ -11072,13 +11072,13 @@
             "integrity": "sha512-7tFImggNeNBVMsn0vLrpn1H1uPrUBdnARPTpZoitY37ZrdJREzf7I16tMrlK3hen349gr1NYh8CmZQa7CTG6Aw=="
         },
         "@typescript-eslint/eslint-plugin": {
-            "version": "5.25.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-5.25.0.tgz",
-            "integrity": "sha512-icYrFnUzvm+LhW0QeJNKkezBu6tJs9p/53dpPLFH8zoM9w1tfaKzVurkPotEpAqQ8Vf8uaFyL5jHd0Vs6Z0ZQg==",
+            "version": "5.26.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-5.26.0.tgz",
+            "integrity": "sha512-oGCmo0PqnRZZndr+KwvvAUvD3kNE4AfyoGCwOZpoCncSh4MVD06JTE8XQa2u9u+NX5CsyZMBTEc2C72zx38eYA==",
             "requires": {
-                "@typescript-eslint/scope-manager": "5.25.0",
-                "@typescript-eslint/type-utils": "5.25.0",
-                "@typescript-eslint/utils": "5.25.0",
+                "@typescript-eslint/scope-manager": "5.26.0",
+                "@typescript-eslint/type-utils": "5.26.0",
+                "@typescript-eslint/utils": "5.26.0",
                 "debug": "^4.3.4",
                 "functional-red-black-tree": "^1.0.1",
                 "ignore": "^5.2.0",
@@ -11098,47 +11098,47 @@
             }
         },
         "@typescript-eslint/parser": {
-            "version": "5.25.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-5.25.0.tgz",
-            "integrity": "sha512-r3hwrOWYbNKP1nTcIw/aZoH+8bBnh/Lh1iDHoFpyG4DnCpvEdctrSl6LOo19fZbzypjQMHdajolxs6VpYoChgA==",
+            "version": "5.26.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-5.26.0.tgz",
+            "integrity": "sha512-n/IzU87ttzIdnAH5vQ4BBDnLPly7rC5VnjN3m0xBG82HK6rhRxnCb3w/GyWbNDghPd+NktJqB/wl6+YkzZ5T5Q==",
             "requires": {
-                "@typescript-eslint/scope-manager": "5.25.0",
-                "@typescript-eslint/types": "5.25.0",
-                "@typescript-eslint/typescript-estree": "5.25.0",
+                "@typescript-eslint/scope-manager": "5.26.0",
+                "@typescript-eslint/types": "5.26.0",
+                "@typescript-eslint/typescript-estree": "5.26.0",
                 "debug": "^4.3.4"
             }
         },
         "@typescript-eslint/scope-manager": {
-            "version": "5.25.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-5.25.0.tgz",
-            "integrity": "sha512-p4SKTFWj+2VpreUZ5xMQsBMDdQ9XdRvODKXN4EksyBjFp2YvQdLkyHqOffakYZPuWJUDNu3jVXtHALDyTv3cww==",
+            "version": "5.26.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-5.26.0.tgz",
+            "integrity": "sha512-gVzTJUESuTwiju/7NiTb4c5oqod8xt5GhMbExKsCTp6adU3mya6AGJ4Pl9xC7x2DX9UYFsjImC0mA62BCY22Iw==",
             "requires": {
-                "@typescript-eslint/types": "5.25.0",
-                "@typescript-eslint/visitor-keys": "5.25.0"
+                "@typescript-eslint/types": "5.26.0",
+                "@typescript-eslint/visitor-keys": "5.26.0"
             }
         },
         "@typescript-eslint/type-utils": {
-            "version": "5.25.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-5.25.0.tgz",
-            "integrity": "sha512-B6nb3GK3Gv1Rsb2pqalebe/RyQoyG/WDy9yhj8EE0Ikds4Xa8RR28nHz+wlt4tMZk5bnAr0f3oC8TuDAd5CPrw==",
+            "version": "5.26.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-5.26.0.tgz",
+            "integrity": "sha512-7ccbUVWGLmcRDSA1+ADkDBl5fP87EJt0fnijsMFTVHXKGduYMgienC/i3QwoVhDADUAPoytgjbZbCOMj4TY55A==",
             "requires": {
-                "@typescript-eslint/utils": "5.25.0",
+                "@typescript-eslint/utils": "5.26.0",
                 "debug": "^4.3.4",
                 "tsutils": "^3.21.0"
             }
         },
         "@typescript-eslint/types": {
-            "version": "5.25.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-5.25.0.tgz",
-            "integrity": "sha512-7fWqfxr0KNHj75PFqlGX24gWjdV/FDBABXL5dyvBOWHpACGyveok8Uj4ipPX/1fGU63fBkzSIycEje4XsOxUFA=="
+            "version": "5.26.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-5.26.0.tgz",
+            "integrity": "sha512-8794JZFE1RN4XaExLWLI2oSXsVImNkl79PzTOOWt9h0UHROwJedNOD2IJyfL0NbddFllcktGIO2aOu10avQQyA=="
         },
