tweak

.bumpversion.cfg

@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 2023.8.2
+current_version = 2023.8.1
 tag = True
 commit = True
 parse = (?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)

authentik/__init__.py

@@ -2,7 +2,7 @@
 from os import environ
 from typing import Optional
 
-__version__ = "2023.8.2"
+__version__ = "2023.8.1"
 ENV_GIT_HASH_KEY = "GIT_BUILD_HASH"
 
 

authentik/crypto/api.py

@@ -189,8 +189,6 @@ class CertificateKeyPairFilter(FilterSet):
 
     def filter_has_key(self, queryset, name, value):  # pragma: no cover
         """Only return certificate-key pairs with keys"""
-        if not value:
-            return queryset
         return queryset.exclude(key_data__exact="")
 
     class Meta:

authentik/crypto/tests.py

@@ -128,26 +128,8 @@ class TestCrypto(APITestCase):
         response = self.client.get(
             reverse(
                 "authentik_api:certificatekeypair-list",
-            ),
-            data={"name": cert.name},
-        )
-        self.assertEqual(200, response.status_code)
-        body = loads(response.content.decode())
-        api_cert = [x for x in body["results"] if x["name"] == cert.name][0]
-        self.assertEqual(api_cert["fingerprint_sha1"], cert.fingerprint_sha1)
-        self.assertEqual(api_cert["fingerprint_sha256"], cert.fingerprint_sha256)
-
-    def test_list_has_key_false(self):
-        """Test API List with has_key set to false"""
-        cert = create_test_cert()
-        cert.key_data = ""
-        cert.save()
-        self.client.force_login(create_test_admin_user())
-        response = self.client.get(
-            reverse(
-                "authentik_api:certificatekeypair-list",
-            ),
-            data={"name": cert.name, "has_key": False},
+            )
+            + f"?name={cert.name}"
         )
         self.assertEqual(200, response.status_code)
         body = loads(response.content.decode())
@@ -162,8 +144,8 @@ class TestCrypto(APITestCase):
         response = self.client.get(
             reverse(
                 "authentik_api:certificatekeypair-list",
-            ),
-            data={"name": cert.name, "include_details": False},
+            )
+            + f"?name={cert.name}&include_details=false"
         )
         self.assertEqual(200, response.status_code)
         body = loads(response.content.decode())
@@ -186,8 +168,8 @@ class TestCrypto(APITestCase):
             reverse(
                 "authentik_api:certificatekeypair-view-certificate",
                 kwargs={"pk": keypair.pk},
-            ),
-            data={"download": True},
+            )
+            + "?download",
         )
         self.assertEqual(200, response.status_code)
         self.assertIn("Content-Disposition", response)
@@ -207,8 +189,8 @@ class TestCrypto(APITestCase):
             reverse(
                 "authentik_api:certificatekeypair-view-private-key",
                 kwargs={"pk": keypair.pk},
-            ),
-            data={"download": True},
+            )
+            + "?download",
         )
         self.assertEqual(200, response.status_code)
         self.assertIn("Content-Disposition", response)
@@ -218,7 +200,7 @@ class TestCrypto(APITestCase):
         self.client.force_login(create_test_admin_user())
         keypair = create_test_cert()
         provider = OAuth2Provider.objects.create(
-            name=generate_id(),
+            name="test",
             client_id="test",
             client_secret=generate_key(),
             authorization_flow=create_test_flow(),

authentik/providers/saml/api/providers.py

@@ -13,9 +13,10 @@ from rest_framework.decorators import action
 from rest_framework.fields import CharField, FileField, SerializerMethodField
 from rest_framework.parsers import MultiPartParser
 from rest_framework.permissions import AllowAny
+from rest_framework.relations import SlugRelatedField
 from rest_framework.request import Request
 from rest_framework.response import Response
-from rest_framework.serializers import PrimaryKeyRelatedField, ValidationError
+from rest_framework.serializers import ValidationError
 from rest_framework.viewsets import ModelViewSet
 from structlog.stdlib import get_logger
 