         "@typescript-eslint/typescript-estree": {
-            "version": "5.25.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-5.25.0.tgz",
-            "integrity": "sha512-MrPODKDych/oWs/71LCnuO7NyR681HuBly2uLnX3r5i4ME7q/yBqC4hW33kmxtuauLTM0OuBOhhkFaxCCOjEEw==",
+            "version": "5.26.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-5.26.0.tgz",
+            "integrity": "sha512-EyGpw6eQDsfD6jIqmXP3rU5oHScZ51tL/cZgFbFBvWuCwrIptl+oueUZzSmLtxFuSOQ9vDcJIs+279gnJkfd1w==",
             "requires": {
-                "@typescript-eslint/types": "5.25.0",
-                "@typescript-eslint/visitor-keys": "5.25.0",
+                "@typescript-eslint/types": "5.26.0",
+                "@typescript-eslint/visitor-keys": "5.26.0",
                 "debug": "^4.3.4",
                 "globby": "^11.1.0",
                 "is-glob": "^4.0.3",
@@ -11157,24 +11157,24 @@
             }
         },
         "@typescript-eslint/utils": {
-            "version": "5.25.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-5.25.0.tgz",
-            "integrity": "sha512-qNC9bhnz/n9Kba3yI6HQgQdBLuxDoMgdjzdhSInZh6NaDnFpTUlwNGxplUFWfY260Ya0TRPvkg9dd57qxrJI9g==",
+            "version": "5.26.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-5.26.0.tgz",
+            "integrity": "sha512-PJFwcTq2Pt4AMOKfe3zQOdez6InIDOjUJJD3v3LyEtxHGVVRK3Vo7Dd923t/4M9hSH2q2CLvcTdxlLPjcIk3eg==",
             "requires": {
                 "@types/json-schema": "^7.0.9",
-                "@typescript-eslint/scope-manager": "5.25.0",
-                "@typescript-eslint/types": "5.25.0",
-                "@typescript-eslint/typescript-estree": "5.25.0",
+                "@typescript-eslint/scope-manager": "5.26.0",
+                "@typescript-eslint/types": "5.26.0",
+                "@typescript-eslint/typescript-estree": "5.26.0",
                 "eslint-scope": "^5.1.1",
                 "eslint-utils": "^3.0.0"
             }
         },
         "@typescript-eslint/visitor-keys": {
-            "version": "5.25.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-5.25.0.tgz",
-            "integrity": "sha512-yd26vFgMsC4h2dgX4+LR+GeicSKIfUvZREFLf3DDjZPtqgLx5AJZr6TetMNwFP9hcKreTTeztQYBTNbNoOycwA==",
+            "version": "5.26.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-5.26.0.tgz",
+            "integrity": "sha512-wei+ffqHanYDOQgg/fS6Hcar6wAWv0CUPQ3TZzOWd2BLfgP539rb49bwua8WRAs7R6kOSLn82rfEu2ro6Llt8Q==",
             "requires": {
-                "@typescript-eslint/types": "5.25.0",
+                "@typescript-eslint/types": "5.26.0",
                 "eslint-visitor-keys": "^3.3.0"
             },
             "dependencies": {
@@ -11688,9 +11688,9 @@
             "integrity": "sha1-2jCcwmPfFZlMaIypAheco8fNfH4="
         },
         "codemirror": {
-            "version": "5.65.3",
-            "resolved": "https://registry.npmjs.org/codemirror/-/codemirror-5.65.3.tgz",
-            "integrity": "sha512-kCC0iwGZOVZXHEKW3NDTObvM7pTIyowjty4BUqeREROc/3I6bWbgZDA3fGDwlA+rbgRjvnRnfqs9SfXynel1AQ=="
+            "version": "5.65.4",
+            "resolved": "https://registry.npmjs.org/codemirror/-/codemirror-5.65.4.tgz",
+            "integrity": "sha512-tytrSm5Rh52b6j36cbDXN+FHwHCl9aroY4BrDZB2NFFL3Wjfq9nuYVLFFhaOYOczKAg3JXTr8BuT8LcE5QY4Iw=="
         },
         "collection-visit": {
             "version": "1.0.0",
@@ -11808,9 +11808,9 @@
             }
         },
         "country-flag-icons": {
-            "version": "1.4.26",
-            "resolved": "https://registry.npmjs.org/country-flag-icons/-/country-flag-icons-1.4.26.tgz",
-            "integrity": "sha512-fUBQ58zfQsSL12ErkFSfBxnQZapzdC8+5ZKqhD1z0EHqPnOuiFl7nZTv8Gqpms+jvweP+pbCYGp7G4aiO9eiMw=="
+            "version": "1.5.4",
+            "resolved": "https://registry.npmjs.org/country-flag-icons/-/country-flag-icons-1.5.4.tgz",
+            "integrity": "sha512-/PnU4OZimNfuwQWH4hBBoGVmIbMoDoGF8AH6+TxSJzYOPgWxO7vEPu8Cuyzwy6R/voEiw3wjJESDXvQqmS1mng=="
         },
         "create-require": {
             "version": "1.1.1",
@@ -11954,11 +11954,11 @@
             "integrity": "sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ="