@@ -167,8 +168,10 @@ class SAMLProviderImportSerializer(PassiveSerializer):
     """Import saml provider from XML Metadata"""
 
     name = CharField(required=True)
-    authorization_flow = PrimaryKeyRelatedField(
+    # Using SlugField because https://github.com/OpenAPITools/openapi-generator/issues/3278
+    authorization_flow = SlugRelatedField(
         queryset=Flow.objects.filter(designation=FlowDesignation.AUTHORIZATION),
+        slug_field="slug",
     )
     file = FileField()
 

authentik/providers/saml/tests/test_api.py

@@ -89,7 +89,7 @@ class TestSAMLProviderAPI(APITestCase):
                 {
                     "file": metadata,
                     "name": generate_id(),
-                    "authorization_flow": create_test_flow(FlowDesignation.AUTHORIZATION).pk,
+                    "authorization_flow": create_test_flow(FlowDesignation.AUTHORIZATION).slug,
                 },
                 format="multipart",
             )
@@ -106,7 +106,7 @@ class TestSAMLProviderAPI(APITestCase):
                 {
                     "file": metadata,
                     "name": generate_id(),
-                    "authorization_flow": create_test_flow().pk,
+                    "authorization_flow": create_test_flow().slug,
                 },
                 format="multipart",
             )

authentik/root/settings.py

@@ -402,6 +402,7 @@ LOG_PRE_CHAIN = [
     structlog.stdlib.add_logger_name,
     structlog.processors.TimeStamper(),
     structlog.processors.StackInfoRenderer(),
+    structlog.processors.format_exc_info,
 ]
 
 LOGGING = {
@@ -411,7 +412,7 @@ LOGGING = {
         "json": {
             "()": structlog.stdlib.ProcessorFormatter,
             "processor": structlog.processors.JSONRenderer(sort_keys=True),
-            "foreign_pre_chain": LOG_PRE_CHAIN + [structlog.processors.dict_tracebacks],
+            "foreign_pre_chain": LOG_PRE_CHAIN,
         },
         "console": {
             "()": structlog.stdlib.ProcessorFormatter,

docker-compose.yml

@@ -32,7 +32,7 @@ services:
     volumes:
       - redis:/data
   server:
-    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2023.8.2}
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2023.8.1}
     restart: unless-stopped
     command: server
     environment:
@@ -53,7 +53,7 @@ services:
       - postgresql
       - redis
   worker:
-    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2023.8.2}
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2023.8.1}
     restart: unless-stopped
     command: worker
     environment:

go.mod

@@ -26,7 +26,7 @@ require (
 	github.com/sirupsen/logrus v1.9.3
 	github.com/spf13/cobra v1.7.0
 	github.com/stretchr/testify v1.8.4
-	goauthentik.io/api/v3 v3.2023081.3
+	goauthentik.io/api/v3 v3.2023081.2
 	golang.org/x/exp v0.0.0-20230210204819-062eb4c674ab
 	golang.org/x/oauth2 v0.11.0
 	golang.org/x/sync v0.3.0

go.sum

@@ -1071,8 +1071,8 @@ go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqe
 go.opentelemetry.io/proto/otlp v0.15.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U=
 go.opentelemetry.io/proto/otlp v0.19.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U=
 go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A=
-goauthentik.io/api/v3 v3.2023081.3 h1:I/b325obiHESoJ+t2CbaGH7avSjtfvPxRQcNMsM2R/I=
-goauthentik.io/api/v3 v3.2023081.3/go.mod h1:sP1/Ak/vGw96xNgpyoObHgXfyAElcTN5CbbC+VdPQXk=
+goauthentik.io/api/v3 v3.2023081.2 h1:Mj5uqF/sEdcenZjWV+w/SvrLy8Un19vhjDek2DWmq/E=
+goauthentik.io/api/v3 v3.2023081.2/go.mod h1:sP1/Ak/vGw96xNgpyoObHgXfyAElcTN5CbbC+VdPQXk=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190422162423-af44ce270edf/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE=

internal/constants/constants.go

@@ -29,4 +29,4 @@ func UserAgent() string {
 	return fmt.Sprintf("authentik@%s", FullVersion())
 }
 