         },
         "eslint": {
-            "version": "8.15.0",
-            "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.15.0.tgz",
-            "integrity": "sha512-GG5USZ1jhCu8HJkzGgeK8/+RGnHaNYZGrGDzUtigK3BsGESW/rs2az23XqE0WVwDxy1VRvvjSSGu5nB0Bu+6SA==",
+            "version": "8.16.0",
+            "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.16.0.tgz",
+            "integrity": "sha512-MBndsoXY/PeVTDJeWsYj7kLZ5hQpJOfMYLsF6LicLHQWbRDG19lK5jOix4DPl8yY4SUFcE3txy86OzFLWT+yoA==",
             "requires": {
-                "@eslint/eslintrc": "^1.2.3",
+                "@eslint/eslintrc": "^1.3.0",
                 "@humanwhocodes/config-array": "^0.9.2",
                 "ajv": "^6.10.0",
                 "chalk": "^4.0.0",
@@ -11976,7 +11976,7 @@
                 "file-entry-cache": "^6.0.1",
                 "functional-red-black-tree": "^1.0.1",
                 "glob-parent": "^6.0.1",
-                "globals": "^13.6.0",
+                "globals": "^13.15.0",
                 "ignore": "^5.2.0",
                 "import-fresh": "^3.0.0",
                 "imurmurhash": "^0.1.4",
@@ -12058,9 +12058,9 @@
                     }
                 },
                 "globals": {
-                    "version": "13.11.0",
-                    "resolved": "https://registry.npmjs.org/globals/-/globals-13.11.0.tgz",
-                    "integrity": "sha512-08/xrJ7wQjK9kkkRoI3OFUBbLx4f+6x3SGwcPvQ0QH6goFDrOU2oyAWrmh3dJezu65buo+HBMzAMQy6rovVC3g==",
+                    "version": "13.15.0",
+                    "resolved": "https://registry.npmjs.org/globals/-/globals-13.15.0.tgz",
+                    "integrity": "sha512-bpzcOlgDhMG070Av0Vy5Owklpv1I6+j96GhUI7Rh7IzDCKLzboflLrrfqMu8NquDbiR4EOQk7XzJwqVJxicxog==",
                     "requires": {
                         "type-fest": "^0.20.2"
                     }
@@ -13519,9 +13519,9 @@
             }
         },
         "marked": {
-            "version": "4.0.12",
-            "resolved": "https://registry.npmjs.org/marked/-/marked-4.0.12.tgz",
-            "integrity": "sha512-hgibXWrEDNBWgGiK18j/4lkS6ihTe9sxtV4Q1OQppb/0zzyPSzoFANBa5MfsG/zgsWklmNnhm0XACZOH/0HBiQ=="
+            "version": "4.0.16",
+            "resolved": "https://registry.npmjs.org/marked/-/marked-4.0.16.tgz",
+            "integrity": "sha512-wahonIQ5Jnyatt2fn8KqF/nIqZM8mh3oRu2+l5EANGMhu6RFjiSG52QNE2eWzFMI94HqYSgN184NurgNG6CztA=="
         },
         "merge-stream": {
             "version": "2.0.0",
@@ -14049,9 +14049,9 @@
             }
         },
         "prismjs": {
-            "version": "1.27.0",
-            "resolved": "https://registry.npmjs.org/prismjs/-/prismjs-1.27.0.tgz",
-            "integrity": "sha512-t13BGPUlFDR7wRB5kQDG4jjl7XeuH6jbJGt11JHPL96qwsEHNX2+68tFXqc1/k+/jALsbSWJKUOT/hcYAZ5LkA=="
+            "version": "1.28.0",
+            "resolved": "https://registry.npmjs.org/prismjs/-/prismjs-1.28.0.tgz",
+            "integrity": "sha512-8aaXdYvl1F7iC7Xm1spqSaY/OJBpYW3v+KJ+F17iYxvdc8sfjW194COK5wVhMZX45tGteiBQgdvD/nhxcRwylw=="
         },
         "pseudolocale": {
             "version": "1.2.0",
@@ -14111,16 +14111,16 @@
             }
         },
         "rapidoc": {
-            "version": "9.2.0",
-            "resolved": "https://registry.npmjs.org/rapidoc/-/rapidoc-9.2.0.tgz",
-            "integrity": "sha512-liK2AFGJ3jTUkohZrT1nvxUOAGAHNu/CGRRclGVHPFp69TyEpUoAgOejQgIMsgDdtbeHnTRTbPiXK6HpirqnRw==",
+            "version": "9.3.2",
+            "resolved": "https://registry.npmjs.org/rapidoc/-/rapidoc-9.3.2.tgz",
+            "integrity": "sha512-IQb9lGWDLT+kufiUHaT356E4Dh0goxwCnCZN3WY+rwF7toxprUQepbrFcqO6FsThMzw6yEICRPNH+DQHvjf2Kw==",
             "requires": {
                 "@apitools/openapi-parser": "^0.0.24",
                 "base64-arraybuffer": "^1.0.2",
                 "buffer": "^6.0.3",
-                "lit": "^2.2.0",
-                "marked": "^4.0.12",
-                "prismjs": "^1.26.0"
+                "lit": "^2.2.4",
+                "marked": "^4.0.16",
+                "prismjs": "^1.28.0"
             },
             "dependencies": {
                 "buffer": {

web/package.json

@@ -59,7 +59,7 @@
         "@babel/preset-typescript": "^7.17.12",
         "@formatjs/intl-listformat": "^7.0.1",
         "@fortawesome/fontawesome-free": "^6.1.1",
-        "@goauthentik/api": "^2022.5.1-1653068887",
+        "@goauthentik/api": "^2022.5.2-1653414238",
         "@jackfranklin/rollup-plugin-markdown": "^0.3.0",
         "@lingui/cli": "^3.13.3",
         "@lingui/core": "^3.13.3",
@@ -80,17 +80,17 @@
         "@types/chart.js": "^2.9.37",
         "@types/codemirror": "5.60.5",
         "@types/grecaptcha": "^3.0.4",
-        "@typescript-eslint/eslint-plugin": "^5.25.0",
-        "@typescript-eslint/parser": "^5.25.0",
+        "@typescript-eslint/eslint-plugin": "^5.26.0",
+        "@typescript-eslint/parser": "^5.26.0",
         "@webcomponents/webcomponentsjs": "^2.6.0",
         "babel-plugin-macros": "^3.1.0",
         "base64-js": "^1.5.1",
         "chart.js": "^3.7.1",
         "chartjs-adapter-moment": "^1.0.0",
-        "codemirror": "^5.65.3",
+        "codemirror": "^5.65.4",
         "construct-style-sheets-polyfill": "^3.1.0",
-        "country-flag-icons": "^1.4.26",
-        "eslint": "^8.15.0",
+        "country-flag-icons": "^1.5.4",
+        "eslint": "^8.16.0",
         "eslint-config-google": "^0.14.0",
         "eslint-plugin-custom-elements": "0.0.6",
         "eslint-plugin-lit": "^1.6.1",
@@ -99,7 +99,7 @@
         "lit": "^2.2.4",
         "moment": "^2.29.3",
         "prettier": "^2.6.2",
-        "rapidoc": "^9.2.0",
+        "rapidoc": "^9.3.2",
         "rollup": "^2.74.1",
         "rollup-plugin-copy": "^3.4.0",
         "rollup-plugin-cssimport": "^1.0.2",