-const VERSION = "2023.8.2"
+const VERSION = "2023.8.1"

poetry.lock

@@ -552,13 +552,13 @@ test = ["pytest", "pytest-cov"]
 
 [[package]]
 name = "celery"
-version = "5.3.3"
+version = "5.3.1"
 description = "Distributed Task Queue."
 optional = false
 python-versions = ">=3.8"
 files = [
-    {file = "celery-5.3.3-py3-none-any.whl", hash = "sha256:d65c0be70d0949fcda8893876a071a7cfd9f248f9ad92e1919845e5cbc268db7"},
-    {file = "celery-5.3.3.tar.gz", hash = "sha256:bac90ef99b70b9b5b5d4cfcebf6f1ab5168b86c6120bc7c5814cd8234dfd9381"},
+    {file = "celery-5.3.1-py3-none-any.whl", hash = "sha256:27f8f3f3b58de6e0ab4f174791383bbd7445aff0471a43e99cfd77727940753f"},
+    {file = "celery-5.3.1.tar.gz", hash = "sha256:f84d1c21a1520c116c2b7d26593926581191435a03aa74b77c941b93ca1c6210"},
 ]
 
 [package.dependencies]
@@ -567,14 +567,14 @@ click = ">=8.1.2,<9.0"
 click-didyoumean = ">=0.3.0"
 click-plugins = ">=1.1.1"
 click-repl = ">=0.2.0"
-kombu = ">=5.3.2,<6.0"
+kombu = ">=5.3.1,<6.0"
 python-dateutil = ">=2.8.2"
 tzdata = ">=2022.7"
 vine = ">=5.0.0,<6.0"
 
 [package.extras]
-arangodb = ["pyArango (>=2.0.2)"]
-auth = ["cryptography (==41.0.3)"]
+arangodb = ["pyArango (>=2.0.1)"]
+auth = ["cryptography (==41.0.1)"]
 azureblockblob = ["azure-storage-blob (>=12.15.0)"]
 brotli = ["brotli (>=1.0.0)", "brotlipy (>=0.7.0)"]
 cassandra = ["cassandra-driver (>=3.25.0,<4)"]
@@ -594,7 +594,7 @@ msgpack = ["msgpack (==1.0.5)"]
 pymemcache = ["python-memcached (==1.59)"]
 pyro = ["pyro4 (==4.82)"]
 pytest = ["pytest-celery (==0.0.0)"]
-redis = ["redis (>=4.5.2,!=4.5.5,<5.0.0)"]
+redis = ["redis (>=4.5.2,!=4.5.5)"]
 s3 = ["boto3 (>=1.26.143)"]
 slmq = ["softlayer-messaging (>=1.0.3)"]
 solar = ["ephem (==4.1.4)"]
@@ -1876,13 +1876,13 @@ referencing = ">=0.28.0"
 
 [[package]]
 name = "kombu"
-version = "5.3.2"
+version = "5.3.1"
 description = "Messaging library for Python."
 optional = false
 python-versions = ">=3.8"
 files = [
-    {file = "kombu-5.3.2-py3-none-any.whl", hash = "sha256:b753c9cfc9b1e976e637a7cbc1a65d446a22e45546cd996ea28f932082b7dc9e"},
-    {file = "kombu-5.3.2.tar.gz", hash = "sha256:0ba213f630a2cb2772728aef56ac6883dc3a2f13435e10048f6e97d48506dbbd"},
+    {file = "kombu-5.3.1-py3-none-any.whl", hash = "sha256:48ee589e8833126fd01ceaa08f8a2041334e9f5894e5763c8486a550454551e9"},
+    {file = "kombu-5.3.1.tar.gz", hash = "sha256:fbd7572d92c0bf71c112a6b45163153dea5a7b6a701ec16b568c27d0fd2370f2"},
 ]
 
 [package.dependencies]
@@ -3441,13 +3441,13 @@ files = [
 
 [[package]]
 name = "selenium"
-version = "4.12.0"
+version = "4.11.2"
 description = ""
 optional = false
-python-versions = ">=3.8"
+python-versions = ">=3.7"
 files = [
-    {file = "selenium-4.12.0-py3-none-any.whl", hash = "sha256:b2c48b1440db54a0653300d9955f5421390723d53b36ec835e18de8e13bbd401"},
-    {file = "selenium-4.12.0.tar.gz", hash = "sha256:95be6aa449a0ab4ac1198bb9de71bbe9170405e04b9752f4b450dc7292a21828"},
+    {file = "selenium-4.11.2-py3-none-any.whl", hash = "sha256:98e72117b194b3fa9c69b48998f44bf7dd4152c7bd98544911a1753b9f03cc7d"},
+    {file = "selenium-4.11.2.tar.gz", hash = "sha256:9f9a5ed586280a3594f7461eb1d9dab3eac9d91e28572f365e9b98d9d03e02b5"},
 ]
 
 [package.dependencies]

pyproject.toml

@@ -113,7 +113,7 @@ filterwarnings = [
 
 [tool.poetry]
 name = "authentik"
-version = "2023.8.2"
+version = "2023.8.1"
 description = ""
 authors = ["authentik Team <hello@goauthentik.io>"]
 

schema.yml

@@ -1,7 +1,7 @@
 openapi: 3.0.3
 info:
   title: authentik
-  version: 2023.8.2
+  version: 2023.8.1
   description: Making authentication simple.
   contact:
     email: hello@goauthentik.io
@@ -38459,7 +38459,8 @@ components:
           minLength: 1
         authorization_flow:
           type: string
-          format: uuid
+          minLength: 1
+          description: Visible in the URL.
         file:
           type: string
           format: binary

web/package-lock.json

@@ -17,7 +17,7 @@
                 "@codemirror/theme-one-dark": "^6.1.2",
                 "@formatjs/intl-listformat": "^7.4.0",
                 "@fortawesome/fontawesome-free": "^6.4.2",
-                "@goauthentik/api": "^2023.8.1-1693565992",
+                "@goauthentik/api": "^2023.8.1-1693482391",
                 "@lit-labs/context": "^0.4.0",
                 "@lit-labs/task": "^3.0.2",
                 "@lit/localize": "^0.11.4",
@@ -2904,9 +2904,9 @@
             }
         },
         "node_modules/@goauthentik/api": {
-            "version": "2023.8.1-1693565992",
-            "resolved": "https://registry.npmjs.org/@goauthentik/api/-/api-2023.8.1-1693565992.tgz",
-            "integrity": "sha512-8NZ2/xdWH6n8nJaK6kuwa/emGz3Pr+YYEhLUB6b6QV37eJCw8OIKXmBhrYS/UNdcnUb5WKrgcSEYmgSIDvhVlg=="
+            "version": "2023.8.1-1693482391",
+            "resolved": "https://registry.npmjs.org/@goauthentik/api/-/api-2023.8.1-1693482391.tgz",
+            "integrity": "sha512-L+W/Gomj7dZLPHOT5dNvzGQDjxqHr3FpuzqR+cmSTOYKy7wM/ZuttqCXUw7+Dy4hu42JWgbktrbyZK43kPwNQA=="
         },
         "node_modules/@hcaptcha/types": {
             "version": "1.0.3",

web/package.json

@@ -34,7 +34,7 @@
         "@codemirror/theme-one-dark": "^6.1.2",
         "@formatjs/intl-listformat": "^7.4.0",
         "@fortawesome/fontawesome-free": "^6.4.2",
-        "@goauthentik/api": "^2023.8.1-1693565992",
+        "@goauthentik/api": "^2023.8.1-1693482391",
         "@lit-labs/context": "^0.4.0",
         "@lit-labs/task": "^3.0.2",
         "@lit/localize": "^0.11.4",