web/src/constants.ts

@@ -3,7 +3,7 @@ export const SUCCESS_CLASS = "pf-m-success";
 export const ERROR_CLASS = "pf-m-danger";
 export const PROGRESS_CLASS = "pf-m-in-progress";
 export const CURRENT_CLASS = "pf-m-current";
-export const VERSION = "2022.5.2";
+export const VERSION = "2022.5.3";
 export const TITLE_DEFAULT = "authentik";
 export const ROUTE_SEPARATOR = ";";
 

web/src/elements/PageHeader.ts

@@ -17,8 +17,8 @@ import { me } from "../api/Users";
 import {
     EVENT_API_DRAWER_TOGGLE,
     EVENT_NOTIFICATION_DRAWER_TOGGLE,
-    EVENT_REFRESH,
     EVENT_SIDEBAR_TOGGLE,
+    EVENT_WS_MESSAGE,
     TITLE_DEFAULT,
 } from "../constants";
 
@@ -97,7 +97,7 @@ export class PageHeader extends LitElement {
 
     constructor() {
         super();
-        window.addEventListener(EVENT_REFRESH, () => {
+        window.addEventListener(EVENT_WS_MESSAGE, () => {
             this.firstUpdated();
         });
     }

web/src/elements/Tabs.ts

@@ -8,7 +8,7 @@ import AKGlobal from "../authentik.css";
 import PFTabs from "@patternfly/patternfly/components/Tabs/tabs.css";
 import PFGlobal from "@patternfly/patternfly/patternfly-base.css";
 
-import { CURRENT_CLASS, ROUTE_SEPARATOR } from "../constants";
+import { CURRENT_CLASS, EVENT_REFRESH, ROUTE_SEPARATOR } from "../constants";
 import { getURLParams, updateURLParams } from "./router/RouteMatch";
 
 @customElement("ak-tabs")
@@ -72,6 +72,14 @@ export class Tabs extends LitElement {
         const params: { [key: string]: string | undefined } = {};
         params[this.pageIdentifier] = slot;
         updateURLParams(params);
+        const page = this.querySelector(`[slot='${this.currentPage}']`);
+        if (!page) return;
+        page.dispatchEvent(
+            new CustomEvent(EVENT_REFRESH, {
+                bubbles: true,
+                composed: true,
+            }),
+        );
     }
 
     renderTab(page: Element): TemplateResult {
@@ -90,7 +98,7 @@ export class Tabs extends LitElement {
             if (this.pageIdentifier in params) {
                 if (this.querySelector(`[slot='${params[this.pageIdentifier]}']`) !== null) {
                     // To update the URL to match with the current slot
-                    this.currentPage = params[this.pageIdentifier];
+                    this.currentPage = params[this.pageIdentifier] as string;
                 }
             }
         }

web/src/elements/forms/DeleteBulkForm.ts

@@ -1,7 +1,7 @@
 import { t } from "@lingui/macro";
 
 import { CSSResult, TemplateResult, html } from "lit";
-import { customElement, property } from "lit/decorators.js";
+import { customElement, property, state } from "lit/decorators.js";
 import { until } from "lit/directives/until.js";
 
 import PFList from "@patternfly/patternfly/components/List/list.css";
@@ -33,6 +33,9 @@ export class DeleteObjectsTable<T> extends Table<T> {
     @property({ attribute: false })
     usedBy?: (item: T) => Promise<UsedBy[]>;
 