web/src/common/constants.ts

@@ -3,7 +3,7 @@ export const SUCCESS_CLASS = "pf-m-success";
 export const ERROR_CLASS = "pf-m-danger";
 export const PROGRESS_CLASS = "pf-m-in-progress";
 export const CURRENT_CLASS = "pf-m-current";
-export const VERSION = "2023.8.2";
+export const VERSION = "2023.8.1";
 export const TITLE_DEFAULT = "authentik";
 export const ROUTE_SEPARATOR = ";";
 

website/blog/2023-08-31-announcing-the-authentik-enterprise-release/item.md

@@ -1,5 +1,5 @@
 ---
-title: Announcing the authentik Enterprise release!
+title: “Announcing “the authentik Enterprise release!”
 slug: 2023-08-31-announcing-the-authentik-enterprise-release
 authors:
     - name: Jens Langhammer
@@ -28,7 +28,7 @@ This Enterprise version is available in Preview mode in our latest release, 2023
 
 This is an exciting step for us, as we grow the team and the company and our user base. We officially became a company just last fall (I wrote about it in November 2022, in “[The next step for authentik"](../2022-11-02-the-next-step-for-authentik/item.md)), and this release is another move forwards in maturing authentik into the SSO and identity management app of choice.
 
-One thing we want to acknowledge, up front, is that we would never have been able to achieve this goal without the years of support from our open source community. You all helped build authentik into what it is today, and that’s why all of our Enterprise-level features will be open core and source available, always.
+One thing we want to acknowledge up front is that we would never have been able to achieve this goal without the years of support from our open source community. You all helped build authentik into what it is today, and that’s why all of our Enterprise-level features will be open core and source available, always.
 
 ![](./image1.png)
 
@@ -51,6 +51,6 @@ Check out our Enterprise documentation for information about creating and managi
 -   [Manage you Enterprise account](../docs/enterprise/manage-enterprise)
 -   [Support for Enterprise accounts](../docs/enterprise/entsupport)
 
-In future releases, we will be adding additional Enterprise features, including RBAC support, inbuilt remote desktop access, and an authentik mobile app for multi-factor authentication.
+In future releases, we will be adding additional Enterprise features, including RBAC support, authentication for remote desktop access, and an authentik mobile app for multi-factor authentication.
 
 For this preview release of authentik Enterprise, we’d like to hear from you; thoughts and suggestions, questions, any specific direction that you’d like to see the Enterprise version focus on? Contact us at [hello@goauthentik.io](mailto:hello@goauthentik.io).

website/docs/releases/2023/v2023.8.md

@@ -124,18 +124,6 @@ image:
 -   web: fix notification drawer scrolling (#6675)
 -   web/admin: fix version link to release notes (#6676)
 
-## Fixed in 2023.8.2
-
--   core: make groups' parent_name nullable as it might not be set (#6700)
--   crypto: fix certificate has_key filter (#6727)
--   events: fix missing application names from most used applications (#6689)
--   policies/reputation: fix reputation not expiring (#6714)
--   providers/oauth2: fix incorrect scope permissions shown (#6696)
--   providers/saml: fix SAML metadata import API requiring flow slug inst… (#6729)
--   root: expand exception logging (#6690)
--   web/admin: clear other options depending on what the binding targets (#6703)
--   web/admin: fix ak-toggle-group for policy and blueprint uses (#6687)
-
 ## API Changes
 
 #### What's New

website/src/css/custom.css

@@ -135,3 +135,6 @@ body {
 .navbar-sidebar__items {
     background-color: var(--ifm-color-primary);
 }
+.navbar-sidebar__items .menu__link {
+    color: var(--white);
+}

website/src/pages/index.jsx

@@ -63,8 +63,8 @@ function Home() {
                                 <div>with a unified platform.</div>
                             </h1>
                             <p className="hero__subtitle">
-                                Unify all of your identity needs into a single
-                                platform
+                                authentik is an open-source Identity Provider
+                                focused on flexibility and versatility
                             </p>
                             <div className={styles.buttons}>
                                 <Link