+    @state()
+    usedByData: Map<T, UsedBy[]> = new Map();
+
     static get styles(): CSSResult[] {
         return super.styles.concat(PFList);
     }
@@ -68,15 +71,16 @@ export class DeleteObjectsTable<T> extends Table<T> {
     }
 
     renderExpanded(item: T): TemplateResult {
+        const handler = async () => {
+            if (!this.usedByData.has(item) && this.usedBy) {
+                this.usedByData.set(item, await this.usedBy(item));
+            }
+            return this.renderUsedBy(this.usedByData.get(item) || []);
+        };
         return html`<td role="cell" colspan="2">
             <div class="pf-c-table__expandable-row-content">
                 ${this.usedBy
-                    ? until(
-                          this.usedBy(item).then((usedBy) => {
-                              return this.renderUsedBy(usedBy);
-                          }),
-                          html`<ak-spinner size=${PFSize.XLarge}></ak-spinner>`,
-                      )
+                    ? until(handler(), html`<ak-spinner size=${PFSize.Large}></ak-spinner>`)
                     : html``}
             </div>
         </td>`;

web/src/elements/table/Table.ts

@@ -168,25 +168,45 @@ export abstract class Table<T> extends LitElement {
             return;
         }
         this.isLoading = true;
-        return this.apiEndpoint(this.page)
-            .then((r) => {
-                this.data = r;
-                this.page = r.pagination.current;
-                r.results.forEach((res) => {
-                    const selectedIndex = this.selectedElements.indexOf(res);
-                    if (selectedIndex <= -1) {
-                        this.selectedElements.splice(selectedIndex, 1);
-                    }
-                    const expandedIndex = this.expandedElements.indexOf(res);
-                    if (expandedIndex <= -1) {
-                        this.expandedElements.splice(expandedIndex, 1);
-                    }
-                });
-                this.isLoading = false;
-            })
-            .catch(() => {
-                this.isLoading = false;
+        try {
+            this.data = await this.apiEndpoint(this.page);
+            this.page = this.data.pagination.current;
+            const newSelected: T[] = [];
+            const newExpanded: T[] = [];
+            this.data.results.forEach((res) => {
+                const jsonRes = JSON.stringify(res);
+                // So because we're dealing with complex objects here, we can't use indexOf
+                // since it checks strict equality, and we also can't easily check in findIndex()
+                // Instead we default to comparing the JSON of both objects, which is quite slow
+                // Hence we check if the objects have `pk` attributes set (as most models do)
+                // and compare that instead, which will be much faster.
+                let comp = (item: T) => {
+                    return JSON.stringify(item) === jsonRes;
+                };
+                if ("pk" in res) {
+                    comp = (item: T) => {
+                        return (
+                            (item as unknown as { pk: string | number }).pk ===
+                            (res as unknown as { pk: string | number }).pk
+                        );
+                    };
+                }
+
+                const selectedIndex = this.selectedElements.findIndex(comp);
+                if (selectedIndex > -1) {
+                    newSelected.push(res);
+                }
+                const expandedIndex = this.expandedElements.findIndex(comp);
+                if (expandedIndex > -1) {
+                    newExpanded.push(res);
+                }
             });
+            this.isLoading = false;
+            this.selectedElements = newSelected;
+            this.expandedElements = newExpanded;
+        } catch {
+            this.isLoading = false;
+        }
     }
 
     private renderLoading(): TemplateResult {

web/src/elements/wizard/Wizard.ts

@@ -63,6 +63,13 @@ export class Wizard extends ModalButton {
                     class="pf-c-button pf-m-plain pf-c-wizard__close"
                     type="button"
                     aria-label="${t`Close`}"
+                    @click=${() => {
+                        this.open = false;
+                        const firstPage = this.querySelector<WizardPage>(`[slot=${this.steps[0]}]`);
+                        if (firstPage) {
+                            this.currentStep = firstPage;
+                        }
+                    }}
                 >
                     <i class="fas fa-times" aria-hidden="true"></i>
                 </button>